README FIRST! Command AntiVirus for DOS

Command AntiVirus for DOS
Command Software is proud to introduce Command AntiVirus 
version 4.58.3 with HoloCheck(tm) scanning technology. Our 
HoloCheck scanning technology detects tens of thousands 
of viruses and includes improved polymorphic virus detection.
NOTE:  After installing Command AntiVirus, we recommend that you 
perform a manual scan of your local drives to ensure that your 
system is virus-free. This is especially important if you have 
not been running anti-virus software prior to this installation.
For a list of international distributors of Command AntiVirus,
see the DISTRIB.TXT file.
The file called FILEINFO.TXT is a list of file descriptions and files
that have changed since the previous release.
Please read the CSAV for DOS Quick Start Guide that is included with
the installation files. It provides installation instructions and an
overview of Command AntiVirus for DOS. To read the Quick Start Guide,
open the file named QCKSTDOS.TXT.
Notes on Command AntiVirus (CSAV) for DOS version 4.58.3
Scan engine enhancements have been added to this component release.
None for this release.
None for this release.
Notes on Command AntiVirus (CSAV) for DOS version 4.58.0
New virus signatures have been added in this release. This includes
signatures for detecting more than 200 new trojans.
The following improvements have been made to the scan engine:
- CSAV now detects malicious or destructive Java code (Java Trojans).
- The handling of script viruses is improved. This includes VBScript 
  viruses and ASCII-based viruses.
- CSAV now scans file attachments in Rich Text Format (.RTF) files.
  When scanning from the command line, use the /ARCHIVE switch.
- CSAV now disinfects Office 2000 signed documents.
- Scanning of the following is now supported:
    - OLE1 embedding (embedded files in WordPad and Microsoft 
      Word 6)
    - WordPerfect 2000 (.WPD) files
    - Lotus worksheets (.WKS) files
    - LX (OS/2) files as well as the detection of all OS/2 viruses.
- Some boot sector related disinfection problems have been fixed. The 
  most notable fixes involve disinfecting the Urkel and the
  Frankenstein viruses.
- PowerPoint scanning is improved. The disinfection process is revised. 
  However, the disinfection of objects embedded in PowerPoint documents is 
  still not possible.
- CSAV features improved scanning in Windows 32-bit programs resulting
  in higher rates of detection and fewer false positives.
- Memory scanning is improved.
The following file types are now hard-coded into CSAV's virus scans 
and are scanned by default:
   GMS, CSC, WPD, WK?, DVB, WBT, and CDR
Some command-line scans using the /TODAY switch would not scan on 
the first boot of the following day. This was caused by CSAV's use of
Greenwich Mean Time rather than local time. This has been fixed.
Some IBM ThinkPad computers have difficulty running Command AntiVirus
for DOS. The problem appears to be related to a system file, CARDXTND.SYS, 
that is not produced by Command Software. You will need to disable 
CARDXTEND.SYS to get CSAV to work on computers that are running this file.
The self-extracting file called SE_EICAR.EXE is no longer included with
the installation files. You can download this file from our web 
site at:
When you run this file, a test file, EICAR.COM (from European 
Institute for Computer Anti-Virus Research), is extracted from it.
Notes on Command AntiVirus (CSAV) for DOS version 4.57.4
A new virus definition file, SIGN2.DEF, is now included with Command 
AntiVirus. This file provides virus signatures for a variety of 
scripting viruses and trojans.
None for this release.
None for this release.
Notes on Command AntiVirus (CSAV) for DOS version 4.57.3
New virus signatures have been added in this release including
detection and disinfection for the Melissa.U, Melissa.V and Infis 
viruses and many new Trojan Horses.
Scan engine enhancements include disinfection of infected .VBS files
by deletion.
No fixes for this release.
Notes on Command AntiVirus (CSAV) for DOS version 4.57.1
New virus signatures have been added in this release. This includes 
the ability to detect and disinfect the Monopoly virus.
A new file, NOMACRO.DEF, has been added to the installation files.
This file is used in the creation of the Command AntiVirus rescue
disks. NOMACRO.DEF will be updated when you download new virus
definition files.
Scan engine General Protection Faults that occurred when CSAV 
disinfected user macros have been fixed. 
Modifications have been made to the code behavior monitoring process
to correct occurrences of false positives. 
Due to the size of the virus definition files, it is no longer
possible to perform a pre-installation scan from Command AntiVirus
Installation Disk #2. After installing Command AntiVirus, we 
recommend that you perform a manual scan of your local drives
to ensure that your system is virus-free.
The Command AntiVirus rescue disk process now involves two phases. 
The first phase focuses on recovery by detecting and removing any
executable, boot sector, and MBR-infecting viruses that inhibit or 
prevent system startup. After successful recovery, the second phase
focuses on scanning and disinfecting all remaining virus-infected
files, for example, macro virus-infected files. To assure a 
successful rescue, you MUST perform both phases.
To perform Phase One:
   1. Turn off your computer for at least 15 seconds.
   2. Place a virus-free, write-protected boot disk into 
      drive A and reboot your computer. 
      NOTE: If you are prompted to enter a new date and a
            new time, press ENTER for each one.    
   3. Replace the boot disk with CSAV Rescue Disk 1. 
   4. At the A prompt, type the following and press ENTER:
            f-prot /hard /disinf
      If any viruses are detected, allow CSAV to disinfect them.
   5. Proceed to Phase Two.
To perform Phase Two:
   1. Remove CSAV Rescue Disk 1 from drive A.
   2. Reboot your computer as normal.
   3. Use Command AntiVirus to perform a scan of your local hard
      drives. This scan detects and disinfects any remaining
      virus-infected files on your computer.
After completing the Phase Two scan, you can return to computing
as normal.
Notes on Command AntiVirus (CSAV) for DOS Version 4.57
New virus signatures have been added in this release.
Command AntiVirus now includes expanded protection for the following:
   A. CorelDraw -- The newly discovered CorelDraw virus is now detected.
      The .CSC CorelDraw-related extension is now scanned by default.
   B. MacOffice -- Viruses in MacOffice documents can be detected and
      disinfected. However, as the Macintosh(tm) operating system is
      not directly supported by Command AntiVirus, detection is
      possible only when the infected Macintosh Office documents
      are scanned in a DOS or Windows-based environment. For example,
      if you have a floppy disk with infected MacOffice documents
      on it, you can disinfect these documents by using CSAV
      to scan the floppy disk.
   C. Microsoft Office 97 -- The .MPT, .WBK and .MSO extensions are now
      scanned by default.
   D. Office 2000 -- The heuristics scan engine has been modified so
      that it now detects some native Office 2000 viruses.
   E. PowerPoint 97 -- PowerPoint 97 viruses are now detected and
      disinfected. The .PP?, .POT, and .PWZ PowerPoint 97 file types
      are now scanned by default.
An additional generic virus detector has been added. This detector
allows Command AntiVirus to detect approximately 14,000 more
"generic viruses." This brings the total number of viruses detected
by Command AntiVirus to just over 39,500.
The CSAV scanners have been optimized to provide better protection
against "New Executable" file viruses and VxD viruses. Improvements
have also been made to reduce the occurrence of false positives.
If you open an infected Microsoft Office 97 document in Microsoft
Office 2000, our HoloCheck scan engine will detect the infection.
Documents converted to Office 2000 format from Office 97 format
can be disinfected. Currently, disinfecting an Office 2000 document
consists of removing all macros from the document.
Files that do not have a file name extension are now scanned 
by default.
The virus list is now generated from the CSAV definition
files on your system. This allows you to view the names of all
computer viruses that are handled by Command AntiVirus. To always
have the latest Virus Information list, be sure to keep your
MACRO.DEF and SIGN.DEF files up-to-date. To view the virus list,
change to the directory containing F-PROT.EXE and, on the command 
line, type the following and press ENTER:
     f-prot /virlist |more
None for this release.
None for this release.
Notes on Command AntiVirus for DOS (CSAV)
Version 4.54 SP2 (Service Pack 2)
New virus signatures have been added in this release.
The following default extensions have been added: .VXD and .386.
The following default extensions have been removed: .APP and PGM.
When scanning in disinfect mode, sometimes the message 
"Virus could not be removed" would appear in the output window. 
Since the file was not infected, the error message was incorrect. 
Notes on Command AntiVirus for DOS (CSAV)
Version 4.54 SP1 (Service Pack 1)
New virus signatures have been added in this release.
SCR (screen saver) and RTF (Rich Text Format) files are now
scanned by default. SCR files are scanned because they
are susceptible to some Windows 95/98 viruses. RTF files are
scanned because infected DOC files that have had their extensions 
changed to "RTF" can still infect other Word documents and
CSAV now scans for ASCII-based viruses such as BAT viruses, 
JavaScript viruses and malicious applications, and VBScript viruses.
CSAV also detects mIRC scripts containing malicious code.
Better detection for Excel macro and field viruses has been added.
The scanning of MDB files is improved. 
Disinfection for polymorphic viruses such as W97M/Class that are 
found in the wild is new and improved. Selective disinfection allows
you to remove the macro virus and all traces of the disinfection
process. In password-protected documents, CSAV removes the virus but 
leaves traces of the disinfection process behind. In both instances,
the original document is preserved. 
None for this release.
To update Command AntiVirus with this service pack, you must 
run the service pack's SETUP.EXE program. Note that only the 
components that require updating will be modified. 
Notes on Command AntiVirus for DOS version 4.54
New virus signatures have been added for this release.
The scan engine has been optimized for faster scanning.
This includes faster scanning of a wider variety of compound
files such as Microsoft Word and Excel files.
Command AntiVirus for DOS now detects Java viruses and Access 97
viruses. Disinfection ability will be added in an upcoming release.
Additional support for compressed executable files has been added. 
Specifically, compressed executables are scanned in memory. This 
allows for faster overall scans of compressed files.
None in this release.
If you are using F-PROT.EXE in your Windows 95/98 AUTOEXEC.BAT,
you may encounter difficulties getting into the operating
system. This situation may be the result of a video driver
problem. To correct the situation, modify your AUTOEXEC.BAT
so that the DOS "mode co80" command appears immediately before
and after the "F-PROT" command. For example:
	MODE co80
        MODE co80
The Command AntiVirus rescue disk is no longer bootable.
To disinfect with that disk, boot from a clean DOS
boot disk, insert the rescue disk and, at the command
line, use the following command:
	f-prot /hard /disinf
For information regarding the functionality of Command Software 
products with regard to the Year 2000 issue, please visit our 
web site at:
Notes on Command AntiVirus for DOS (CSAV) version 4.52
New virus signatures have been added for this release.
If F-PROT.EXE used the /TODAY switch and encountered a corrupt
F-PROT.DAT file, scanning would repeat unnecessarily. This situation
has been fixed.
Occasionally, after a scan configured to list all files and scan
archives had been completed, rebooting via the ESC key resulted
in boot errors. The errors would appear only when the scan had been
configured from within the CSAV for DOS graphical user interface.
The boot error problem has been fixed.
A problem involving the /SAFEREMOVE switch not disinfecting properly
has been resolved. The switch now functions correctly when used with
the required /DISINF switch.
If you have installed F-PROT for DOS under Windows 95/98 and your
AUTOEXEC.BAT file contains the line "F-PROT /hard /today", you may
encounter either system freezes or extraneous characters on
your display.  To correct those problems, modify your AUTOEXEC.BAT
so that the DOS "mode" command appears immediately before and after
the "F-PROT" command.  For example:
	MODE co80
        MODE co80
Notes on Command AntiVirus for DOS (CSAV) version 4.51
Command AntiVirus boasts our HoloCheck(tm) scanning technology,
providing the most up-to-date virus prevention. The most important
benefits of this technology are:
  *  Simplified updates. You can now update the SIGN.DEF and
     Macro.def files (which contain the most current virus signatures)
     without re-installing all of the components. This method adds
     speed and efficiency to the new version of Command AntiVirus.
  *  Superior polymorphic virus detection. CSAV now offers
     unparalleled protection and elimination of polymorphic viruses
     including the dreaded Morphine, Anxiety and Spanska.
  *  Scanning of embedded (OLE) documents. Not only do we scan
     documents, but if an infected document is embedded in an Excel
     spreadsheet or PowerPoint document, Command AntiVirus will catch
     it and save you from becoming infected.
  *  Support for nested zip files. New virus signatures have been added
     in this release.
F-MACRO.EXE is now part of every scanner and is therefore not needed
as a separate utility.
The Automatic Update feature is not available for the DOS product.
The DOS installation no longer installs CSAV for Windows. As of this
release, CSAV for Windows 3.1x is available as a separate product.
The ability to add user-defined strings is not supported by the
new design of CSAV.  The architecture of our HoloCheck technology makes
this feature obsolete without compromising protection.
We recommend that you do not enable Scan All Network Drives from any
of our workstation products as performance on busy servers may be
adversely affected by the additional network traffic.
It is recommended that you reboot immediately after installation because
any other drive letter that you might change to will not be afforded
virus protection until you do so. After the reboot, all drive letters
will be protected.
Also, until you reboot, the addition of C:\F-PROT to the path does not
take affect.  In the interim, CSAV for DOS can only be run from the C:\F-PROT
With this version of CSAV for DOS, VIRSTOP is no longer available. All
references to VIRSTOP and its associated programs should be removed from
batch files. Older versions of VIRSTOP are not compatible with
CSAV version 4.51.
Command will support SE_UTIL through 12/1/98.  After that date,
customers can continue to use the utility, though we will no longer
update it.
Notes on Command AntiVirus for DOS/Windows (CSAV) v.4.00
New virus signatures have been added in this release.
Command AntiVirus contains a completely new Dynamic Virus
Protection (DVP) scheme. The new DVP is a virtual device driver
that replaces the combined functionality of the F-AGENT.EXE,
F-PROTW.CFG, A-PROT.EXE, and FPROTW.386 files. Prior to this
release, configuring F-PROT Professional's DVP consisted of
running DVPSET ADMIN and then making changes the desired
changes in the "F-PROT DVP Settings" dialog box. That
procedure is no longer necessary as Command AntiVirus 4.00's
DVP settings are accessed through the Active Protection tab
found in the Options menu.
Difficulty in getting INSTALL to run from a network directory
has been fixed. The problem involved receiving calls for disk 1 of 3
and then not allowing the installation to complete.
When the /REPORT switch is used with FP.EXE, the F-MACRO
report is automatically appended to the original report.
Prior to this release, the original report was
CSAV is an abbreviation for "Command AntiVirus" -- the new name of
our anti-virus product line. Prior to the name change, the product
line was referred to as "Command's F-PROT Professional."
The Automatic Update feature that is documented in the Command
AntiVirus for DOS and Windows Users Manual is not available
in this version of CSAV. That feature will be included as a
product enhancement in a future release.
32-bit file access may not work with VLM's, CLIENT32 and NETX.
We will revert to 16-bit file access when necessary. Investigation
on this issue is ongoing, but we felt the advantages of
full 32-bit VxD, in terms of stability and speed, were more
important to our customers.
For Client32 users: In DOS, use VIRSTOP2.EXE instead of VIRSTOP.EXE.
Copy VIRSTOP2.EXE from the installation disks to the
F-PROT directory. If you reference VIRSTOP.EXE in your AUTOEXEC.BAT
you will need to change the call to VIRSTOP2.EXE. The options for
VIRSTOP2.EXE are limited. To view the list of options type
VIRSTOP2 /? at a DOS prompt. If you are experiencing any
difficulties, please contact Technical Support.
When VSHARE.386 is disabled in SYSTEM.INI file and SHARE.EXE
is launched from AUTOEXEC.BAT, an "Unable to Load Macro.def"
error message could appear.  This is a configuration and resource issue.
VSHARE is the newer of the two programs and it is the preferred driver.
If you must use SHARE for compatibility with older software, its parameters
may need to be adjusted.  For more details, please contact the
vendor of the product that requires SHARE.
Selected Notes from previous versions of Command's F-PROT Professional
In an effort to reduce the size of the readme files we remove most of
the notes from older versions as they become less relevant. We leave
certain notes which are still pertinent.
In order to run the FPWCFG.EXE program, you must have CTL3D.DLL in the
current working directory with FPWCFG.EXE or the DLL must be in the
Windows\System directory.  CTL3D.DLL is copied to the CSAV
directory upon installation.
Please report any virus incidents to [email protected]
Some helpful files are:
SE_EICAR.EXE -- a program that mimics a virus in order to demonstrate how
CSAV (formerly Command's F-PROT Professional) reacts to real viruses, and
SE_UTIL.EXE a utility for multi-platform users. SE_UTIL.EXE contains its
own readthis.bat file for viewing and instructions. These files are located
on the installation diskettes.
If you use File Assist from Norton Desktop for Windows, File | Scan
Directory will not correctly switch drives when you type it into the
File to Scan field.
If you have a NetWare server that is infected with a master boot
sector virus, do not use CSAV (formerly Command's F-PROT Professional) to
disinfect immediately. Instead, boot to a clean system DOS disk and use
FIXDISK.EXE to save an image.  After getting the image, use CSAV to disinfect.
If you can't access your NetWare partitions after disinfection,
run FIXDISK.EXE again to undo the image that you just saved.
Please call technical support at 800/423-9147 and arrange to send
us the image for manual disinfection.  This procedure is
necessary due to the way NetWare overrides the stealthing
function of viruses by not making changes to the original master
boot sector.  When this happens, CSAV will overwrite the partitions.
Command Software Systems has greatly expanded its technical support to
include a variety of electronic services. You may contact us at any one
of the following:
Command Software Systems, Inc.
1061 E. Indiantown Rd., Suite 500
Jupiter, FL  33477
   Voice: 561/575-3200 9:00 am to 5:00 pm EST.
     Fax: 561/575-3026
     Internet E-mail: [email protected]
World Wide Web:
In Europe, contact:
Command Software Systems, Inc.
European Headquarters
Ground Floor
Millbank Tower
London SW1P 4QP
If dialing from within the UK:
   Voice: 020 7 931-9301
     FAX: 020 7 931-9302 
If dialing from outside the UK:
   Voice: +44 20 7 931-9301
     FAX: +44 20 7 931-9302
Internet: [email protected]
          [email protected]
          [email protected]  









1061 East Indiantown Road · Suite 500
Jupiter · FL   33477