
                            InocuLAN Version 3.00
                Copyright 1992-1994 by Cheyenne Software, Inc

  Cheyenne Software, Inc.               TEL (516) 484-5110
  3 Expressway Plaza                    FAX (516) 484-3446
  Roslyn Heights, NY 11577              BBS (516) 484-3445
  USA                                   CompuServe:  GO CHEYENNE

  =======================================================================

  The following information is not included in InocuLAN's printed
  documentation.


Installation
============
  When installing InocuLAN, it is recommended that the workstation be
  booted from a clean DOS System diskette.  Be sure to set FILES = 20 or
  higher in the CONFIG.SYS file.  Next, run the InocuLAN installation 
  program (INSTALL.EXE).

  If you decide to create a Rescue Diskette, the install program will 
  prompt you to re-insert the install diskette after all critical
  information has been backed up.  You will then be asked to press <Enter>.  
  In certain cases you may see the following message:   

        "GetError unable to access the system error file "V$ERR.DAT"

  The system file is probably not the most current version.  Please 
  disregard this message, since the installation was completed successfully.


Installing InocuLAN for Macintosh
=================================
An installation program is available to install InocuLAN for Macintosh on
your Macintosh. To access this program, insert the InocuLAN for Macintosh
diskette in your floppy drive and click on the install icon. The program
will create folders and copy files as required to install InocuLAN for
Macintosh.

To install InocuLAN for Macintosh from your network, copy the InocuLAN for 
Macintosh disk to a folder in your server, then click on the install icon
from the server folder. 

Note: If you do not want to install the Virus Test Program on the
workstations, remove the program from the InocuLAN folder in the server.
Disregard the failure message at the end of the installation that reads
"Couldn't open the source file: 'Cheyenne:InocuLAN:VIRUS TEST PROGRAM'
for reading".

If you choose to copy this file to the workstations, you must either disable 
the InocuLAN NLM Real-time Monitor or set the File Selection/Mac File setting
to 'No Scan'. Return this setting to its original state when InocuLAN for
Macintosh installations are complete.

This process can expedite installation in Macintosh workstations.


AVUPDATE: (This is available only to InocuLAN network users)
=========
  AVUPDATE may be executed in a quiet mode by adding the parameter /Q to
  the AVUPDATE command in the System Login Script.  When loaded in the quiet
  mode, AVUPDATE will not prompt the user with the message:  "Check Local
  InocuLAN Files Against Server Files <Y/N>?", but will still automatically
  check (and update if necessary) the InocuLAN files. 
  
  In order to update the Manager installed on the workstations, copy all 
  Manager files (except INSTALL.EXE and INSTALL.DAT) to the subdirectory 
  where the InocuLAN NLM was installed.  AVUPDATE will update the files 
  (according to the AVUPDATE.DAT file contents) to the subdirectory pointed 
  to by the workstation's environment variable INOCULAN.  

  For example: if InocuLAN V3.00 NLM was installed in subdirectory
  SYS:\INOCULAN and InocuLAN Manager (previous version) was installed in
  subdirectory C:\INOCULAN:
        1. Copy the Manager files to SYS:\INOCULAN
        2. Check that the System Login Script has the line 
                #SYS:INOCULAN\AVUPDATE
           (Add parameter /Q if you want quiet mode.)
        3. Verify that the workstation's environment variable INOCULAN
           points to C:\INOCULAN.  You can do this by typing the AUTOEXEC.BAT
           to see that it contains the statement:
                SET INOCULAN=C:\INOCULAN 
           (This should have been done by the previous version of Inoculan's
           Installation program.)

  Note: When EXAMINE is run with the updated version, it will report that the
  signatures on the disk are invalid. Answer YES to the question "Do you wish
  to create new signature files?". (Another alternative is to run the
  InocuLAN Manager and back up the Critical Disk Area).


VLM Network Drivers
===================
  VLM's must be version 1.03 or later.


EXAMINE
=======
1.  If another version of DOS is installed on the workstation after the
    Critical Areas have been backed up using InocuLAN, EXAMINE will report
    that the Critical Areas have changed.  This is normal, since the new
    operating system will write to the boot sector and will also update the
    system files.

2.  EXAMINE will fail if the COMSPEC statement points to a network drive.
    This condition occurs when workstations having only one floppy disk, boot
    from it and access the network, causing the login script to modify
    the COMSPEC environment variable to point to a network drive. In this
    case, run EXAMINE before changing the COMSPEC environment variable.


IMMUNE.EXE
==========
1.  Under MS DOS 6.0, 6.2x and IBM PCDOS 6.1, 6.3, IMMUNE.EXE cannot detect
    a File Type virus if the user implements XCOPY.EXE to copy infected files.

2.  IMMUNE.EXE /PR (Prevent option) needs the InocuLAN environment variable
    set.
    Therefore, a statement such as      SET INOCULAN=C:\INOCULAN 
    is required to specify InocuLAN's home directory.

3.  IMMUNE loses detection capabilities when it is loaded high. We recommend
    that you do not load IMMUNE high.

4.  The small version of IMMUNE does not support the /XHK switch (do not
    rehook interrupt 21). Also, it does not have enforcement implementation.


MANAGER
=======
1.  For STACKER, DoubleDrive, or other on-the-fly disk compression utilities
    users:

    When InocuLAN is first installed, the installation process will:
        (1) Back up the Critical Disk Area (CDA) to InocuLAN's home directory
         and
        (2) Provide the user an option to back up the CDA to a floppy A: or B:
         drive.

    These two steps are the same as InocuLAN does on other systems.  For most
    situations, InocuLAN can examine and compare the CDA by just using these
    two copies of CDA backups.

    To further protect the CDA for those who compress the boot drive
    (usually C:), please follow this steps:
        (1) Modify the CONFIG.SYS or other file(s) so that the compressed
            volume of Drive C: does not mount.
        (2) Reboot the system.
        (3) Run InocuLAN for DOS from floppy disk.  Select the "Protect 
            Critical Disk Area" option and back up the CDA to an A: or B:
            floppy drive.
            Mark this disk "InocuLAN Rescue Disk when Hard Disk is not
            bootable."
        (4) Modify the CONFIG.SYS or other file(s) so that the compressed
            volume of Drive C: can be mounted.
        (5) Restart system.  The compressed volume should mount normally.

    In case this on-the-fly disk compression system becomes infected,
    InocuLAN can detect/cure infected files or the CDA as long as the hard
    drive boots up.  
    Those restore procedures can be found in the InocuLAN Supervisor Guide.  
        
    However, if the system cannot boot, it needs a clean floppy boot disk to 
    boot.  Under such circumstances, the compressed volume cannot be mounted.  
    Therefore, there is no path to execute InocuLAN from the hard drive.
    This is the time to restore the CDA using InocuLAN for DOS and "InocuLAN
    Rescue Disk when Hard Disk is not bootable".  When the CDA is
    successfully restored, restart the system.  This should mount the
   compressed volume correctly.  Then, run InocuLAN again to scan ALL drives.

2.  MS DOS 6.22 comes with a drive compression utility DoubleDrive.  InocuLAN
    works fine with this utility.  However, if the InocuLAN for Windows
    Manager has difficulty backing up the CDA (Error message: Error Reading
    Boot Sector), please use the DOS Manager to perform this task.

    Under some situations, the DOS manager might need more conventional
    memory than stated in the Supervisor's Guide to accomplish this task.
    If this is the case, restart the system with fewer TSRs loaded, run the
    InocuLAN for DOS Manager to back up the CDA, and load the TSRs back.

3.  Netware 4.0x message: 'Failed to access Job Queue' when trying to submit
    a scheduled scanning job from the manager.
    Netware 4.0x does not have the group 'Everyone'.  The InocuLAN
    installation program creates one and makes user CHEY_VSVR_<server_name> a
    member of this group. Make sure the user that tries to submit the job
    belongs to the 'Everyone' group.
        
4.  MSDOS 5.0
    An InocuLAN for DOS scan on write-protected floppy with the CURE option 
    selected gets into an infinite loop when a curable infected file is 
    detected, causing the workstation to apparently lock up.

    Remove the floppy from the drive, press <Esc> to exit from the loop, and
    then write-enable the floppy before re-trying. 

    InocuLAN for Windows assumes it cured the file, but that is not true
    because the diskette is write-protected.  Write-enable the diskette and
    execute the scan again.

5.  NOVELL DOS 7.0
    Rescue and Critical Disk Operations are not supported.

6.  DR DOS Users:
    InocuLAN will report the DOS Version as MS-DOS 3.31 under Version 
    Information in the Administration Menu.

7.  OS/2 Boot Manager Users:
    InocuLAN will not be able to back up the Critical Areas of the DOS
    partition because the Boot Manager format is foreign to InocuLAN.

8.  INOCULAN COMMAND LINE
    To scan all local drives, use the following command:

                                INOCULAN *


Running with Microsoft WINDOWS:
================================
  If the IMMUNE TSR is used, it must be loaded prior to running WINDOWS.  
  Also, WTSR.EXE must be loaded in WINDOWS to enable a POPUP when a virus 
  is detected.  To load WTSR.EXE, add the following to the [Windows] section 
  of the WIN.INI file:

              load = c:\inoculan\wtsr.exe

  If you already have a LOAD command in your WIN.INI file, add the following
  line to your existing LOAD command:  
        
              c:\inoculan\wtsr.exe      (use a space for a delimiter)

  WAVLIB.DLL must also be present in the InocuLAN directory.  It is important
  that the WTSR.EXE icon not be closed, or a POPUP window will not appear
  when an infected file is detected by IMMUNE.

  Note: If you run the InocuLAN DOS Manager in a DOS window or InocuLAN for
  Windows, IMMUNE will be deactivated for as long as the Manager is running. 


Running InocuLAN for DOS from a Write Protected Disk:
=============================================
  If InocuLAN is run from the original diskette or a Write Protected floppy,
  the following messages will appear:

      "An attempt to create the file A:\TMP failed."
      "An attempt to open the file A:\V$SVR.LOG failed."

  Press the <ESC> key two times to ignore the messages.  To create a report
  file specify the C: Drive.




         
         
