README FIRST! Command AntiVirus for Windows (CSAV)

Command AntiVirus for Windows (CSAV)
Command Software is proud to introduce Command AntiVirus
version 4.58.3 with our HoloCheck(tm) scanning technology.
Our HoloCheck scanning technology detects tens of thousands
of viruses and includes improved polymorphic virus detection.
NOTE:  After installing Command AntiVirus, we recommend that
you perform a manual scan of your local drives to ensure that your
system is virus-free. This is especially important if you have not
been running anti-virus software prior to this installation.
For a list of international distributors of Command AntiVirus, see
the DISTRIB.TXT file.
The file called FILEINFO.TXT is a list of file descriptions and files
that have changed since the previous release.
Please read the Multi-Platform Quick Start Guide that is included
with the installation files. It provides installation instructions
and an overview of Command AntiVirus for all platforms.
The MQCKST.PDF file contains the Multi-Platform Quick Start Guide.
This file can be read with the Adobe(r) Acrobat(r) Reader that is
included on the Command AntiVirus CD. For instructions on how to
install Acrobat Reader, see the README.TXT file that is located
in the ADOBE folder on the CD.
Acrobat Reader is not included with the downloadable versions
of Command AntiVirus. You can download Acrobat Reader from
Adobe Systems Incorporated through our web site at
Notes on Command AntiVirus for Windows (CSAV) version 4.58.3
Scan engine enhancements have been added to this component release.
Performance issues were reported in relation to the default scanning of
self-extracting files in Command AntiVirus 4.58. In CSAV 4.58.3,
self-extracting files are no longer scanned by default. However, Dynamic
Virus Protection (DVP) scans the contents of the self-extracting file when
the files are extracted. In addition, the .EXE portion of the self-extracting file
is scanned by default.
NOTE:  To scan the contents of self-extracting files in zipped form, we
            recommend that you perform an on-demand or scheduled scan of
            Packed Files during off-peak hours. To scan self-extracting and
            packed files select the Packed Files check box in the Targets
            to Scan dialog box.
None for this release.
Notes on Command AntiVirus for Windows (CSAV) version 4.58.0
New virus signatures have been added in this release. This includes
signatures for detecting more than 200 new trojans.
The following improvements have been made to the scan engine:
- CSAV now detects malicious or destructive Java code (Java Trojans).
- The handling of script viruses is improved. This includes VBScript
  viruses and ASCII-based viruses.
- CSAV now scans file attachments in Rich Text Format (.RTF) files.
  In the Command AntiVirus GUI, select the "Zip Files" option in
  the "Properties" dialog box. If scanning from the command line, use
  the /ARCHIVE switch.
- CSAV now disinfects Office 2000 signed documents.
- Scanning of the following is now supported:
    - OLE1 embedding (embedded files in WordPad and Microsoft
      Word 6)
    - WordPerfect 2000 (.WPD) files
    - Lotus worksheets (.WKS) files
    - LX (OS/2) files as well as the detection of all OS/2 viruses.
- Some boot sector related disinfection problems have been fixed. The
  most notable fixes involve disinfecting the Urkel and the
  Frankenstein viruses.
- PowerPoint scanning is improved. The disinfection process is revised.
  However, the disinfection of objects embedded in PowerPoint documents is
  still not possible.
- CSAV features improved scanning in Windows 32-bit programs resulting
  in higher rates of detection and fewer false positives.
- Memory scanning is improved.
- Disinfection of infected .VBS files  by deletion is now supported.
CSAV now uses a new installation process. The dialog boxes that
appear throughout the installation will be different than in previous versions
of the CSAV. If you need help with the new installation process, see the
"CSAV for Windows" chapter in the Multi-Platform Quick Start Guide.
In the [Setup] section of the SETUP.INI file, if SILENT= is set to
NO (the default), a normal interactive installation takes place. If it is
set to YES, the installation will still display dialog boxes as well as
the installation progress bar. However, the installation will not require
any user interaction.
Completely silent installations are now possible through the automatic update process.
To enable silent installations, locate the [Automatic  Update] section in the SETUP.INI
file. In that section, change the COMMAND= line to COMMAND=-S and save your
The following file types are now hard-coded into CSAV's virus scans
and are scanned by default:
   GMS, CSC, WPD, WK?, DVB, WBT, and CDR
These file types are displayed in the Files to Scan dialog box and they
cannot be deleted. You can exclude any file type from scans by entering
its extension into the Files to Exclude dialog box. Although the extension
still appears in the Files to Scan dialog box, files with that extension will
not be scanned.
NOTE:  You can now add up to 20 user-defined file types in CSAV's Files to Scan
            dialog box.
A new virus definition file, SIGN2.DEF, is now included with Command
AntiVirus. This file provides virus signatures for a variety of
scripting viruses and trojans.
The retrieval of downloaded CSAV files through the automatic update
process has been enhanced. If the BaseDir key in the CSSFILES.INI file
already exists, CSAV will attempt to use the directory path that
is specified. However, if the BaseDir key does not exist,
CSAV will no longer create one.
If the subdirectory specified by the BaseDir key in the previous
CSSFILES.INI file exists, the files are deployed to that location.
If it does not exist, CSAV creates and uses the following hard-coded
platform-based directories:
       CSAV for Windows(r) NT(r) Server 3.51		0000
       CSAV for Windows NT Workstation 3.51		0100
       CSAV for Windows NT Server 4.0			0200
       CSAV for Windows NT Workstation 4.0		0300
       CSAV for Windows 3x				0400
       CSAV for Windows 95				0500
The following is an example of the path names to the automatic update
directory and its program-generated subdirectories for a full-product
update of CSAV for Windows 3x:
The automatic update feature now updates the CSSFTP.EXE and F-AGENT.EXE
Some command line scans using the /TODAY switch would not scan on
the first boot of the following day. This was caused by CSAV's use of
Greenwich Mean Time rather than local time. This has been fixed.
The self-extracting file called SE_EICAR.EXE is no longer included with the
installation files. You can download this file from our web site at:
When you run this file, a test file, EICAR.COM (from European
Institute for Computer Anti-Virus Research), is extracted from it.
Notes on Command AntiVirus for Windows (CSAV) version 4.57.1
New virus signatures have been added in this release. This includes
the ability to detect and disinfect the Monopoly virus.
A new file, NOMACRO.DEF, has been added to the installation files.
This file is used in the creation of the Command AntiVirus rescue
disks. NOMACRO.DEF will be updated when you download new virus
definition files.
Scan engine General Protection Faults that occurred when CSAV
disinfected user macros have been fixed.
Modifications have been made to the code behavior monitoring process
to correct the occurrences of false positives.
Command AntiVirus now uses certain functions provided by
Microsoft OLE. As a result, CSAV now installs only if your system is
using OLE. If the CSAV installation process determines that your
system requires OLE, you are presented with the OLE 2.03 Setup
Program dialog box. You MUST click the "Continue" button in that
dialog box to complete CSAV's installation successfully. If your
system already has all the necessary Microsoft components, you
will not be prompted by CSAV to install OLE.
Due to the size of the virus definition files, it is no longer possible to
perform a pre-installation scan from Command AntiVirus Installation
Disk #2. After installing Command AntiVirus, we recommend that
you perform a manual scan of your local drives to ensure that your
system is virus-free.
The Command AntiVirus rescue disk process now involves two phases.
The first phase focuses on recovery by detecting and removing any
executable, boot sector, and MBR-infecting viruses that inhibit or
prevent system startup. After successful recovery, the second phase
focuses on scanning and disinfecting all remaining virus-infected
files, for example, macro virus-infected files. To assure a
successful rescue, you MUST perform both phases.
To perform Phase One:
   1. Turn off your computer for at least 15 seconds.
   2. Place a virus-free, write-protected boot disk into
       drive A and reboot your computer.
       NOTE: If you are prompted to enter a new date and a
                 new time, press ENTER for each one.
   3. Replace the boot disk with CSAV Rescue Disk 1.
   4. At the A prompt, type the following and press ENTER:
                 f-prot /hard /disinf
       If any viruses are detected, allow CSAV to disinfect them.
   5. Proceed to Phase Two.
To perform Phase Two:
   1. Remove CSAV Rescue Disk 1 from drive A.
   2. Reboot your computer as normal.
   3. Use Command AntiVirus to perform a scan of your local hard
       drives. This scan detects and disinfects any remaining
       virus-infected files on your computer.
After completing the Phase Two scan, you can return to computing
as normal.
Notes on Command AntiVirus for Windows (CSAV) version 4.57
New virus signatures have been added in this release.
Command AntiVirus now includes expanded protection for the following:
   A. CorelDraw -- The newly discovered CorelDraw virus is now detected.
       The .CSC CorelDraw-related extension is now scanned by default.
   B. MacOffice -- Viruses in MacOffice documents can be detected and
       disinfected. However, as the Macintosh(tm) operating system is
       not directly supported by Command AntiVirus, detection is
       possible only when the infected Macintosh Office documents
       are scanned in a DOS or Windows-based environment. For example,
       if you have a floppy disk with infected MacOffice documents
       on it, you can disinfect these documents by using CSAV
       to scan the floppy disk.
   C. Microsoft Office 97 -- The .MPT, .WBK and .MSO extensions are now
       scanned by default.
   D. Office 2000 -- The heuristics scan engine has been modified so
       that it now detects some native Office 2000 viruses.
   E. PowerPoint 97 -- PowerPoint 97 viruses are now detected and
       disinfected. The .PP?, .POT, and .PWZ PowerPoint 97 file types
       are now scanned by default.
An additional generic virus detector has been added. This detector
allows Command AntiVirus to detect approximately 14,000 more
"generic viruses." This brings the total number of viruses detected
by Command AntiVirus to just over 39,500.
The CSAV scanners have been optimized to provide better protection
against "New Executable" file viruses and VxD viruses. Improvements
have also been made to reduce the occurrence of false positives.
If you open an infected Microsoft Office 97 document in Microsoft
Office 2000, our HoloCheck scan engine will detect the infection.
Documents converted to Office 2000 format from Office 97 format
can be disinfected. Currently, disinfecting an Office 2000 document
consists of removing all macros from the document.
Installations (including silent installations) no longer display
the CSAV splash screen.
The Virus Information list is now generated from the CSAV definition
files on your system. This allows you to view the names of all
computer viruses that are handled by Command AntiVirus. To always
have the latest Virus Information list, be sure to keep your
definition files up-to-date.
The About CSAV for Windows item in the Help menu now displays the
release dates of the MACRO.DEF and SIGN.DEF virus definition files. This
information also appears in the report window that displays when you start
a virus scan.
Files that do not have a file name extension are now scanned by default.
None for this release.
None for this release.
Notes on Command AntiVirus for Windows (CSAV)
Version 4.54 SP2 (Service Pack 2)
New virus signatures have been added in this release.
The following default extensions have been added: .VXD and .386.
The following default extensions have been removed: .APP and .PGM.
When scanning in disinfect mode, sometimes the message
"Virus could not be removed" would appear. Since the file was not
infected, the error message was incorrect.
Notes on Command AntiVirus for Windows (CSAV)
Version 4.54 SP1 (Service Pack 1)
New virus signatures have been added in this release.
SCR (screen saver) and RTF (Rich Text Format) files are now
scanned by default. SCR files are scanned because they
are susceptible to some Windows 95/98 viruses. RTF files are
scanned because infected DOC files that have had their extensions
changed to "RTF" can still infect other Word documents and
CSAV now scans for ASCII-based viruses such as BAT viruses,
JavaScript viruses and malicious applications, and VBScript viruses.
CSAV also detects mIRC scripts containing malicious code.
Better detection for Excel macro and field viruses has been added.
The scanning of MDB files is improved.
Disinfection for polymorphic viruses such as W97M/Class that are
found in the wild is new and improved. Selective disinfection allows
you to remove the macro virus and all traces of the disinfection
process. In password-protected documents, CSAV removes the virus but
leaves traces of the disinfection process behind. In both instances,
the original document is preserved.
None for this release.
To update Command AntiVirus with this service pack, you must run
the service pack's SETUP.EXE program. Note that only the
components that require updating will be modified.
If you plan to update to CSS Central version 1.04, update all
client stations to Command AntiVirus version 4.54 prior to performing
the CSS Central update. This allows you to avoid complications
that can arise due to changes that were made to the communication
port settings in CSS Central version 1.04.
Notes on Command AntiVirus for Windows (CSAV) version 4.54
New virus signatures have been added for this release.
The scan engine has been optimized for faster scanning.
This includes faster scanning of a wider variety of compound
files such as Microsoft Word and Excel files.
Command AntiVirus for Windows now detects Java viruses and Access 97
viruses. Disinfection ability will be added in an upcoming release.
Additional support for compressed executable files has been added.
Specifically, compressed executables are scanned in memory. This
allows for faster scans of compressed files.
Modifications have been made to the CSAV communication sub-system.
This allows for increased reliability in downloading
Command AntiVirus update files from the Command Software
Systems FTP site.
When a manual (on-demand) scan was selected and the CANCEL
button was clicked before the scan initiated, the button
would disappear but the scan would continue. This is fixed.
Microsoft Access (MDB) database files are now scanned by default.
If you determine that real-time scans are noticeably slower, remove
the .MDB extension from the Files To Include list. Then, create a
scan task and periodically scan all the files in your Microsoft
Access folders.
Due to space requirements, the Command AntiVirus rescue disk
is no longer bootable. To disinfect with this disk, boot from
a clean DOS boot disk, insert the rescue disk and, at the
command line, use the following command:
	f-prot /hard /disinf
To provide flexible multi-language support, the following
files are now included in the product:
	FPROTLNG.DLL -- now used instead of ENGLISH.TX0
	DVP31LNG.DLL -- English language file for DVP
CSAV for Windows no longer uses the ENGLISH.TX0 file.
For information regarding the functionality of Command Software
products with regard to the Year 2000 issue, please visit
our web site at:
Notes on Command AntiVirus for Windows (CSAV) version 4.52
New virus signatures have been added in this release.
Some issues with CSAV for Windows' Automatic Update feature
have been addressed and corrected:
   1. Occasional problems with Automatic Update not properly
      launching SETUP.EXE for the "Full Setup" option have
      been fixed.
   2. Difficulty in updating the DVP31.EXE file has been
   3. After a Full Setup, Automatic Update was not properly
      updating definition files (*.DEF).  The updates now
      take place correctly.
None for this release.
Notes on Command AntiVirus for Windows (CSAV) version 4.51
Command AntiVirus boasts our HoloCheck(tm) scanning technology,
providing the most up-to-date virus prevention. The most important
benefits of this technology are:
  *  Simplified updates. You can now update the SIGN.DEF file
     (the file that contains the most current virus signatures)
     without reinstalling all of the components. This method adds
     speed and efficiency to the new version of Command AntiVirus.
  *  Superior polymorphic virus detection. CSAV now offers
     unparalleled protection and elimination of polymorphic viruses
     including the dreaded Morphine, Anxiety and Spanska.
  *  Scanning of embedded (OLE) documents. Not only do we scan
     documents, but if an infected document is embedded in an Excel
     spreadsheet or PowerPoint document, Command AntiVirus will catch
     it and save you from becoming infected.
  *  Support for nested zip files.
New virus signatures have been added in this release.
F-MACRO.EXE is no longer included as a separate utility since all
of its features are now incorporated into the main scanner.
The Automatic Update feature has been added in this release. Once the new
version  of Command AntiVirus is installed, you will be able to implement this
powerful, yet easy-to-use capability to keep your Windows 3.1x workstations
updated with the most recent product and signature file updates. Complete
details for implementing this feature are available in the new Command AntiVirus
for Windows manual, which is available on the CD or from our web site.  Printed
copies are available for purchase.
The ability to add user-defined strings is not supported by the
new design of CSAV.  The architecture of our HoloCheck technology makes
this feature obsolete without compromising protection.
We recommend that you do not enable Scan All Network Drives from any
of our workstation products as performance on busy servers may be adversely
affected by the additional network traffic.
Due to changes in the functionality of the scan engine, the tab for
Memory Scanning under Options|Active Protection now only shows
one option. When enabled, the first 640k of memory will be scanned.
With this version of CSAV for DOS, VIRSTOP is no longer available. All
references to VIRSTOP and its associated programs should be removed from
batch files. Older versions of VIRSTOP are not compatible with
CSAV version 4.51.
Media such as Jazz drives are reported by different operating systems
as either Fixed or Removable media. Because of this, they cannot be
classified by Command AntiVirus as one or the other. Jazz drives will
be scanned when Scan All Hard Drives is selected or by the creation of
specific tasks.
We have improved the performance of the on-access scanner so that
MS Mail attachments are scanned on open.  Previous versions of CSAV
only detected infections in attachments on file close.
Due to the introduction of CSS Central, SE_UTIL will be phased out.
Command will support SE_UTIL through 12/1/98.  After that date,
customers can continue to use the utility though we will no longer
update it.
Notes on Command AntiVirus for DOS/Windows (CSAV) v.4.00
New virus signatures have been added in this release.
Command AntiVirus contains a completely new Dynamic Virus
Protection (DVP) scheme. The new DVP is a virtual device driver
that replaces the combined functionality of the F-AGENT.EXE,
F-PROTW.CFG, A-PROT.EXE, and FPROTW.386 files. Prior to this
release, configuring F-PROT Professional's DVP consisted of
running DVPSET ADMIN and then making changes the desired
changes in the "F-PROT DVP Settings" dialog box. That
procedure is no longer necessary as Command AntiVirus 4.00's
DVP settings are accessed through the Active Protection tab
found in the Options menu.
Difficulty in getting INSTALL to run from a network directory
has been fixed. The problem involved receiving calls for disk 1 of 3
and then not allowing the installation to complete.
When the /REPORT switch is used with FP.EXE, the F-MACRO
report is automatically appended to the original report.
Prior to this release, the original report was over-written.
CSAV is an abbreviation for "Command AntiVirus" -- the new name of
our anti-virus product line. Prior to the name change, the product
line was referred to as "Command's F-PROT Professional."
The Automatic Update feature that is documented in the Command
AntiVirus for DOS and Windows Users Manual is not available
in this version of CSAV. That feature will be included as a
product enhancement in a future release.
32-bit file access may not work with VLM's, CLIENT32 and NETX.
We will revert to 16-bit file access when necessary. Investigation
on this issue is ongoing, but we felt the advantages of
full 32-bit VxD, in terms of stability and speed, were more
important to our customers.
For Client32 users: In DOS, use VIRSTOP2.EXE instead of VIRSTOP.EXE.
Copy VIRSTOP2.EXE from the installation disks to the
F-PROT directory. If you reference VIRSTOP.EXE in your AUTOEXEC.BAT
you will need to change the call to VIRSTOP2.EXE. The options for
VIRSTOP2.EXE are limited. To view the list of options type
VIRSTOP2 /? at a DOS prompt. If you are experiencing any
difficulties, please contact Technical Support.
When VSHARE.386 is disabled in SYSTEM.INI file and SHARE.EXE
is launched from AUTOEXEC.BAT, an "Unable to Load Macro.def"
error message could appear.  This is a configuration and resource issue.
VSHARE is the newer of the two programs and it is the preferred driver.
If you must use SHARE for compatibility with older software, its parameters
may need to be adjusted.  For more details, please contact the
vendor of the product that requires SHARE.
Selected Notes from previous versions of Command's F-PROT Professional
In an effort to reduce the size of the readme files we remove most of
the notes from older versions as they become less relevant. We leave
certain notes which are still pertinent.
In order to run the FPWCFG.EXE program, you must have CTL3D.DLL in the
current working directory with FPWCFG.EXE or the DLL must be in the
Windows\System directory.  CTL3D.DLL is copied to the CSAV
directory upon installation.
Please report any virus incidents to [email protected]
Some helpful files are:
SE_EICAR.EXE -- a program that mimics a virus in order to demonstrate how
CSAV (formerly Command's F-PROT Professional) reacts to real viruses, and
SE_UTIL.EXE a utility for multi-platform users. SE_UTIL.EXE contains its
own readthis.bat file for viewing and instructions. These files are located
on the installation diskettes.
If you use File Assist from Norton Desktop for Windows, File | Scan
Directory will not correctly switch drives when you type it into the
File to Scan field.
If you have a NetWare server that is infected with a master boot
sector virus, do not use CSAV (formerly Command's F-PROT Professional) to
disinfect immediately. Instead, boot to a clean system DOS disk and use
FIXDISK.EXE to save an image.  After getting the image, use CSAV to disinfect.
If you can't access your NetWare partitions after disinfection,
run FIXDISK.EXE again to undo the image that you just saved.
Please call technical support at 800/423-9147 and arrange to send
us the image for manual disinfection.  This procedure is
necessary due to the way NetWare overrides the stealthing
function of viruses by not making changes to the original master
boot sector.  When this happens, CSAV will overwrite the partitions.
Command Software Systems has greatly expanded its technical support to
include a variety of electronic services. You may contact us at any one
of the following:
Command Software Systems, Inc.
1061 E. Indiantown Rd., Suite 500
Jupiter, FL  33477
   Voice: 561/575-3200 9:00 am to 5:00 pm EST.
     Fax: 561/575-3026
     Internet E-mail: [email protected]
World Wide Web:
In Europe, contact:
Command Software Systems, Inc.
European Headquarters
Ground Floor
Millbank Tower
London SW1P 4QP
If dialing from within the UK:
   Voice: 020 7 931-9301
     FAX: 020 7 931-9302
If dialing from outside the UK:
   Voice: +44 20 7 931-9301
     FAX: +44 20 7 931-9302
Internet: [email protected]
             [email protected]
             [email protected]









1061 East Indiantown Road · Suite 500
Jupiter · FL   33477