ESET NOD32 ANTIVIRUS - FOR NOVELL NETWARE SERVER, NOD32 User Manual

NOD32 for Novell Netware Server

User Guide

ENNL1-02

Copyright © 2003 ESET

1. Introduction

This User Guide describes the usage of NOD32 for Novell Netware Server ­its installation, loading/unloading of the resident protection, configuration,
scanning with the on-demand scanner and updating.

2. Installation

Create a directory named NOD32 on volume SYS: and copy the following files
into it:

AMON.NLM
NOD32.NLM
NOD32.000

3. Loading and unloading the resident antiviral
protection (AMON)

To load AMON, use the following command on the system console:

LOAD SYS:NOD32/AMON

To unload AMON from memory, use the following command:

UNLOAD AMON

1

4. Configuration

The Amon switches

If you need to change the default settings of AMON, create a configuration file
SYS:NOD32/AMON.CFG. Each line may contain one of the following switches
(one switch per line):

• -onread+ - enables testing files being read (default setting)

• -onread- - disables testing files being read

• -onwrite+ - enables testing files being created and modified

(default setting)

• -onwrite- - disables testing files being created and modified

• -onrename+ - enables testing files being renamed (default

setting)

• -onrename- - disables testing files being renamed

• -all - enables testing files with any extension (default

setting)

• -all- - allows testing of the files with default extensions

only

• -recipient=USER1,USER2... - when an infiltration is detected,
AMON sends a message to all users in the list. It is possible to list
several users delimited by a comma. To prevent message flood in case
of massive system infection, AMON sends one message each 30
seconds at the maximum

• -notify - when an infiltration is detected, AMON sends a

message to the user who attempted to access the
infected file

The following switches are identical with switches used in NOD32 for
DOS and Windows:

• -pattern

• -log

• -logappend

• -logrewrite

2

• -clean

• -rename

• -delete

• -heur

• -heursafe

• -heurist

• -herded

5. The log

When enabled (i.e.. the Log switch log- is not used), AMON logs the
detection of all infiltrations with the verbose description of the available details
into the file SYS:/NOD32/AMON.LOG. This information is also displayed on
the screen.

6. How to use the antiviral on-demand scanner NOD32

To run NOD32 enter the command as follows:

LOAD SYS:NOD32/NOD32 [parameters] [path list]

Parameters of NOD32.NLM

NOD32 is a program controlled from within command line. It allows you to
scan drives or directories and clean possible virus infiltration.

Parameter list:

• -? -h –help -displays the list of parameters with

descriptions

• -subdir+ -enables testing of subdirectories (default

setting)

• -subdir- -disables testing of subdirectories

• -pack+ -enables testing of internally compressed

files

• -pack- -enables testing of internally compressed

files (default setting)

• -arch+ -enables testing of archives (ZIP, RAR, ARJ,

LZH, LHA)

• -arch- -enables testing of archives (ZIP, RAR, ARJ,

LZH, LHA) (default setting)

3

• -pattern+ -enables testing using virus signature(default

setting)

• -pattern- -disables testing using virus signatures

• -heur+ -enables heuristics (default setting)

• -heur- -disables heuristics

• -heursafe -sets heuristics sensitivity to Safe

• -heurstd -sets heuristics sensitivity to Standard

(default setting)

• -heurdeep -sets heuristics sensitivity to Deep

Cleaning:

• -clean -cleans the infected files automatically (if

applicable)

• -prompt -displays a dialog on every infected file

• -rename -renames the infected files

• -delete -deletes the infected files

Log:

• -log+ -enables logging to file (default setting)

• -log- -disables logging to file

• -logappend -enables log file append option (default

setting)

• -logrewrite -enables log file overwriting

• -list+ -lists all scanned objects in log

• -list- -lists only infected objects in log (default

setting)

• -log=<FILENAME> -sets the log name

4

7. Updating the NOD32 for Novell with NOD32UPD

Introduction

NOD32UPD is a module of the NOD32 anti-virus system providing command
line update

of the anti-virus system (NOD32). The “Command Line Updater“
works on all operating systems supported by NOD32. In particular, it works on
Windows 95/98/ME/NT/2000, Dos, Novell Netware and Linux.
The module can also be applied to update a remote computer (e.g. a server).

IMPORTANT NOTE! Recently, a new generation of NOD32 for Windows has
been released (also known as "version 2"). The format of its mirror folder has
changed. Therefore we provide a new tool, NOD32UP2.NLM for updating
from V2 mirror.
When updating from the mirror created with NOD32 version 1 please refer to
the section “Application of NOD32UPD“
When updating from the mirror created with NOD32 version 2, then please
refer to the section “Application of NOD32UPD2“
The examples using NOD32UPD in this document are valid also for
NOD32UPD2 except the section “Application of NOD32UPD“

NOTE 1:There are three types of updates/upgrades of NOD32 system:

• Upgrade of the program (sometimes referred to as the “update of the
executables” or “environment upgrade”)

• Update of the database/s: a/ incremental, b/ cumulative

NOD32UPD supports all three types of actualization.

NOTE 2: The term “Target Computer” used in this Manual has the following
meaning:

A computer with NOD32 anti-virus system that is to be updated using
NOD32UPD.

Requirements (to run the NOD32UPD)

To run NOD32UPD:

• NOD32 (program - environment version 1.023 or higher) has to be
installed on the Target Computer
Computer running NOD32UPD module must have access privileges to
the directory with the Update Files. The Update Files can be
downloaded preferably using NOD32 Control Center module in the
administrator’s mode or, alternatively, manually (using your NOD32
username and password) from:

5

www.nod32.com/download/engine/mod_base.nup - the base of the

virus database and

www.nod32.com/download/engine/mod_inc.nup - the increment of the

virus database

(Both files are needed to download to create the mirror correctly)

These Update Files are downloaded (either via NOD32 Control Center
or manually) to the Mirror Directory (created by the administrator).
NOD32UPD can then update the Target Computer from this Mirror
Directory.

Application of NOD32UPD (when updating from the mirror
created with NOD32 version 1)

Introduction

This section describes the updating procedure when updating from the mirror
created with NOD32 version 1.

NOTE: The updating procedure when updating from the mirror created with
NOD32 version 2 is described in the section “Application of NOD32UPD2“
below

Procedure

NOD32UPD can be executed via a batch file. Hence, it can run without any
user intervention and is controlled by means of the command lines
parameters only. After its execution, the module returns a Return Value that
may be subject to further processing. Before using NOD32UPD, please, read
applicable information corresponding to a specific operating system included
below.

To run the NOD32UPD module it “needs to know”: a/ where the update files
are located, b/ where the NOD32 system (to be updated is) and, c/ what are
the desired command line parameters. These three items are specified in a
command line having the following syntax:

NOD32UPD mirror [directory] [parameters]

• mirror has to be replaced with the name of the directory (path)
containing the Update Files (update source). Access to this directory
must be available from the computer running NOD32UPD program,
hence, it either has to be a local disk or a network directory available
for a program executed from a command line.

• directory specifies a particular directory containing installation of
NOD32 system to be updated. This parameter is necessary in case of

6

a remote update otherwise (in case of the update of a local NOD32
installation) this parameter is absent and the selected target directory is
the one containing NOD32UPD.

• parameters – see the following section:

Parameters

Parameters are used to control NOD32UPD program. All standard parameters
(including their syntax and effect/s) are listed below:

/update (use –update on Novell and linux platforms)
Provides update of a target NOD32 installation, if necessary. If this parameter
is not used, NOD32UPD lists all available update files and update options of
the target installation.

/minimal

Provides update of the NOD32 system necessary to support efficient use of
the latest virus database. If this parameter is not used, all available updates
are performed.

/period=n

This parameter triggers update attempts every n minutes.

/show_retvals

Use of this parameter returns all possible return values with a brief comment,
without carrying out any update routines.

/help or /?

Returns the list of all program parameters with a brief comment, without
carrying out any update.

Special parameters

Under very special circumstances

parameters listed below can be applied.

However, limit the use of these parameters, if other option/s is/are available.

Warning:
Incorrect use of the parameters listed in this section may have an
adverse effect on the functionality of NOD32 system installed on the
target computer. Read the sections below describing potential adverse
effects before applying the parameters.

/no_setup

Upgrade of the NOD32 program (for some platforms) is not limited to a simple
replacement of the files (on the disk). The upgrade involves changes to the
system performed by an executable utility supplied with the update itself. In
case such a utility is an integral part of the update files, its execution (for a

7

local update) is done automatically and, for a remote update via NOD32UPD,
the NOD32UPD program ends up with a return value of 108.
In case the Update files do not contain the executable update utility,
NOD32UPD overwrites the files of the target NOD32 installation with the
current (new) versions.
The use of the no_setup parameter (for a local update) causes that the
update (executable) utility is disregarded and the update is limited to a simple
replacement of the relevant files, (without execution of the utility).

Potential problems:
The use of no_setup parameter to update a system with running resident
module (AMON) might disable resident protection. Therefore, the use of this
parameter (if necessary) should only be used for systems using the on­demand (non-resident) scanner.

An alternative parameter, that might be used in place of no_setup is the
/minimal. Use of /minimal will (in most cases) enable the update of the

virus database only (no update program is executed).

/force

This parameter has a similar effect as the no_setup parameter described
above. It can be used in cases of an update of a remote system (when the
update includes the executable update utility) and NOD32UPD returns the
value of 108 (error message). Use of the /force parameter results in
completion of the update by forcing the NOD32UPD to overwrite the relevant
files. Use of this parameter may result in similar problems as those discussed
in conjunction with no_setup parameter (see the above section).

/no_signature

All update files downloaded from any ESET Software Update Server/s are
digitally signed to avoid fraud. Use of the Update files that are not signed with
a valid signature results in termination of the NOD32UPD program (return
error value: “107”). Use of the no_signature parameter will allow
application of the Update file/s the signature of which could not be verified.

NOTE: If only a path to update files is specified without further parameters,
a list of update files in the specified directory as well as update options
will be depicted

Return Values

NOD32UPD return values give information of the termination status of the
update process. The return parameters with values less than 100 indicate the
update has been completed successfully. Such values are listed for
information purposes only.
Return values equal or bigger than 100 indicate an error that has occurred
during the update process.

8

List of the Return Values and their meaning:

0

OK

1

Current version is installed on the target computer. The Mirror (source)
directory does not contain a newer version of NOD32.

2

NOD32 anti-virus system has been successfully updated to a newer version.

3

NOD32 anti-virus system has been successfully updated to a newer version.
Update of the program (environment) has also been completed. In case the
resident modules (e.g. AMON) are running, the system has to be rebooted to
ensure full functionality of the Updated NOD32 system.

4

Update of NOD32 is available. Note: This return value could be received if
NOD32UPD is executed without the /update parameter.

Error Messages:

100

Error reading disk occurred.

101

Update file is damaged.

102

Error writing to the disk occurred.

103

Error occurred upon execution of the Update utility.

104

Error occurred during execution of the Update utility.

105

Version incompatibility error: Update is not compatible with the currently
installed program version.

106

Attempt to use incorrect database update file.

9

107

Error occurred replacing the updated file. This could happen if a file to be
updated is running during the update process.

108

The target NOD32 system needs to be updated on the computer where it is
installed. Remote update is not possible.

109

The target NOD32 system does not exist or is damaged. Check the Path and,
if correct, reinstall NOD32 system using installation file.

110

Error occurred writing information on the updated version.

111

Update failed – insufficient memory.

112

Update file is not signed by a valid digital signature.

Application of NOD32UPD2 (from the mirror created with
NOD32 version 2)

Introduction

This section describes the updating procedure when updating from the mirror
created with NOD32 version 2.

NOTE: The updating procedure when updating from the mirror created with
NOD32 version 1 is described in the section “Application of NOD32UPD“
above

Migration from v1 to v2

The command line arguments have not changed much. After migrating your
mirror from V1 to V2, replacing NOD32UPD.NLM with NOD32UP2.NLM
should work fine, e.g.:

LOAD SYS:/NOD32UP2.NLM DATA1:/NOD_UPD/ -update -period=60

will update the signatures from V2 mirror located in DATA1:/NOD_UPD/
every 60 minutes.

There are some changes (in the NOD32UPD2) in the return values and in the
error messages (see below).

10

Procedure

NOD32UPD2 can be executed via a batch file. Hence, it can run without any
user intervention and is controlled by means of the command lines
parameters only. After its execution, the module returns a Return Value that
may be subject to further processing. Before using NOD32UPD2, please, read
applicable information corresponding to a specific operating system included
below.

To run the NOD32UPD2 module it “needs to know”: a/ where the update files
are located, b/ where the NOD32 system (to be updated is) and, c/ what are
the desired command line parameters. These three items are specified in a
command line having the following syntax:

NOD32UPD2 mirror [directory] [parameters]

• mirror has to be replaced with the name of the directory (path)
containing the Update Files (update source). Access to this directory
must be available from the computer running NOD32UPD2 program,
hence, it either has to be a local disk or a network directory available
for a program executed from a command line.

• directory specifies a particular directory containing installation of
NOD32 system to be updated. This parameter is necessary in case of
a remote update otherwise (in case of the update of a local NOD32
installation) this parameter is absent and the selected target directory is
the one containing NOD32UPD2.

• parameters – see the following section:

Parameters

Parameters are used to control NOD32UPD2 program. All standard
parameters (including their syntax and effect/s) are listed below:

/update (use –update on Novell and linux platforms)
Provides update of a target NOD32 installation, if necessary. If this parameter
is not used, NOD32UPD2 lists all available update files and update options of
the target installation.

/minimal

Provides update of the NOD32 system necessary to support efficient use of
the latest virus database. If this parameter is not used, all available updates
are performed.

/period=n

This parameter triggers update attempts every n minutes.

11

/show_retvals

Use of this parameter returns all possible return values with a brief comment,
without carrying out any update routines.

/help or /?
Returns the list of all program parameters with a brief comment, without
carrying out any update.

Special parameter

Under very special circumstances

parameter listed below can be applied.

However, limit the use of this parameter, if other option/s is/are available.

Warning:
Incorrect use of the parameter listed in this section may have an adverse
effect on the functionality of NOD32 system installed on the target
computer.

/no_signature

All update files downloaded from any ESET Software Update Server/s are
digitally signed to avoid fraud. Use of the Update files that are not signed with
a valid signature results in termination of the NOD32UPD2 program (return
error value: “112”). Use of the no_signature parameter will allow
application of the Update file/s the signature of which could not be verified.

Return Values

NOD32UPD2 return values give information of the termination status of the
update process. The return parameters with values less than 100 indicate the
update has been completed successfully. Such values are listed for
information purposes only.
Return values equal or bigger than 100 indicate an error that has occurred
during the update process.
List of the Return Values and their meaning:

0

OK

1

Your NOD32 Antivirus System is already up-to-date

2

NOD32 Antivirus System has been updated successfully

3

A newer NOD32 Antivirus System update has been found

12

Error Messages:

100

Error reading disk occurred.

101

Update file is damaged.

102

Error writing to the disk occurred.

103

Virus signature update file damaged

104

Error replacing the currently installed file

105

NOD32 Antivirus System is not installed at the specified location or its
installation is damaged

106

Low memory

107

File not signed with a valid digital signature

108

No update files found

How/Where the Update files can be acquired

Automatic Internet download using NOD32 Control Center

CASE: the target computer is connected to a LAN. LAN contains a Windows
computer.
SOLUTION:
Use the version of NOD32 Control Center in the mode of administrator on the
Windows computer. The Control Center in the mode of the administrator can
be set to create the source update files in a predefined directory within LAN.
The newly created (by the Control Center) files are often referred to as the
“Update Mirror”). The Update Mirror has to be created in a directory that can
be accessed from the Target Computer. Mirror Setup dialog (in the Control
Center) also allows selection of different platforms to be updated (incl.
language versions).

13

NOTE:
If a Windows computer is available, but the Target Computer is not connected
to the Windows computer (by means of LAN), then the Update Mirror files can
be transferred to the Target Computer by an alternative approach (e.g. using
floppy disk/s).

Manual Internet download.

If the NOD32 Control Center cannot be used to create the Update Mirror files
via Internet automatically, the files can be downloaded manually from:

www.nod32.com/download/engine/mod_base.nup

- the base of the virus

database and

www.nod32.com/download/engine/mod_inc.nup - the increment of the virus

database

(Both files are needed to download to create the mirror correctly)

Update without access to Internet

In this case, the NOD32 installation CD needs to be used. The Update files
are located in the UPD_INFO directory of the latter CD.

Updating particular OS – notes

Windows 95/98/ME/NT/2000

The use of NOD32 Control Center for update is the best option. NOD32
provides immediate application of the updated virus databases in all resident
modules. It is necessary that the update is executed on the Target Computer
itself. (i.e. NOD32 Control Center needs to run on the Target Computer.) It is
equally important to run the update process with the same operating system
as is the one used during NOD32 initial installation. It is, for example, not
possible to update NOD32 for Windows using a command line update, without
the Windows system actually running on the Target Computer.

DOS

Update of NOD32 for DOS (NOD32DOS) is straightforward. If the update is
performed upon computer restart and the Update Mirror files are located on a
network disk, make sure the network drivers are loaded before the update
attempt is started.

14

Novell Netware

NOD32 for Netware can either be updated directly via NOD32UPD.NLM or,
remotely, from an admin computer. In case of a remote update of the virus
databases or the program (return value 2 or 3), the resident module -

AMON.NLM needs to be restarted: (execute: UNLOAD AMON.NLM and: LOAD
AMON.NLM)

Linux

Available with the installation package.

Examples of update using NOD32UPD

Full update of NOD32 for DOS from a network disk.

Case: NOD32DOS is installed in C:\NOD32\ directory, Update Mirror is
located in network disk G:, directory: NOD_UPD, full update required. In such
case, the following command can be executed (e.g. within the login-script):

C:\NOD32\NOD32UPD.EXE G:\NOD_UPD\ /update

Update of NOD32 for Netware from a server system console

Case: NOD32 for Netware is installed on disk SYS: and in NOD32 directory.
Update files are located on disk DATA1, in NOD_UPD directory. The full update
will be triggered using the following command:

LOAD SYS:/NOD32/NOD32UPD.NLM DATA1:/NOD_UPD/ -update

Regular update of NOD32 for Netware from a system console every 6
hours.

If the same paths can be used as in 6.2, the command to provide desired
update is as follows:

LOAD SYS:/NOD32/NOD32UPD.NLM DATA1:/NOD_UPD/ -update ­period=360

Minimal update of NOD32 for Netware from a system admin console

In case we can use the same paths as in the previous two cases and: the disk

SYS: is mapped to local disk F:, the disk DATA1: is mapped to a local disk
G: and the NOD32UPD (corresponding to the operating system running on

the admin machine) is located in C:\NOD32\ , the update can be performed
using (e.g.) the following .bat file:

15

C:\NOD32\NOD32UPD G:\NOD_UPD\ F:\NOD32\ /update /minimal
IF ERRORLEVEL 4 GOTO END
IF ERRORLEVEL 3 GOTO RESTART
GOTO END
:RESTART
ECHO NOD32 program has been updated on the server.
ECHO Restart of the resident modules is necessary.
PAUSE
:END

The above program (.bat file) will do the following:
If the new database is available, corresponding files on the server are updated
without the need to restart anti-virus protection; if a restart is necessary, the
administrator is notified.

8. Contacting Technical Support

Eset provides the technical support for NOD32 customers worldwide. If you
need help, or just have a question, or comment please feel free to contact us
at:

http://www.nod32.com/support/

16