Sophos Anti-Virus for Netware User Manual
User manual
Sophos Anti-Virus for NetWare
Document date: July 2007
Sophos Anti-Virus NetWare user manual
About this manual
This user manual explains how to use Sophos Anti-Virus for NetWare and
how to configure
virus scanning
virus alerts
disinfection
logging
reporting.
The manual also provides help in resolving common problems.
For information on automatically installing and updating Sophos
Anti-Virus, see one of the following documents:
If the network uses Microsoft networking, see the Sophos Endpoint
Security and Control network startup guide on the Sophos website or
the Sophos Network Install CD.
If the network uses NDS networking, see the Sophos Endpoint Security
and Control network startup guide: NetWare edition on the Sophos
website or the Sophos Network Install CD.
For information on manually installing and updating Sophos Anti-Virus, see
the Sophos Anti-Virus NetWare startup guide on the Sophos Anti-Virus
Supplementary CD.
2
Sophos Anti-Virus NetWare user manual
Contents
Using Sophos Anti-Virus
1 Loading and unloading Sophos Anti-Virus 6
2 Using the Sophos Anti-Virus screen 7
3 Scanning the server 9
4 Scheduled scanning 11
5 Viewing the log file 15
6 Disinfection 16
Configuration
7 Configuring immediate or scheduled scanning 22
8 Configuring InterCheck (central reporting) 35
9 Configuring real-time scanning 37
10 Purging checksums (for real-time scanning) 45
11 Setting administration options 46
12 Restoring or saving configuration settings 52
13 Command line options 53
Troubleshooting
14 Troubleshooting 56
Glossary and index
Glossary 60
Index 62
Technical support 64
3
Sophos Anti-Virus NetWare user manual
4
Using Sophos Anti-Virus
Loading and unloading Sophos Anti-Virus
Using the Sophos Anti-Virus screen
Scanning the server
Scheduled scanning
Viewing the log file
Disinfection
Sophos Anti-Virus NetWare user manual
1 Loading and unloading Sophos Anti-Virus
1.1 Loading Sophos Anti-Virus
At a workstation running RCONSOLE, or at the server console, enter
LOAD SWEEP
The main Sophos Anti-Virus screen is displayed. For information on using
this screen, see section 2 below.
The first time Sophos Anti-Virus is loaded, it prompts for the fully qualified
distinguished name of an administrator and a password.
1.2 Unloading Sophos Anti-Virus
To unload Sophos Anti-Virus at any stage, press ‘Esc’ repeatedly until the
Exit menu is displayed. Select Unload SWEEP and press Return. If you
have made changes to the configuration, you will be prompted to save them.
To unload Sophos Anti-Virus from the command line, enter
UNLOAD SWEEP
6
Sophos Anti-Virus NetWare user manual
2 Using the Sophos Anti-Virus screen
The Sophos Anti-Virus screen has a menu and three boxes.
!!
! Main menu enables you to configure and start scans (see section 2.1).
!!
!!
! InterCheck/Real-time shows whether InterCheck central reporting and
!!
Real-time (on-access) scanning are active, and shows details of real-time
activity.
!!
! Server shows the scanning job currently being run (if any), the next
!!
scheduled job, and details of files scanned and viruses found.
!!
! Last Virus shows details of the last virus discovered and the action
!!
taken.
2.1 The Main menu
The Main menu enables you to control and configure scanning and
reporting. The options include the following:
! Immediate mode scans files on the server now (see section 3).
! Scheduled mode runs scans on the server at set times and on set days
(see section 4).
! InterCheck receives reports from workstations (see section 8).
! Real-time mode checks files copied to or accessed on the server (see
section 9).
7
Sophos Anti-Virus NetWare user manual
2.2 Using menus and screens
To use menus and screens in Sophos Anti-Virus for NetWare, do as follows.
Selecting items
To select an option, position the selection bar on it (using the cursor
up/down keys) and press Return.
Closing a screen
To quit a screen and return to the previous one, press ‘Esc’.
Adding or removing items from a list
To add an item to a list, press ‘Insert’. To delete an item from a list, position
the selection bar on the item and press ‘Delete’.
8
Sophos Anti-Virus NetWare user manual
3 Scanning the server
This section describes immediate scanning. For details of Scheduled
scanning, see section 4. For details of Real-time scanning, see section 9.
3.1 To start a scan
To scan the server for viruses now (an immediate scan)
1. On the Main menu, select Immediate Mode and press Return.
2. In the Immediate Mode screen, select Start and press Return.
Sophos Anti-Virus checks the file server and displays the results in the
Server window. It also enters the results in the SWEEP.LOG file in the
SWEEP directory on the server.
To configure immediate scanning, in the Immediate Mode screen, select
Configuration. See section 7 for details.
If you want Sophos Anti-Virus to run a scan as soon as it is loaded, enter
LOAD SWEEP -I
If a scheduled scan is running and you try to start an immediate scan, a
menu is displayed containing options to postpone or cancel the immediate
scan. If you choose Postpone, the immediate scan runs when the scheduled
scan is finished.
9
Sophos Anti-Virus NetWare user manual
3.2 Stopping a scan
To stop an immediate scan that is in progress
1. On the Main menu, select Immediate Mode and press Return.
2. In the Immediate Mode screen, select Stop and press Return.
10
Sophos Anti-Virus NetWare user manual
4 Scheduled scanning
4.1 Creating a scheduled job
To schedule Sophos Anti-Virus to run at set times on specified days of the
week, do as follows.
1. On the Main menu, select Scheduled mode and press Return.
2. A list of Scheduled jobs is displayed. By default, there is a job called Daily
that runs at 21.00 each day. Press ‘Insert’ to add a new job.
3. In the Enter job name text box, type a name and press Return.
4. In the Scheduled jobs list, select the new job and press Return.
11
Sophos Anti-Virus NetWare user manual
5. In the Scheduled job: <jobname> screen, the configuration settings for
the job are displayed. The job is already Active by default (i.e. it will run at
the times shown). Select Times and press Return.
6. In the Times text box, press ‘Insert’, type a time and press Return.
7. In the Scheduled job: <jobname> screen, select Days. By default all the
days of the week are included. To remove a day, select it and press ‘Delete’.
To add a day, press ‘Insert’ and select a day from the menu that is
displayed.
For details of the other configuration options for scheduled jobs, see section
7.
12
If an immediate scan is taking place and a scheduled scan is due to start,
the immediate scan is stopped and a message written to the log file.
Sophos Anti-Virus NetWare user manual
4.2 Editing a scheduled job
To edit a scheduled job
1. On the Main menu, select Scheduled Mode and press Return.
2. In the Scheduled jobs list, select the job to be edited and press Return.
3. In the Scheduled job: <jobname> screen, specify the times and days as
described in section 4.1.
13
Sophos Anti-Virus NetWare user manual
4.3 Removing a scheduled job
To remove a scheduled job
1. On the Main menu, select Scheduled mode and press Return.
2. In the Scheduled jobs list, select the job to be removed and press ‘Delete’.
4.4 Stopping a scheduled job
To stop a scheduled job that has already started
1. On the Main menu, select Immediate mode (not Scheduled mode) and
press Return.
2. In the Immediate mode screen, select Stop and press Return.
14
Sophos Anti-Virus NetWare user manual
5 Viewing the log file
To view the Sophos Anti-Virus log file, do as follows.
1. On the Main menu, click Administration and press Return.
2. The Administration menu is displayed. Select Log file and press Return.
3. In the Log file screen, select View and press Return.
The log file is displayed. The latest entries are at the end of the file.
To go directly to the end of the log file, press Ctrl+PgDn (or, on versions of
RCONSOLE that do not support this key combination, press Ctrl+x).
15
Sophos Anti-Virus NetWare user manual
6 Disinfection
This section provides some general information about disinfection. It does
not explain how to disinfect a computer of specific viruses, as disinfection
methods are varied and can be virus-specific.
It is recommended that you get information about the virus (see below),
then either use the Sophos website for help with disinfection or contact
Sophos technical support.
This section describes how to disinfect infected items on a NetWare server.
For information on disinfecting client workstations, see the Sophos Anti-Virus
documentation for that platform.
6.1 Getting information about the virus
If Sophos Anti-Virus reports a virus, first isolate the infected computers from
the network and internet.
Write down the name of the virus, then, from an uninfected computer, look
up its virus analysis on the Sophos website. The virus analysis search page
is located at
www.sophos.com/virusinfo/analyses
The analysis tells you what types of files the virus infects, and provides
information about disinfection. It may also include a link to detailed
disinfection instructions.
If there are no instructions, or if the virus analysis tells you to seek advice,
contact Sophos technical support.
16
Sophos Anti-Virus NetWare user manual
6.2 Disinfection
Sophos Anti-Virus can automatically disinfect documents containing
document viruses and can automatically disinfect some infected programs.
Disinfected programs may be unstable, and put valuable data at risk. We
recommend that disinfection of programs is used only as a temporary
measure, and that you subsequently replace disinfected programs from
original installation disks, a clean computer or sound backups.
To attempt disinfection of documents or programs with an immediate scan,
do as follows.
1. On the Main menu, select Immediate mode and press Return.
2. In the Immediate mode screen, select Configuration and press Return.
3. To attempt disinfection of documents, in the Immediate mode
configuration screen, select Document viruses and press Return.
To attempt disinfection of programs, in the Immediate mode configuration
screen, select Program viruses and press Return.
17
Sophos Anti-Virus NetWare user manual
4. To attempt disinfection of documents, in the Document viruses screen,
select Disinfect and press Return.
To attempt disinfection of programs, in the Program viruses screen, select
Disinfect and press Return.
5. Exit from the configuration screen. In the Immediate mode screen, select
Start and press Return.
6. In the Sophos Anti-Virus screen, watch the results of the scan in the Server
window. If the number of viruses reported in the on-screen log decreases,
continue running scans until no viruses are found.
If disinfection fails, you should carry out a manual disinfection, specific to
that virus. This is described on the Sophos website, either in its virus
analysis, or on the web page that describes how to disinfect that type of
virus.
18
6.3 Recovering from virus side-effects
How you recover from a virus infection depends on how the virus affected
the infected computer. Some viruses have no side-effects, whereas others
corrupt or delete data.
Some viruses gradually make minor changes to data. This type of corruption
can be very hard to detect. It is therefore very important that you read the
virus analysis on the Sophos website, and check documents carefully after
disinfection.
Sound backups are crucial. If you did not have them before you were
infected, ensure you create or obtain them in case of future infections.
Sometimes you can recover data from disks damaged by viruses. Sophos
can supply utilities for repairing the damage caused by some viruses.
Contact Sophos technical support for help.
Sophos Anti-Virus NetWare user manual
19
Sophos Anti-Virus NetWare user manual
20
Loading...