Sophos Anti-Virus for Netware User Manual

User manual
Sophos Anti-Virus for NetWare
Document date: July 2007
Sophos Anti-Virus NetWare user manual
About this manual
This user manual explains how to use Sophos Anti-Virus for NetWare and how to configure
virus alerts
disinfection
logging
reporting.
The manual also provides help in resolving common problems.
For information on automatically installing and updating Sophos Anti-Virus, see one of the following documents:
If the network uses Microsoft networking, see the Sophos Endpoint
Security and Control network startup guide on the Sophos website or
the Sophos Network Install CD.
If the network uses NDS networking, see the Sophos Endpoint Security
and Control network startup guide: NetWare edition on the Sophos
website or the Sophos Network Install CD.
For information on manually installing and updating Sophos Anti-Virus, see the Sophos Anti-Virus NetWare startup guide on the Sophos Anti-Virus Supplementary CD.
2
Sophos Anti-Virus NetWare user manual

Contents

Using Sophos Anti-Virus
1 Loading and unloading Sophos Anti-Virus 6
2 Using the Sophos Anti-Virus screen 7
3 Scanning the server 9
4 Scheduled scanning 11
5 Viewing the log file 15
6 Disinfection 16
Configuration
7 Configuring immediate or scheduled scanning 22
8 Configuring InterCheck (central reporting) 35
9 Configuring real-time scanning 37
10 Purging checksums (for real-time scanning) 45
11 Setting administration options 46
12 Restoring or saving configuration settings 52
13 Command line options 53
Troubleshooting
14 Troubleshooting 56
Glossary and index
Glossary 60
Index 62
Technical support 64
3
Sophos Anti-Virus NetWare user manual
4

Using Sophos Anti-Virus

Loading and unloading Sophos Anti-Virus
Using the Sophos Anti-Virus screen
Scanning the server
Scheduled scanning
Viewing the log file
Disinfection
Sophos Anti-Virus NetWare user manual

1 Loading and unloading Sophos Anti-Virus

1.1 Loading Sophos Anti-Virus
At a workstation running RCONSOLE, or at the server console, enter
LOAD SWEEP
The main Sophos Anti-Virus screen is displayed. For information on using this screen, see section 2 below.
The first time Sophos Anti-Virus is loaded, it prompts for the fully qualified distinguished name of an administrator and a password.
1.2 Unloading Sophos Anti-Virus
To unload Sophos Anti-Virus at any stage, press ‘Esc’ repeatedly until the Exit menu is displayed. Select Unload SWEEP and press Return. If you have made changes to the configuration, you will be prompted to save them.
To unload Sophos Anti-Virus from the command line, enter
UNLOAD SWEEP
6
Sophos Anti-Virus NetWare user manual

2 Using the Sophos Anti-Virus screen

The Sophos Anti-Virus screen has a menu and three boxes.
!!
! Main menu enables you to configure and start scans (see section 2.1).
!!
!!
! InterCheck/Real-time shows whether InterCheck central reporting and
!!
Real-time (on-access) scanning are active, and shows details of real-time activity.
!!
! Server shows the scanning job currently being run (if any), the next
!!
scheduled job, and details of files scanned and viruses found.
!!
! Last Virus shows details of the last virus discovered and the action
!!
taken.
2.1 The Main menu
The Main menu enables you to control and configure scanning and reporting. The options include the following:
! Immediate mode scans files on the server now (see section 3).
! Scheduled mode runs scans on the server at set times and on set days
(see section 4).
! InterCheck receives reports from workstations (see section 8).
! Real-time mode checks files copied to or accessed on the server (see
section 9).
7
Sophos Anti-Virus NetWare user manual
2.2 Using menus and screens
To use menus and screens in Sophos Anti-Virus for NetWare, do as follows.
Selecting items
To select an option, position the selection bar on it (using the cursor up/down keys) and press Return.
Closing a screen
To quit a screen and return to the previous one, press ‘Esc’.
Adding or removing items from a list
To add an item to a list, press ‘Insert’. To delete an item from a list, position the selection bar on the item and press ‘Delete’.
8
Sophos Anti-Virus NetWare user manual

3 Scanning the server

This section describes immediate scanning. For details of Scheduled scanning, see section 4. For details of Real-time scanning, see section 9.
3.1 To start a scan
To scan the server for viruses now (an immediate scan)
1. On the Main menu, select Immediate Mode and press Return.
2. In the Immediate Mode screen, select Start and press Return.
Sophos Anti-Virus checks the file server and displays the results in the Server window. It also enters the results in the SWEEP.LOG file in the SWEEP directory on the server.
To configure immediate scanning, in the Immediate Mode screen, select Configuration. See section 7 for details.
If you want Sophos Anti-Virus to run a scan as soon as it is loaded, enter
LOAD SWEEP -I
If a scheduled scan is running and you try to start an immediate scan, a menu is displayed containing options to postpone or cancel the immediate scan. If you choose Postpone, the immediate scan runs when the scheduled scan is finished.
9
Sophos Anti-Virus NetWare user manual
3.2 Stopping a scan
To stop an immediate scan that is in progress
1. On the Main menu, select Immediate Mode and press Return.
2. In the Immediate Mode screen, select Stop and press Return.
10
Sophos Anti-Virus NetWare user manual

4 Scheduled scanning

4.1 Creating a scheduled job
To schedule Sophos Anti-Virus to run at set times on specified days of the week, do as follows.
1. On the Main menu, select Scheduled mode and press Return.
2. A list of Scheduled jobs is displayed. By default, there is a job called Daily
that runs at 21.00 each day. Press ‘Insert’ to add a new job.
3. In the Enter job name text box, type a name and press Return.
4. In the Scheduled jobs list, select the new job and press Return.
11
Sophos Anti-Virus NetWare user manual
5. In the Scheduled job: <jobname> screen, the configuration settings for the job are displayed. The job is already Active by default (i.e. it will run at the times shown). Select Times and press Return.
6. In the Times text box, press ‘Insert’, type a time and press Return.
7. In the Scheduled job: <jobname> screen, select Days. By default all the days of the week are included. To remove a day, select it and press ‘Delete’. To add a day, press ‘Insert’ and select a day from the menu that is displayed.
For details of the other configuration options for scheduled jobs, see section
7.
12
If an immediate scan is taking place and a scheduled scan is due to start, the immediate scan is stopped and a message written to the log file.
Sophos Anti-Virus NetWare user manual
4.2 Editing a scheduled job
To edit a scheduled job
1. On the Main menu, select Scheduled Mode and press Return.
2. In the Scheduled jobs list, select the job to be edited and press Return.
3. In the Scheduled job: <jobname> screen, specify the times and days as described in section 4.1.
13
Sophos Anti-Virus NetWare user manual
4.3 Removing a scheduled job
To remove a scheduled job
1. On the Main menu, select Scheduled mode and press Return.
2. In the Scheduled jobs list, select the job to be removed and press ‘Delete’.
4.4 Stopping a scheduled job
To stop a scheduled job that has already started
1. On the Main menu, select Immediate mode (not Scheduled mode) and press Return.
2. In the Immediate mode screen, select Stop and press Return.
14
Sophos Anti-Virus NetWare user manual

5 Viewing the log file

To view the Sophos Anti-Virus log file, do as follows.
1. On the Main menu, click Administration and press Return.
2. The Administration menu is displayed. Select Log file and press Return.
3. In the Log file screen, select View and press Return.
The log file is displayed. The latest entries are at the end of the file.
To go directly to the end of the log file, press Ctrl+PgDn (or, on versions of RCONSOLE that do not support this key combination, press Ctrl+x).
15
Sophos Anti-Virus NetWare user manual

6 Disinfection

This section provides some general information about disinfection. It does not explain how to disinfect a computer of specific viruses, as disinfection
methods are varied and can be virus-specific.
It is recommended that you get information about the virus (see below), then either use the Sophos website for help with disinfection or contact Sophos technical support.
This section describes how to disinfect infected items on a NetWare server. For information on disinfecting client workstations, see the Sophos Anti-Virus documentation for that platform.
6.1 Getting information about the virus
If Sophos Anti-Virus reports a virus, first isolate the infected computers from the network and internet.
Write down the name of the virus, then, from an uninfected computer, look up its virus analysis on the Sophos website. The virus analysis search page is located at
www.sophos.com/virusinfo/analyses
The analysis tells you what types of files the virus infects, and provides information about disinfection. It may also include a link to detailed disinfection instructions.
If there are no instructions, or if the virus analysis tells you to seek advice, contact Sophos technical support.
16
Sophos Anti-Virus NetWare user manual
6.2 Disinfection
Sophos Anti-Virus can automatically disinfect documents containing document viruses and can automatically disinfect some infected programs.
Disinfected programs may be unstable, and put valuable data at risk. We recommend that disinfection of programs is used only as a temporary measure, and that you subsequently replace disinfected programs from original installation disks, a clean computer or sound backups.
To attempt disinfection of documents or programs with an immediate scan, do as follows.
1. On the Main menu, select Immediate mode and press Return.
2. In the Immediate mode screen, select Configuration and press Return.
3. To attempt disinfection of documents, in the Immediate mode configuration screen, select Document viruses and press Return.
To attempt disinfection of programs, in the Immediate mode configuration screen, select Program viruses and press Return.
17
Sophos Anti-Virus NetWare user manual
4. To attempt disinfection of documents, in the Document viruses screen, select Disinfect and press Return.
To attempt disinfection of programs, in the Program viruses screen, select Disinfect and press Return.
5. Exit from the configuration screen. In the Immediate mode screen, select Start and press Return.
6. In the Sophos Anti-Virus screen, watch the results of the scan in the Server window. If the number of viruses reported in the on-screen log decreases, continue running scans until no viruses are found.
If disinfection fails, you should carry out a manual disinfection, specific to that virus. This is described on the Sophos website, either in its virus analysis, or on the web page that describes how to disinfect that type of virus.
18
6.3 Recovering from virus side-effects
How you recover from a virus infection depends on how the virus affected the infected computer. Some viruses have no side-effects, whereas others corrupt or delete data.
Some viruses gradually make minor changes to data. This type of corruption can be very hard to detect. It is therefore very important that you read the virus analysis on the Sophos website, and check documents carefully after disinfection.
Sound backups are crucial. If you did not have them before you were infected, ensure you create or obtain them in case of future infections.
Sometimes you can recover data from disks damaged by viruses. Sophos can supply utilities for repairing the damage caused by some viruses. Contact Sophos technical support for help.
Sophos Anti-Virus NetWare user manual
19
Sophos Anti-Virus NetWare user manual
20
Loading...
+ 44 hidden pages