Sophos ANTI-VIRUS user manual

Sophos Anti-Virus for OpenVMS

user manual

Document date: November 2009

Sophos Anti-Virus for OpenVMS user manual

About this manual

This user manual describes Sophos Anti-Virus for OpenVMS. It explains
how to

 install Sophos Anti-Virus

 use Sophos Anti-Virus

 configure Sophos Anti-Virus

 disinfect files from viruses

 update Sophos Anti-Virus.

Sophos documentation is published at www.sophos.com/support/docs/.

2

Sophos Anti-Virus for OpenVMS user manual

Contents

About Sophos Anti-Virus for OpenVMS 5

Installation

1 Installing Sophos Anti-Virus on OpenVMS 10

Using and configuring Sophos Anti-Virus

2 Using and configuring VSWEEP 18

3 Disinfection 36

Updates

4 Updating Sophos Anti-Virus 40

Glossary and index

Glossary 42

Index 46

Technical support 48

3

Sophos Anti-Virus for OpenVMS user manual

4

Sophos Anti-Virus for OpenVMS user manual

About Sophos Anti-Virus for OpenVMS

This section contains information about installing and updating Sophos
Anti-Virus on OpenVMS.

If you have workstations connected to the OpenVMS server, contact Sophos

technical support for advice on installing Sophos Anti-Virus on the network.

What is Sophos Anti-Virus?

Sophos Anti-Virus is software that can

 detect viruses

 report virus finds to specified locations

 disinfect viruses.

Sophos Anti-Virus can run on single computers or entire networks.

Why is it needed on OpenVMS systems?

At the time of writing, there are no known viruses that infect OpenVMS
systems. However, it is useful for an OpenVMS system to scan files for
viruses that infect other operating systems, for example, when an OpenVMS
system is used

 as a file server for Windows workstations and Macintoshes (e.g.

PATHWORKS/Advanced Server)

 to provide an ALL-IN-1 file cabinet

 for processing email with attachments (e.g. PMDF).

The Digital product PATHWORKS allows VAX and Alpha AXP computers to
provide powerful network drive facilities for Windows workstations. This
means an OpenVMS system can contain Windows executable files and
documents that include macros, which can be infected by viruses.

5

Sophos Anti-Virus for OpenVMS user manual

How is Sophos Anti-Virus installed and updated?

You install Sophos Anti-Virus directly on an OpenVMS server or cluster from
the Sophos Anti-Virus Supplementary CD (section 1).

Sophos Anti-Virus can only detect and disinfect viruses known to Sophos at
the time it was released. This means you must update your software
regularly to ensure it is capable of recognising the latest viruses. You should
update it at the following times:

Every month (section 4.1)

Every month, Sophos releases a new version of Sophos Anti-Virus on CD and
on the website. New versions contain new functionality, as well as the
capability to detect the latest viruses. Update any computer on which you
installed Sophos Anti-Virus as soon as you receive the Sophos Anti-Virus
Supplementary CD.

When there is a new virus that poses a threat to your system (section 4.2)

When Sophos identifies a new virus, it issues a virus identity file (IDE), a
type of file that enables Sophos Anti-Virus to detect that virus. Download
IDEs from the Sophos website (www.sophos.com/downloads/ide/
them to the location specified in section 4.2.

To receive email alerts about new viruses, register at

www.sophos.com/security/notifications/.

What if Sophos Anti-Virus finds a virus?

If a virus is found, find out its name and check its virus analysis on the
Sophos website (www.sophos.com/security/analyses/viruses-and-spyware/).

The analysis should provide disinfection advice. For help with disinfection,

contact Sophos technical support.

See also section 3 for general information about disinfection.

) and save

6

Recommended precautions

The book ‘a to z of computer security threats’ describes many common
types of virus and what you can do to avoid being infected by them. If you
do not have a copy, a PDF version is available from the Sophos website

www.sophos.com/security/best-practice/).

(

You should also:

 Investigate potential loopholes such as unpatched servers, which may

allow viruses into your organisation. Install all relevant software patches
as soon as they become available.

 Advise your users not to run executables they receive as email

attachments (or configure your gateway anti-virus software to remove this
type of attachment).

 Encourage your users to send Microsoft Office documents in formats that

cannot contain macros (and therefore cannot be infected with macro
viruses), such as .RTF instead of .DOC, and .CSV instead of .XLS.

Sophos Anti-Virus for OpenVMS user manual

 Check your email and internet security settings.

 Always use passwords and never disclose them to anyone.

 Keep sound backups of your operating systems, programs and files. Even

if you are able to disinfect programs, you must subsequently replace
them from backups. Clean boot disks are also sometimes necessary to
help with disinfection.

 Keep Sophos Anti-Virus up to date at all times.

7

Sophos Anti-Virus for OpenVMS user manual

8

Installation

Installing Sophos Anti-Virus on OpenVMS

Sophos Anti-Virus for OpenVMS user manual

1 Installing Sophos Anti-Virus on OpenVMS

To install Sophos Anti-Virus on OpenVMS, you must carry out the following
steps, which are described in the following sections:

 Install VSWEEP on the OpenVMS server (section 1.1).

 Make LIBSAVI available for use (section 1.2).

 Make VSWEEP a DCL foreign command (section 1.3).

If you want to install Sophos Anti-Virus on workstations connected to an
OpenVMS server, contact Sophos technical support for advice.

1.1 Install VSWEEP on the server

VSWEEP is supplied on the Sophos Anti-Virus Supplementary CD and on
the Sophos website. The installation files comprise:

 VSWEEP.BCK (CD only)

Save set of VSWEEP update files.

 VSWREST.CMD (CD only)

Command procedure to restore the VSWEEP update files from the save
set.

 READVMS.TXT (CD and website)

Release notes.

 INSTVMS.TXT (CD and website)

Installation notes.

 VSWEEP.ZIP (CD) or AVSW.ZIP (website)

Zip file with the same contents as VSWEEP.BCK, provided as an
alternative way of installing VSWEEP.

10

Sophos Anti-Virus for OpenVMS user manual

The save set and the Zip file each contain the following files:

virus engine shareable image files LIBSAVI_AXP.EXE

LIBSAVI_VAX.EXE
LIBSAVI_I64.EXE

command-line interface image files VSWEEP_AXP.EXE

VSWEEP_VAX.EXE
VSWEEP_I64.EXE

virus definition files VDL.DAT

*.VDB

Each image filename indicates the target platform as follows:

AXP Alpha

VAX VAX

I64 Itanium

The files VDL.DAT and *.VDB are usually kept in the same directory as
VSWEEP_AXP.EXE, VSWEEP_VAX.EXE and VSWEEP_I64.EXE. To use a
directory other than this directory, define the system executive-mode logical
name VSWEEP_MAIN_VDATA_DIR to refer to this directory, for example

$ DEFINE/SYS/EXEC VSWEEP_MAIN_VDATA_DIR
MYDEV:[VSWEEP.VIRDATA]

If you specify an alternative directory in this way, ensure that the definition
of the logical name is included in the site-specific startup procedure to
ensure that the logical name is defined after a reboot.

There are three ways to install VSWEEP:

 using the save set on the CD and copying the files to the server from a

Pathworks-connected workstation (section 1.1.1)

 using the save set on the CD and copying the files directly from the CD to

the server (section 1.1.2)

 using the Zip file on the CD or the website (section 1.1.3).

11

Sophos Anti-Virus for OpenVMS user manual

1.1.1 Installing from a Pathworks-connected PC

At a Pathworks client, copy the contents of the /OpenVMS folder from the
Sophos Anti-Virus Supplementary CD to the directory on the OpenVMS
server where VSWEEP is to be installed.

Within VMS, run VSWREST.CMD, for example

$ @VSWREST.CMD

to extract the VSWEEP update files from VSWEEP.BCK.

If VSWREST is run with no parameters, the save set VSWEEP.BCK must be
in the current VMS default directory. The VSWEEP update files are then
extracted to the current default directory.

If VSWREST.CMD is run with the -M parameter, the user is prompted for the
directory to which the VSWEEP update files are to be extracted and for the
location of VSWEEP.BCK.

The settings entered are saved in a configuration file, VSWREST.CFG. To use
these values in future updates use the parameter -A.

You have installed VSWEEP. Now make LIBSAVI available for use (section

1.2).

1.1.2 Installing directly from the Sophos Anti-Virus Supplementary CD

To install directly from the Sophos Anti-Virus Supplementary CD, the VMS
system must be capable of reading ISO 9660 format CDs.

Load the CD into the disk drive and mount the CD using the command:

$ MOUNT /MEDIA=CD /OVER=IDENT /UNDEFINED=(STREAM:132)
device_name

where device_name is the CD-ROM device name (e.g. DKA400:).

Ensure the current default directory is either the directory to which VSWEEP
should be installed, or the directory containing VSWREST.CFG (if VSWREST
is run with -A).

Run the installation command procedure VSWREST.CMD, for example

12

$ @DKA400:[OPENVMS]VSWREST.CMD

to install to the current directory.

or

Sophos Anti-Virus for OpenVMS user manual

$ @DKA400:[OPENVMS]VSWREST.CMD -M

to customise installation settings

or

$ @DKA400:[OPENVMS]VSWREST.CMD -A

to install customised settings.

Do not SET DEFAULT to the CD-ROM device before running
VSWREST.CMD.

You have installed VSWEEP. Now make LIBSAVI available for use (section

1.2).

1.1.3 Installing using the Zip file

The Zip file is on the Sophos Anti-Virus Supplementary CD in the /OpenVMS
folder as VSWEEP.ZIP, and on the Sophos website
(www.sophos.com/support/updates/sophos-anti-virus-non-windows.html) as
AVSW.ZIP.

It can be unzipped from the Sophos Anti-Virus Supplementary CD after the
CD has been mounted on the OpenVMS system, or it can be unzipped after
it has been copied from a PC via Pathworks/Advanced Server. Unzip it into
the directory you want to use, replacing any files there. Sophos recommends
that it is unzipped on an OpenVMS system. An OpenVMS unzip utility is
available from Info-ZIP (www.info-zip.org).

You have installed VSWEEP. Now make LIBSAVI available for use (section

1.2).

1.2 Make LIBSAVI available for use

When the update files have been copied to the OpenVMS system, the
LIBSAVI shareable image must be made available for use by the VSWEEP
image. To do this, either

 copy the LIBSAVI image to SYS$COMMON:[SYSLIB] (section 1.2.1), or

 refer to the LIBSAVI image by logical name (section 1.2.2).

1.2.1 Copy LIBSAVI image to SYS$COMMON:[SYSLIB]

You must have SYSTEM privileges to use this method.

Copy LIBSAVI_AXP.EXE, LIBSAVI_VAX.EXE or LIBSAVI_I64.EXE (as
appropriate) to the directory SYS$COMMON:[SYSLIB] (which is referenced

13

Sophos Anti-Virus for OpenVMS user manual

by the logical name SYS$SHARE). If there is an earlier version of this file in
the directory already, replace it. Ensure that the file protection for the file is
set to (S:RWED, O:RWED, G:RWED, W:RE), and the owner is set to
SYSTEM.

This step can be performed automatically if VSWREST.CMD is run with the
qualifier -M to set the option, and -A for subsequent updates.

You have made LIBSAVI available for use. Now make VSWEEP a DCL
foreign command (section 1.3).

1.2.2 Reference LIBSAVI image by logical name

Define a system logical name that refers to the device, directory and
filename of the LIBSAVI image in the installation directory. This logical name
must translate to the full specification of the LIBSAVI image. For example:

$ DEFINE/SYS LIBSAVI_AXP
MYDEV:[MYEXES.VSWEEP]LIBSAVI_AXP.EXE

or

$ DEFINE/SYS LIBSAVI_VAX
MYDEV:[MYEXES.VSWEEP]LIBSAVI_VAX.EXE

or

$ DEFINE/SYS LIBSAVI_I64
MYDEV:[MYEXES.VSWEEP]LIBSAVI_I64.EXE

If you use this method, ensure that the command above is included in the
site-specific startup procedure to ensure that the logical name is defined
after a reboot.

Alternatively, if VSWEEP is to be run only from within a command
procedure, the logical name may be defined within that procedure, for
example where the foreign symbol VSWEEP is defined.

If the logical name is not defined, or defined incorrectly, the following error
message is generated:

%DCL-W-ACTIMAGE, error activating image LIBSAVI_AXP

14

-CLI-E-IMAGEFNF, image file not found
AXP1$DKA0:[SYS0.SYSCOMMON.][SYSLIB]LIBSAVI_AXP.EXE;

You have made LIBSAVI available for use. Now make VSWEEP a DCL
foreign command (section 1.3).

Sophos Anti-Virus for OpenVMS user manual

1.3 Make VSWEEP a DCL foreign command

If this has not yet been done, make VSWEEP a DCL foreign command using
a statement such as

$ VSWEEP:==$D0:[MYEXES]VSWEEP_VAX.EXE

or

$ VSWEEP:==$D0:[MYEXES]VSWEEP_AXP.EXE

or

$ VSWEEP:==$D0:[MYEXES]VSWEEP_I64.EXE

where the device name (here D0) is preceded by a $.

This definition of VSWEEP should normally be placed in the LOGIN.COM
file.

Take care to invoke the executable that is appropriate for the platform. An
AXP executable run under VAX/VMS or OpenVMS VAX may lead to
unspecified system behaviour. Other incorrect combinations normally result
in a graceful OpenVMS error message.

Access rights for VSWEEP

VSWEEP requires read access to all files and directories in the area being
scanned. No other access modes or privileges are required.

Installation is complete.

15

Sophos Anti-Virus for OpenVMS user manual

16