Sometimes it seems that not a week goes by when you donâ€™t find out about some new computer virus waiting to strike the computers on your network. To help prevent virus outbreaks, youâ€™ve probably already deployed some type of virus detection software on your usersâ€™ computers. But in a networked environment, is running virus detection on your client workstations enough? Not necessarily. In this Daily Drill Down, weâ€™ll show you how you can control viruses on your network more effectively by using a server-side protection scheme.
Computer viruses 101
Just in case you arenâ€™t familiar with the kinds of viruses that can infect your computers and how the viruses work, letâ€™s review them. There are thousands of different computer viruses that can infect your workstations. Current estimates of the actual number of viruses in existence vary widely. Some experts and virus protection software vendors claim that there are over 13,000 viruses in existence. However, most of these viruses exist only in the vendorâ€™s labs.
The Wildlist Organization maintains a list of viruses that have been discovered by people on their computers. Since the organization began tracking computer viruses in 1993, contributors to the list have encountered fewer than 1,000 unique viruses.
That low number doesnâ€™t mean that you should ignore the threat of viruses to your computers and network. However, at the same time, donâ€™t let yourself be confused by vendors who claim to be able to detect tens of thousands of viruses. If you get a virus on your system, it will probably be one of the big ones like Melissa or Chernobyl.
Computer viruses normally fall into one of the following major categories:
- Â· Boot-sector virusesâ€”Boot-sector viruses corrupt the boot sector of your computerâ€™s hard drive by overwriting the sector with bad information. They prevent the computer from booting properly, if at all.
- Â· Executable virusesâ€”Executable viruses infect your files by attaching to executable programs (.EXE and .COM files) when you launch them.
- Â· Macro virusesâ€”Macro viruses are the newest breed of viruses. Macro viruses infect Microsoft Word documents in particular, but newer versions of macro viruses can also infect Microsoft Excel spreadsheets. These macro viruses can infect data files, taking advantage of the application's built-in programming language. The people who create macro viruses turn this feature against software owners. These virus makers can hide a complex macro virus in any document or spreadsheet. When you load the infected file, your application program will spread it to any other data file that you open. Originally, macro viruses wouldn't destroy data on your hard disk. However, newer strains are more deadly.
- Â· Memory-resident virusesâ€”Memory-resident viruses avoid detection by loading into different areas of your computer's memory. The virus waits there until you launch an application. Then, it infects your computer and the files on it. Some of these viruses place their memory-resident code into memory normally allocated for COMMAND.COM. Others place their code into unallocated memory. Viruses may also incorporate their code into the video-card buffers between 640 KB and 768 KB (A0000h and C0000h).
- Â· Partition-table virusesâ€”Partition-table viruses infect your hard disk's partition table. These viruses can either move or destroy your hard disk's partition-table information.
- Â· Polymorphic virusesâ€”Most viruses have a set code pattern that never changes, no matter what files they infect. Polymorphic viruses can alter their own code, making them harder to detect.
An ounce of prevention, a pound of cure
Your first line of defense in the war against viruses begins at your workstations. If you donâ€™t already have some form of virus protection running on the workstations on your network, then youâ€™re in trouble. Although virus infection may be rare, if protection software isnâ€™t running on your client workstation, a virus can run amok on your network easily.
Unfortunately, since Windows 3.1, Microsoft hasnâ€™t included any virus prevention software with its operating systems. That means that youâ€™re on your own when searching for protection. To fill this void, several vendors have produced software that you can use on your client workstations. Table A lists some of the more popular virus software vendors and their products.
|Network Associates||McAfee VirusScan|
|Panda Software||Panda Antivirus Platinum|
|Data Fellows||F-PROT Professional|
Besides installing the software on your client workstations, you also must ensure that the software has the latest virus signature files. The virus signature files contain the information that the software needs in order to detect new viruses. If you havenâ€™t updated the signature file for your virus detection programs in several months, you may as well not have them on your workstations. The virus detection programs wonâ€™t know about new viruses and will be ineffective.
Server-side virus protection
While it's technically possible to write a virus that would infect NetWare's core operating system, I haven't found any evidence of one existing that you have to worry about. Viruses can infect the files that are stored on your NetWare server, however.
Your second line of defense in the war against viruses resides with your servers. Unfortunately, itâ€™s often a line of work that network administrators fail to deploy. Sometimes, network administrators work under the assumption that they donâ€™t need to deploy server-side virus detection because their workstationsâ€™ software will eventually block any viruses. Why is this assumption a potentially fatal mistake?
Server-side virus protection can provide several benefits that a workstation-only based protection scheme does not. Some of the benefits of server-side virus protection include:
- Â· Centralized file scanning of shared files
- Â· Automatic pushing of updated signature files to users
- Â· Automatic scanning of backups
- Â· Logging of virus outbreaks and scanning of results
- Â· Immediate alerting of virus outbreaks
- Â· Lower network overhead
The main reason that you have file servers in the first place is to provide a central location for storing and accessing files. You can run virus scanners constantly on your workstations, but if you haven't scanned your servers, files that reside on your servers can re-infect the workstations.
Additionally, you have the problem of maintaining up-to-date signature files throughout the workstations on your network. Unless you have only a few clients on your network, you must either spend lots of time visiting each workstation on your network to update the virus signature files or rely on your users taking the time to update their own files. Most of your users may be able to figure out how to do it on their own, but virus protection is a lot like a chainâ€”itâ€™s only as strong as its weakest link. If one user fails to update on a regular basis, the entire network can become susceptible.
You should perform backups of the data files on your server. However, if you deploy only workstation-based virus scanners, your backup software probably will back up viruses with your data. If you ever restore data from your backups, youâ€™ll likewise restore the viruses unknowingly â€”thereby starting the whole infection cycle over again.
As you can imagine, virus scanners add overhead to your workstationâ€™s CPU in order to process the files as theyâ€™re being read. You also know that it takes longer to load files across the network than it does loading them locally. Therefore, as you probably can deduce, running workstation-based virus scanning to detect files loading from the network can potentially slow down processing at the workstation level. If the server has already scanned the file, it can deliver it virus-free to the workstation quickly. The workstationâ€™s scanning software can be used to scan the faster-loading local files.
If you rely only on workstation-based virus protection, you have no way of knowing what your virus scanning softwareâ€™s doing. Itâ€™s possible that a user has disabled the software. Itâ€™s equally possible that the program isnâ€™t scanning the proper files. Server-side scanners can log the virus scanning activity for both your servers and your workstations in a central location, which allows you to keep tabs on what the softwareâ€™s doing and what it has detected.
In a similar vein, you donâ€™t want to rely on your users to notify you of an outbreak. While logging may show you after the fact that a virus has been found, you probably want to know as soon as possible when a virus hits. Unfortunately, workstation-based virus scanning wonâ€™t let you know when a virus hits. Youâ€™ll have to rely on your users to tell you that theyâ€™ve encountered a virusâ€”when they get around to it or when theyâ€™re able to get in touch with you. Server-side virus protection software immediately notifies you of a virus with e-mail, pager alerts, or network broadcasts.
Most of the vendors mentioned in Table A sell some sort of server-side virus protection program. For the rest of this Daily Drill Down, weâ€™ll focus on one of the programs that you can deploy on your NetWare serversâ€”InoculateIT by Computer Associates. Weâ€™ll show you some of its features, and weâ€™ll demonstrate how you can use it to tighten your networkâ€™s defenses against virus outbreaks. In later Daily Drill Downs, weâ€™ll focus on other server-based virus protection programs, such as Norton Antivirus for NetWare and NetShield.
Inoculating your NetWare server
InoculateIT is Computer Associatesâ€™ virus protection solution. It replaces CAâ€™s older virus protection software for NetWare called InnocuLAN. CA sells server versions of InoculateIT that run on Windows NT and NetWare. The client versions run on MS-DOS, Windows 3.x, Windows 9x, and MacOS. InoculateIT gives you a central point of administration over your entire networkâ€™s virus defense. InoculateITâ€™s key benefits include:
- Â· Detects boot-sector, memory-resident, macro, and polymorphic viruses
- Â· Updates virus signature files on servers and workstations automatically
- Â· Uses Heuristic Virus Detection Engine to detect unknown macro viruses before they impose damage on the network
- Â· Scans each file in the background from the server as a client accesses it
- Â· Scans compressed files, such as ZIP and ARJ files
- Â· Installs Windows 95, Windows 3.1, and MS-DOS clients remotely from the server
- Â· Forces logoff remotely for clients who arenâ€™t running virus protection software
- Â· Integrates with NDS
- Â· Provides virus-free backups when used with CAâ€™s ARCserve IT
- Â· Sends automatic virus alerts to selected users via e-mail, pager, SNMP, network broadcast, or printed trouble ticket
Like most NetWare programs, InoculateIT runs as an NLM (more specifically, a group of NLMs) on your NetWare server. It runs under NetWare 3.x, 4.x, or 5.x; all you need is 2 MB of disk space and 16 MB of RAM on your NetWare server.
Updating InnocuLAN 4.0 for NetWare to InoculateIT 4.5 for NetWare
If you currently run InnocuLAN 4.0 for NetWare on your NetWare server, you can upgrade to InoculateIT 4.5 for NetWare for free. Go to CAâ€™s support Web site . Download the ILITNWUP.EXE file to your workstation and extract the files that it contains. Since itâ€™s only 5.4 MB, it wonâ€™t take very long to download. After you run the self-extracting executable, you must run Setup to install the update.
Although InoculateIT runs on your NetWare server, you install it from your administrative workstation. Make sure that youâ€™ve logged onto the server where you want to install InocolateIT either as Admin or as a user with Admin-equivalent rights. The installation program runs under Windows 9x or Windows NT. However, if you run the installation program from a Windows NT machine, you wonâ€™t be able to install the InoculateIT Manager.
Danger, Will Robinson!
Although youâ€™re supposed to be able to use any Windows 9x client to install InoculateIT onto your NetWare server, Iâ€™ve run into trouble when installing InoculateIT from a Windows 9x client running Novellâ€™s client 3.1â€”even with Service Pack 2 for the client installed. The installation program locks up mid-way through the installation and disconnects the client from the server. Thinking it may have been a client issue, I also tried installing it with Microsoftâ€™s NetWare client. The same thing happened. I encountered the problem using Windows 95, 98, and 98 SE. Windows NT installations went without a hitch. (Except, as noted, you canâ€™t install the InoculateIT Manager.) To get around this problem, you can download the ITLITNWUP.EXE file mentioned above. It contains a newer build of InoculateIT than is on your InoculateIT CD. The Setup program for the update runs the same way as the Setup program on the CD. You can use the same CD-Key for the update that you use for the regular CD version. I didnâ€™t encounter any problems installing InoculateIT with the update file.
To begin the installation, insert the InoculateIT CD into your workstation. The installation program should begin by itself. If it doesnâ€™t, explore the CD and run the SETUP.EXE program. Setup begins by displaying the NetWare Edition Product Explorer. This window lists the available programs that you can install in the Please Select A Component To Install list box. Select InoculateIT 4.5 for NetWare and click Install.
Now, the Setup program for InoculateIT 4.5 for NetWare will begin. First, youâ€™ll see the license window. Read the license carefully to make sure that you can comply with its terms. Click Accept to accept the license and to continue with the installation. If you click Not Accept, Setup will terminate.
After you click Accept, Setup asks you to provide the InoculateIT license information. You should have either a license floppy disk or a key code on the back of your CD-ROMâ€™s jacket. If you have a license floppy disk, click the File Type radio button and enter the file path to the license information. If you have a CD-Key, enter the key in the Enter Key field. Be careful to type the key properly. If you make a mistake, youâ€™ll have to retype the entire 20-key string. To continue, click Ok after you enter the key.
Next, Setup displays a summary window, which gives a brief description of what Setup is about to do and lists the minimum requirements you must meet on your workstation and server to run InoculateIT. Click Continue.
Setup then asks for your name and your companyâ€™s name. Enter the information in the appropriate fields and click Continue.
Setup then asks you which kind of installation youâ€™d like to perform: Express Setup or Custom Setup. As you can probably guess by the names of the types of installation, Custom Setup gives you more flexibility; you can select individual components to install. Express Setup makes most of the decisions for you. For the purposes of this Daily Drill Down, weâ€™ll select the Express Setup installation. Make sure that the Express Setup radio button is selected and click Continue.
Next, you must select the server on which you want to install InoculateIT. Setup displays the list of NetWare servers to which youâ€™re currently attached. You can view a list of all of the servers on your network by clicking the Show All Available Servers button. Select the server you want and click Continue.
Setup asks you where on the server you want to install the files. By default, Setup copies the InoculateIT files to the SYS:INOCULAN directory and the Alert files to the SYS:ALERT directory. If these directories donâ€™t exist, Setup will create them. You can specify a different volume and path by entering the information in the appropriate fields. After you select the target directory, click Continue.
If youâ€™re running Setup from a Windows 9x computer, Setup asks you where you want to install the InoculateIT Manager. If youâ€™re running Setup from a computer that runs Windows NT, you wonâ€™t see the InoculateIT Manager installation window.
By default, Setup suggests installing the InoculateIT Manager to drive C: of your workstation in the INOCULAN directory. If you select the Install Manager To Your Host Server, you can install the Manager to your server rather than directly onto your workstation. You may want to install the files to your server rather than your workstation if you use several different computers or if you have limited space on your workstation. For the purposes of this Daily Drill Down, weâ€™re going to install the InoculateIT Manager to the server. When you select the Install Manager To Your Host Server radio button, Setup specifies the SYS:INOCULAN\MANAGER directory. After you decide where to install the Manager, click Continue.
Before installing InoculateIT to your server, Setup displays a summary window that shows your selections up to this point. You can confirm the server and directory locations where the InoculateIT components are going to be copied. If the locations are correct, click Continue to copy the files. If not, you can click Back to work your way backward through the previous windows to make any necessary changes.
When you click Continue, Setup begins copying the files. After Setup finishes copying the files, it asks you to back up the key system files on your workstation. You should go ahead and run the backup. The backup will make it easy to recover quickly in case a virus outbreak damages your boot sector or CMOS.
After you make the backup floppy disk, Setup displays a window informing you that youâ€™re finished. Click OK to close the installation. If you want to review a log of what Setup installed, you can click the Notes button. Youâ€™re now ready to start InoculateIT on your NetWare server.
You can start InoculateIT from your serverâ€™s console, or you can start an Rconsole session to your server from your workstation. Donâ€™t try to start InoculateIT by loading the NLMs one at a time. Fortunately, InoculateIT comes with a startup NCF that you can use to start InoculateIT.
To start InoculateIT, type istart4 at your serverâ€™s console prompt and press [Enter]. Istart4 then launches the NLM launcher that loads all of InoculateITâ€™s NLMs. When itâ€™s done, it displays the InoculateIT Available Options window, as shown in Figure A.
|This window enables you to view InoculateITâ€™s status on your server.|
On this window, you can check InoculateITâ€™s current status. Donâ€™t misinterpret the Server Up Time indicator as referring to the total up time for your server. It only represents the amount of time that InoculateIT has been running.
Also, donâ€™t misinterpret the Domain Name entry as referring to a Windows NT domain. Like a Windows NT domain, an InoculateIT domain refers to a group of InoculateIT servers, whether or not they belong to an NT domain. The Master Server field refers to the Master Server of the InoculateIT domain. Donâ€™t worry if these fields are empty. Youâ€™ll use them only if you have multiple copies of InoculateIT running on several servers.
The Realtime Scan field displays how InoculateIT scans files. By default, InoculateIT scans files as the server reads and writes them to its hard disks. Later, weâ€™ll show you how to change that method.
The Last Virus Detected and Last Virus File fields are fairly self-explanatory. They tell you what viruses, if any, InoculateIT has encountered and how many files it has scanned.
The Available Options menu allows you to reconfigure or turn off InoculateIT. To turn off InoculateIT, highlight Deactivate InoculateIT and press [Enter]. You then will notice the Deactivate InoculateIT menu choice change to Activate InoculateIT. As you can probably guess, you can turn InoculateIT back on by highlighting Activate InoculateIT and pressing [Enter].
If you select Job Queue Operation from the Available Options menu, you can create custom scans of files on your server. To add a custom job, highlight Job Queue Operation and press [Enter]. Youâ€™ll then see a blank job queue appear. Press [Ins]. Youâ€™ll see the Immediate Server Scanning Form window appear, as shown in Figure B. The form allows you to specify when the job runs, how often it runs, and what files it scans. You can even have the job postpone itself, if you tell it to run at a time when the serverâ€™s CPU is too busy.
|You can create special virus scanning jobs to run on your server.|
The Configuration selection from the Available Options menu lets you customize the way that InoculateIT works on your server. If you highlight Configuration and press [Enter], youâ€™ll see the Configuration menu. Here, you have two choices: Realtime Monitor and NLM Information. The NLM Information option displays basic information about the version of InoculateIT that youâ€™re running. It provides such details as the version of InoculateIT, the date of the virus signature file, and the program serial number.
The Realtime Monitor option enables you to change how InoculateIT operates on your server. You can select when InoculateIT scans files by changing the value of the direction field. Other directions you can choose include:
- Â· Incoming/Outgoingâ€”Scans files as they are read from and written to the server
- Â· Incomingâ€”Scans files only when they are written to the server
- Â· Outgoingâ€”Scans files only when they are read from the server
- Â· Disabledâ€”Turns off real-time scanning
By default, InoculateIT scans all files as the server processes them. You can tell InoculateIT to scan only certain file types. Unfortunately, you canâ€™t control it down to the file extension level. You can only tell InoculateIT to scan all files or just executables.
On the Realtime Configuration window, you also can change the type of scan that InoculateIT performs. By default, InoculateIT does a Fast scan, which scans only the beginnings and endings of files for virus signatures. While this type of scan will save the server a great deal of processing time (especially with large files), the fast scan may miss some viruses that are embedded in the center of the files.
Alternatively, you can set InoculateITâ€™s scan type as Secure or Reviewer. A Secure scan checks the entire file as itâ€™s written to or read from the server. However, as you can probably guess, this type of file scan can slow down server processing.
Likewise, the Reviewer scan can slow down processing because it scans the entire file as it goes to and from the server. However, unlike the Secure scan, the Reviewer scan searches for virus-like behavior within the files. While this method can be helpful in identifying unknown virus types, it may generate false alarms.
Finally, the Realtime Configuration window enables you to specify what you want InoculateIT to do when it detects a virus by using the Action Upon Virus Detection field. After detecting a virus, InoculateIT can do the following:
- Â· Report only (generate a report about the virus but leave the file intact)
- Â· Delete file
- Â· Rename file
- Â· Cure file
- Â· Move File
- Â· Purge File
- Â· Move and Rename (move the file to a safe location and change its name)
- Â· Copy and Cure (copy the file to a safe location and disinfect the copy, leaving the original in place in case the disinfection breaks something)
As you can probably guess, the View Activity Log choice from the Available Options menu allows you to view InoculateITâ€™s activity log. The log contains a record of what InoculateIT has been doing since the last time you erased the log. Highlight View Activity Log and press [Enter]. InoculateIT displays the log with the oldest entries at the top. When you press [Esc] to exit the log, InoculateIT asks whether you want to delete the log. After reviewing it, you may want to delete the log if thereâ€™s nothing important in it. If you donâ€™t delete the log, the next time you view it you may find yourself scrolling through many screens of older entries to get to relevant information.
The Lock Screen option on the Available Options menu prevents anyone who uses Rconsole to get to the serverâ€™s prompt or who accesses the console directly from making changes to InoculateITâ€™s settings. Donâ€™t confuse this screen locking with the screen lock function from the serverâ€™s Monitor console. Unlike the screen locking with Monitor, you can switch screens away from the InoculateIT configuration screen when itâ€™s locked. When Monitor is locked, you canâ€™t do anything. InoculateITâ€™s screen lock only prevents you from making changes, not from switching screens.
Finally, if you select Exit from the Available Options screen, you can shut down InoculateIT. When you exit this menu, InoculateIT unloads its NLMs from your serverâ€™s memory. You can then restart InoculateIT.
Using InoculateIT Manager
With the InoculateIT Manager, you can use a Windows interface from the comfort of your administration workstation to perform all of the tasks that weâ€™ve discussed above. The InoculateIT Manager gives you the added benefit of being able to manage multiple servers from a central location and a single program, rather than having to run from server to server or having to run multiple Rconsole sessions.
The InoculateIT Manager was installed on your workstation when you installed InoculateIT on your first server. To start it, click Start | Programs | InoculateIT | InoculateIT For Windows. The InoculateIT Manager starts by displaying the Quick Access window. The first thing that the program asks you is if you want to use the Domain Manager, perform a local scan, or perform a quick backup of the critical areas of your computerâ€™s disks. Click the Domain Manager button.
When the Domain Manager appears, youâ€™ll see a list of InoculateIT servers in the Domains/Servers pane, as shown in Figure C. The Summary For Domain pane displays a summary listing of the information on your domain and servers, depending on whether youâ€™ve highlighted a domain or an individual server.
|You can use the Domain Manager to administer InoculateIT from your workstation.|
If youâ€™ve selected a Domain, the Summary For Domain pane lists all of the servers in that domain. It shows the server name, its status, any jobs that are scheduled, the InoculateIT version, and the virus signature version.
If you havenâ€™t created any domains or selected an individual server, the Summary For Domain pane displays detailed information about the server. Youâ€™ll see the serverâ€™s name, NetWare version, InoculateIT version, virus signature date, serial number, and InoculateIT status.
Clicking the Configuration button, you can do the same InoculateIT configuration tasks from the Domain Manger that you perform at your serverâ€™s console. Clicking that button will reveal the Configuration window, which is shown in Figure D.
|The Configuration window allows you to configure your server from your workstation.|
The Configuration window gives you the same choices that you have when you use the text-based interface at your serverâ€™s console. It uses a Windows interface to do so. As you can see, it breaks down your choices into several panes.
The DOS File Selection pane allows you to select what type of files InoculateIT will scan. By default, InoculateIT scans all DOS files. You can force it to choose only executable files by selecting Executable Files from the DOS File Selection drop-down list box. If you select Executable Files, you also can tell InoculateIT which files to scan by specifying the types of file extensions.
By default, InoculateIT doesnâ€™t scan Macintosh files. You can change that by making a selection from the Macintosh File Selection drop-down list box. You can scan all Mac files, all application files, or files that use a resource fork.
The Options pane controls what InoculateIT should do when it encounters a virus and how to scan the files on your server. Selections in these panes closely mirror those that are found at the server console and that use the Real-time Monitor and Real-time Configuration windows. Again, the biggest difference is that you can select items from Windows-style drop-down list boxes, rather than from text-based menus.
If you click the Server tab on the Configuration window, youâ€™ll see the window shown in Figure E. This tab allows you to control basic settings on the server. You can turn InoculateIT off by clearing the Server Active check box. You can turn off alerting on the server by clearing the appropriate check box. Other options on this window include:
- Â· Update Domain Intervalâ€”Specifies the amount of time between each update of domain information.
- Â· Grace Periodâ€”Specifies the amount of time that users have to load WIMMUNE or IMMUNE on their workstations before being disconnected from the server. Itâ€™s supposed to be used in conjunction with InoculateITâ€™s Enforcement function, but it didnâ€™t work for me (see below for an explanation). Values in this field seemed to have no effect on my workstations.
- Â· NCOPY Delayâ€”Sets the number of milliseconds that InoculateIT waits before using the NCOPY command to scan files that are copied to the server.
- Â· Completed Job Hold Timeâ€”Specifies the amount of time that a completed job remains in the Job Queue record.
- Â· Scan Queue Poll Intervalâ€”Controls the amount of time that passes between each check of the scan queue. When the scan queue is checked, updated information is passed to the Domain Manager.
|The Server tab controls several of the default values for InoculateIT.|
Not only did I find that some menu choices, such as Grace Period, have no effect, I also discovered that the scroll boxes were rather quirky. You canâ€™t enter the values that you want by typing them directly into the fields. Instead, you must use the arrows to scroll to the value that you want, which can be quite annoying if you want to set a value that is very different from the displayed defaults.
Heyâ€ŠWhere did that go?
If you click the Help button while displaying the Configuration window, you may notice that several features described in Help donâ€™t exist on your screen. Donâ€™t Panic. I was equally confused and confounded when I tried to review some of InoculateITâ€™s â€œfeatures.â€? I couldnâ€™t find such features as Enforcement and Auto Update, even though they were described clearly in Help and in the Features documents for InoculateIT. After much digging, I called CAâ€™s Tech Support line for InoculateIT. The support person seemed equally confused but informed me that there are several features in Help that are no longer included as feature sets of InoculateIT. So, the bottom line is: if you canâ€™t see it, it isnâ€™t there.
If you select the Scan Record/Event Log tab on the Configuration window, youâ€™ll see the window that is shown in Figure F. This window controls the way InoculateIT tracks and stores its logs. InoculateIT stores two kinds of logs: the Scan Record and the Event Log. The Event Log tracks everything that InoculateIT does while itâ€™s running, including such items as the time that it loaded, any viruses that it has encountered, and the times that you update the virus signature file. The Scan Record maintains only the scanning history. On this window, you can set the amount of information that InoculateIT retains. The choices are self-explanatory.
|The Scan Record/Event Log tab controls InoculateITâ€™s logging.|
You can also use Domain Manager to maintain/create custom job scans on your server. To create a custom scan, click the Add/Re-Schedule a Scan Job button, which resembles the Play button on a VCR. You should see the Job Properties window, as shown in Figure G. The Targets/Schedule tab allows you to specify which files and directories to scan. You can also specify if and when you want the job to repeat. The Actions/Options tab allows you to control what happens when InoculateIT detects viruses and what type of jobs to run.
|You can use Domain Manager to create custom scan jobs.|
If you are a network administrator, one of your most important jobs is to make sure that you keep the information on your network secure. This task includes ensuring that you have effective virus protection running on your network. Just having virus protection software on your workstations isnâ€™t enough. You should also run virus protection software on your server. In this Daily Drill Down, we have examined one example of the available server-based virus software for NetWareâ€”InoculateIT.