Frequently Asked Questions: F-PROT Professional for NetWare
Q I want to install F-PROT Professional for NetWare for the first time on all our servers. What is the best way to proceed?
A First, copy the files to each server using the process described in Chapter 2 of the manual; then, use RCONSOLE to load F-PROT and edit the AUTOEXEC.NCF file to load F-PROT every time the server is rebooted.
Q One of our workstations was disabled because a virus was found. How do I enable it again now that we have removed the virus?
A There are two ways. One is at the Server Console by typing "F-PROT Enable Connection". In order to do this, you need to know the connection number, which may be found on the F-PROT Log or the system log. The other is within the FPN Administration program under the Advanced option.
Q I copied the disk with FPN to the File Server, but I did not use the install program. It doesn't seem to be working. Now what?
A It is important to use the install program because it creates the necessary file structure. Assuming that you copied the files to SYS:SYSTEM, to fix this you must create the directory SYS:SYSTEM \F-PROT. After you create this, you must move the SIGN.DEF and ENGLISH.TX0 files to it and then load F-PROT. (If you copied to a directory other than SYS:SYSTEM, see chapter 4 of the FPN manual.)
Q In scan settings under skip options, there is a check-box which allows you to skip compressed files. What type of compression does FPN recognize?
A Currently this refers to Novell's 4.x compressed files only.
Q Where can I get the CLIB FPN requires?
A Command Software Systems has these on the BBS and FTP. It may also be obtained from Novell's FTP or CompuServe site.
Q I installed the CLIB, but I am still getting a request for a newer version. Now what?
A Verify that the required CLib module and all its support modules are in the SYS:SYSTEM directory. If, for some reason, you have chosen to run CLib out of a directory other than SYS:SYSTEM then you MUST either remove all CLib modules from SYS:SYSTEM and set a search path, or manually load CLib BEFORE any module using it.
If you have not set a search path then you must specify the path, e.g., assume you placed LibUp8 in SYS:SYSTEM\CLIB, you must place the following command in your AUTOEXEC.NCF before any modules using CLib are loaded: LOAD CLIB\CLIB or LOAD SYS:SYSTEM\CLIB\CLIB Note: The SEARCH will not work in this case unless ALL CLib modules have been removed for SYS\SYSTEM. Even with a search command active NetWare will search SYS:SYSTEM first.
While the new CLib is probably on disk, it most likely is not loaded into memory. Use the "Modules" command to verify that the required CLib is loaded. If not then you must load it. There are two ways to do this: The first, and recommended, way is to down the server and bring it back up. If this is not desirable, then you must unload CLib. This becomes a problem because every module using CLib must also be unloaded and reloaded after CLib is reloaded.
To determine which modules will need to be unloaded type "UNLOAD CLIB". NetWare will provide a list of modules referencing CLib. Unload those modules then unload CLib again. It is possible that some of those modules will require other modules to be unloaded as well.
Be sure to keep a list of modules you have unloaded so you can insure they all get reloaded. Also insure that the proper CLib is loaded before you proceed.
Q Will FPN work with NetWare's SFT III?
A We do not support it at the present, but we expect to in the near future.
Q What is the SAP Type for FPN?
Q An infected file has been copied to the server. Does F-Prot stop the copy?
A NO. Files are not scanned immediately on close. Instead they are placed in a special mode for five minutes. If they are opened during this five minute window they will be scanned immediately; otherwise they will be scanned at the end of the five minute window. This action is taken to preserve the performance of the file server. After a file is closed the user is done with it and there is no reason to penalize or delay the user while the file is being scanned. On the other hand, if the file is accessed (opened) by that user or any other user, the file will be scanned immediately and the requesting user will be momentarily delayed.
Q At the server console, is there a way to view the include/exclude list?
A YES! Use the F-PROT Console Commands which allow you to display the settings of all the scan types. (See Chapter 4 of the FPN manual: Console Commands)
Q Could you explain how real-time scans work? I'm not sure I understand Opens and Closes?
A There are three NetWare events which, under certain conditions, will trigger a real-time scan:
Q I have "Scan on Opens" disabled but the real-time scan statistics indicate that files are being scanned on open. What's going on?
A If "Scan on Closes" is enabled and a file is opened which is in the F-PROT queue waiting to be scanned (i.e., it is opened within the five minute window) it will automatically be scanned when opened and the statistics will indicate this.
Q Can someone explain how FPN deploys from server to server? How will it ultimately be able to update workstations?
A There are two answers for this. First, FPN uses a script file to COPY from server to server. FPN must be running on the source and target servers. The script enable the target server to unload the engine and reload the server (F-PROT.NLM) and/or the engine (VSEngine.NLM).
Second, FPN will not be able to update the workstations. Tha requires an appllication running on the workstation, e.g. a TSR. What FPN will be able to do is update a product on the sever, i.e., if FPN Administration or F-PROT Professional for Windows 95 is installed on a common directory on several server, the FPN could update those directories. It would not be able to reload those applications on the workstation.
Q Is there a way I can have different scans on different servers within the same domain?
A Yes and no. The intent of domains is to have the same configuration on multiple servers. There is one exception to this rule. In the Include/Exclude lists you can specify paths with a server name. Those paths are only used on the specified sever.
On the other hand, it is certainly possible to set up a configuration change for one or more severs in the domain and simply delete the other servers before deploying. However, this creates a few issues to watch out for:
Q We have decided to combine two domains which are somewhat different. Any suggestions on the best way to do that?
A Select the server which is configured the closest to what you want and make it your primary server. Then add all servers to the domain and use the "Synchronize FPN Servers" selection, from the "Advanced" menu.
Q Is F-PROT Professional for NetWare NDS aware? What about AlertTrack?
A F-PROT Professional for NetWare is bindery independent. It does not need to be NDS (NetWare Directory Services) aware. It was specifically designed this way so we did not need to have a different version for each version of NetWare. With AlertTrack Lite, however, we need to be sure customers are either installing the AlertTrack NLM on a 3.x server or on a 4.1 server using bindery emulation. Also, workstations using the VLM requester need to use the /B parameter to log in to NW 4.1 to have bindery mode.
Q Will F-PROT for NetWare work with Novell�s Green River?
A Yes, F-PROT Professional for NetWare is compatible with NetWare 4.11 (Green River).
Q Will F-PROT Professional for NetWare allow you to skip files which were previously scanned?
A Yes, this is a particularly helpful time saving feature which can be enabled if you would like to use it. As long as the files have not been modified, they will not be scanned again. If, however the scan engine has been unloaded the files will be scanned again. This safeguard prevents a file from becoming infected while the engine was unloaded and also ensures that files are checked for new viruses when you receive an update.