McAfee VirusScan Command Line Q's

Guy · Aug 3, 2004

[F/Up set to a.c.a-v]

Some questions for any users of McAfee VirusScan Command Line.

Do I need all these files?

AVPARAM.DLL
MCSCAN32.DLL
MCTOOL.EXE
RWABS16.DLL
RWABS32.DLL
SCAN.EXE
SCANPM.EXE

Is this the latest version (engine and DAT)?

McAfee VirusScan for Win32 v4.32.0
Copyright (c) 1992-2003 Networks Associates Technology Inc.
All rights reserved.
(408) 988-3832 LICENSED COPY - Nov 27 2003

Scan engine v4.3.20 for Win32.
Virus data file v4382 created Jul 28 2004
Scanning for 95195 viruses, trojans and variants.

Does NAI/McAfee have a good(like Sophos, not like Frisk) email
notification service which announces updates?

Thank you.

Janne Aro · Aug 3, 2004

Guy said:
[F/Up set to a.c.a-v]
Do I need all these files?

Information below is from Readme file...

AVPARAM.DLL

AVPARAM.DLL VirusScan support file

MCSCAN32.DLL

MCSCAN32.DLL 32-bit scanning engine

MCTOOL.EXE

MCTOOL.EXE Scanning support file

RWABS16.DLL

RWABS16.DLL VirusScan 16-bit support
file

RWABS32.DLL

RWABS32.DLL VirusScan 32-bit support
file

SCAN.EXE

SCAN.EXE VirusScan Command-Line
program for 32-bit
environments

SCANPM.EXE

SCANPM.EXE VirusScan Command Line
program for protected-mode
environments

Is this the latest version (engine and DAT)?

Yes it is.

David H. Lipman · Aug 3, 2004

Guy · Aug 3, 2004

Janne said:
Information below is from Readme file...

Yes I read that information, but still did not understand.
Perhaps David H. Lipman has better insight.

Yes it is.

http://vil.nai.com/vil/join-DAT-list.asp

Thank you for your reply.

Guy · Aug 3, 2004

David said:
To run both the GUI and the Command Line scanner -
yes, all arerequired.

To JUST run the Command Line Scanner you need... SCAN.EXE
SCANPM.EXE all DAT files.

The DLLs and MCTOOL.EXE are not need for ONLY command line scanning?

I only use on demand command line scanners; AVP/KAV, F-Prot, Sophos.
Since McAfee appears to be getting better at detection.
I will evaluate its performance.

What is the use of MCTOOL.EXE(Scanning support file)?

Finally, McAfee has an excellent listserver.

Re: <http://vil.nai.com/vil/join-DAT-list.asp>

Every Wednesday AVERT posts the latest DATs to ensure your
product contains the most up-to-date detection and repair.
[...]
As a subscriber to this service, you will receive an email

Do you know if DATs are available at the same time each Wednesday?

I ask because I want to script a download. I'll do by either time of
day or by receipt email notification.

[...]

a security threat is discovered and AVERT assigns a risk
assessment to the threat that is Medium or above, AVERT will
post the DATs, and will notify you of the emergency DAT posting.

Do you have an example of this emergency notification?

When it is issued, does the dat-####.zip include the EXTRA.DAT?
If I use the EXTRA.DAT must I use the /EXTRA switch or does the scanner
engine pick it up by itself?

Can I write my own DAT file, like Sophos PATTERN files,
for undetected malware?

Thank you for your time.

David H. Lipman · Aug 3, 2004

Guy:

I'm not sure what MCTOOL.EXE is for but it is only for the GUI, that I know and you don't
need most of the DLLs. I'm not too sure about MCSCAN32.DLL. I know it is an ENGINE file
but I don't think its needed for the Command Line Scanner.

As for the DATs on Wednesday. Using my professional personna, I petitioned mcAfee/NAI to
put out the DATs on Wednesdays to be release by the COB for the East coast of the USA. I
specifically stated by 4pm Eastern time and McAfee has been VERY good about releasing them
by this time. However, there may arise circumstances that may delay their release such as
not passing QC and to add a new HOT infector in the release. It should also be noted that
DAT files may be released on any other day of the week at any time "IF" there is a HOT new
infector that is deemed MEDIUM or higher

the following is an EXAMPLE message on an emergency DAT release...

~ ~ ~ ~ ~ ~ ~ ~
The 4377 dat files have been released early due to the Medium On-Watch risk
assessment of W32/Bagle.af@mm.

The 4377 dat files have been posted to the initial NAI servers as of
05:26 GMT, on 07/16/2004. Please allow up to an hour from this posting
time for the dat files to be available on all download servers worldwide.

The various 4377 dat file packages can be found at
<<http://www.networkassociates.com/us/downloads/updates/>>.

McAfee Security Engine End-Of-Life (EOL) Program

IMPORTANT INFORMATION from AVERT and the McAfee Security Engine Development
Team

IS YOUR ENGINE UP-TO-DATE? - Anti-virus is only as good as its last update!

- Updating your DAT regularly files is essential and a MUST!
- Updating your scan engine is just as important and a MUST
- An old Engine WON'T catch some of today's threats
- Sometimes architectural changes to the way DAT files and scan
- engine work together make it critical for you to update your scan
- engine
- AVERT says it makes sense to have as part of your Security Policy
- Program an Engine Update process to take advantage of the latest
- technology and stay protected!

The Problem
Between 250 and 400 new detections are added to the DATs monthly by AVERT.
If you're not up-to-date, you are vulnerable to any one of them that gets
a foothold in the field (a.k.a. 'in the wild').

McAfee AVERT releases regular DAT files, ensuring that full protection is
added to all McAfee products. The DAT files contain the information
required to detect and remove threats - what to look for and where to look
for it.

However, today's threats are evolving almost on a daily basis. Software
providers continue to have operating systems and applications changes that
can change the way a program acts or works and a virus-scanning program may
not understand the changes.

The Solution
Taking this into account McAfee Security regularly updates its scan engine
used by ALL McAfee Security virus detection and removal products. The
engine understands all the different structures in which a virus could
lurk - EXE files, MS Office files, Linux files, etc. Occasionally these
changes require us to make significant architectural changes to the engine
as well as the DAT files.

AVERT strongly recommends users of ALL McAfee Security virus scanning
products update the scan engines in the products they have deployed as part
of a sound Security best practices program.

Here's how to check your engine version. Right-click on the McAfee shield
in the system tray, select 'About' and look at the 'Scan engine' version
number. If you need to update, you should update your scan engine
immediately.

The Engine End-Of-Life Program
Because of the evolving malicious code threat, users should update their
engines as soon as possible upon the release of McAfee Security's latest
scanning technology.

When a new engine is released the existing engine will begin its countdown
to its EOL, and will therefore no longer be supported by McAfee Security.

Information on the McAfee Security Engine End of Life policy and a full
list of supported scan engines and products can be found at:
http://www.nai.com/us/products/mcafee/end_of_life.htm

Best Regards,

McAfee AVERT - Anti Virus and Vulnerability Research, Analysis, and
Solutions visit us at www.avertlabs.com

You are currently subscribed to dat_notification as: #########@Verizon.Net
To unsubscribe send a blank email to
(e-mail address removed)

~ ~ ~ ~ ~ ~ ~ ~

EXTRA.DAT files are interim release files and are NOT included in the ZIP file, they are
included in an emergency release or the next DAT revision. The following is anEXAMPLE of an
EXTRA.DAT contents...

~ ~ ~ ~ ~ ~ ~ ~
116 178 158 176 77 51 207 210 110 88 201 220 98 65 160 242
87 101 163 212 104 93 87 178 0 204 142 87 12 51 38 191
34 51 143 178 14 81 226 199 14 113 194 231 121 204 140 199
242 55 15 177 12 51 56 150 242 50 142 179 7 12 201 252
67 103 216 224 72 126 200 185 70 122 193 255 89 123 223 246
76 119 135 225 72 114 201 250 95 112 193 252 74 62 15 182
13 51 141 178 13 39 64 177 10 51 195 32 10 50 205 179
13 51 233 18 10
7708 256 12473 334 BackDoor-AZV.gen

424 178 158 176 77 51 207 210 110 88 201 220 98 65 160 242
87 101 163 212 104 93 87 178 0 204 140 199 242 45 72 175
50 51 95 127 198 165 26 101 205 228 94 115 218 184 91 117
218 150 95 126 201 226 64 115 206 227 75 125 242 42 72 164
98 51 126 127 204 245 73 102 155 164 6 115 208 243 40 64
193 242 75 119 216 165 26 76 3 246 129 204 13 251 88 37
206 150 66 99 204 241 77 76 30 246 156 60 13 184 77 110
205 150 74 121 220 229 69 99 220 243 80 22 242 32 72 162
130 51 6 101 203 228 40 116 199 226 91 123 221 226 77 110
168 204 153 118 31 188 141 56 205 238 77 22 202 249 92 101
197 227 92 115 208 238 40 76 28 246 130 60 13 184 77 110
205 150 74 121 220 251 93 98 205 150 114 167 200 33 2 179
219 224 75 126 199 229 92 56 205 238 77 22 204 166 24 123
242 50 224 76 2 246 128 60 13 184 77 110 205 150 74 121
220 251 93 98 242 50 224 76 29 246 131 60 13 184 77 110
205 150 74 121 220 229 69 99 220 204 140 222 242 60 72 190
130 51 6 101 203 228 40 116 199 226 69 99 220 204 140 222
242 35 72 189 130 51 6 101 203 228 40 116 199 226 91 123
221 226 114 183 143 49 140 179 184 0 114 177 14 51 138 227
95 122 219 254 94 116 157 248 68 127 193 231 69 97 200 242
73 51 196 253 75 124 141 166 95 118 204 247 68 97 206 255
66 116 141 224 66 112 198 224 57 51 222 234 67 134 191 76
15 55 140 190 90 122 195 128 63 96 200 225 91 29 200 235
72 63 218 250 67 0 190 224 72 97 219 157 72 107 132 252
90 96 209 240 88 97 223 246 5 120 196 255 65 99 223 252
78 62 15 182 13 51 141 178 13 39 64 177 10 51 195 32
10 50 205 179 13 51 233 18 10
54313 256 12473 334 BackDoor-AZV.gen

116 178 158 176 77 51 207 210 110 88 201 220 98 65 160 242
87 101 163 212 104 93 87 178 0 204 142 87 12 51 38 191
34 51 143 178 14 81 226 199 14 113 194 231 121 204 140 199
242 55 15 177 12 51 56 150 242 50 142 179 7 12 201 252
67 103 216 224 72 126 200 185 70 122 193 255 89 123 223 246
76 119 135 225 72 114 201 250 95 112 193 252 74 62 15 182
13 51 141 178 13 39 64 177 10 51 195 32 10 50 205 179
13 51 233 18 10
7708 256 12473 334 BackDoor-AZV.gen
~ ~ ~ ~ ~ ~ ~ ~

If the EXTRA.DAT is in the same directory as the Command Line Scanner, it will automatically
be used.
Example output from HTML log...
"Using g:\EXTRA.DAT to scan for 3 additional virus(es)."

In the above case, "G:" has the Command Line Scanner and associated DAT files.

Unless you know the inner workings of the software, writinmg your own signature files is
highly contraindicated.

Hope the above helps....

Dave

| David wrote:
|
| > To run both the GUI and the Command Line scanner -
| > yes, all arerequired.
| >
| > To JUST run the Command Line Scanner you need... SCAN.EXE
| > SCANPM.EXE all DAT files.
| >
|
| The DLLs and MCTOOL.EXE are not need for ONLY command line scanning?
|
| I only use on demand command line scanners; AVP/KAV, F-Prot, Sophos.
| Since McAfee appears to be getting better at detection.
| I will evaluate its performance.
|
| What is the use of MCTOOL.EXE(Scanning support file)?
|
| > Finally, McAfee has an excellent listserver.
| >
|
| Re: <http://vil.nai.com/vil/join-DAT-list.asp>
|
| Every Wednesday AVERT posts the latest DATs to ensure your
| product contains the most up-to-date detection and repair.
| [...]
| As a subscriber to this service, you will receive an email
|
| Do you know if DATs are available at the same time each Wednesday?
|
| I ask because I want to script a download. I'll do by either time of
| day or by receipt email notification.
|
|
| [...]
|
| a security threat is discovered and AVERT assigns a risk
| assessment to the threat that is Medium or above, AVERT will
| post the DATs, and will notify you of the emergency DAT posting.
|
| Do you have an example of this emergency notification?
|
| When it is issued, does the dat-####.zip include the EXTRA.DAT?
| If I use the EXTRA.DAT must I use the /EXTRA switch or does the scanner
| engine pick it up by itself?
|
| Can I write my own DAT file, like Sophos PATTERN files,
| for undetected malware?
|
| Thank you for your time.
|
| --
| Regards,
| Guy

null · Aug 3, 2004

SCANPM.EXE works ok with just all the DAT files. SCAN.EXE requires all
the DAT files plus the three DLL files:

MCSCAN32.DLL
RWABS16.DLL
RWABS32.DLL

Do you know if DATs are available at the same time each Wednesday?

Normal DATs normally come out each Wednesday. However, sometimes they
will put out a new DAT at some other time based on emergency
situations. There are also daily Beta DATs available.

Can I write my own DAT file, like Sophos PATTERN files,
for undetected malware?

You can do this with Sophos???

Undetected malware is handled by the heuristic aspects of the scan
engine ... not by DAT files.

McAfee will send you a Extra DAT to take care of some new malware when
you submit the suspect file to them and they add detection.

Art
http://www.epix.net/~artnpeg

David H. Lipman · Aug 3, 2004

Art:

I believe we have discussed this before...

RWABS16.DLL
RWABS32.DLL

Are not required by the Command Line Scanner. I use it on "this" PC and neither DLL exist
on the PC at all.

You are most likely correct about MCSCAN32.DLL when running SCAN.DLL under a WinNT Command
Prompt but not in DOS.

Dave

| On Tue, 03 Aug 2004 16:37:26 -0500, Guy
|
| >David wrote:
| >
| >> To run both the GUI and the Command Line scanner -
| >> yes, all arerequired.
| >>
| >> To JUST run the Command Line Scanner you need... SCAN.EXE
| >> SCANPM.EXE all DAT files.
|
| SCANPM.EXE works ok with just all the DAT files. SCAN.EXE requires all
| the DAT files plus the three DLL files:
|
| MCSCAN32.DLL
| RWABS16.DLL
| RWABS32.DLL
|
| >Do you know if DATs are available at the same time each Wednesday?
|
| Normal DATs normally come out each Wednesday. However, sometimes they
| will put out a new DAT at some other time based on emergency
| situations. There are also daily Beta DATs available.
|
| >Can I write my own DAT file, like Sophos PATTERN files,
| >for undetected malware?
|
| You can do this with Sophos???
|
| Undetected malware is handled by the heuristic aspects of the scan
| engine ... not by DAT files.
|
| McAfee will send you a Extra DAT to take care of some new malware when
| you submit the suspect file to them and they add detection.
|
|
| Art
| http://www.epix.net/~artnpeg

null · Aug 3, 2004

Art:

I believe we have discussed this before...

RWABS16.DLL
RWABS32.DLL

Are not required by the Command Line Scanner. I use it on "this" PC and neither DLL exist
on the PC at all.

I know we've discussed it before. But I just tried it again. I put
scan.exe and just the dats in a temp folder. It complains, one by one,
until you have all three dll files I mentioned in the folder. Then it
scans ok.

I can't recall what the explanation eventually was concerning our
different experience with this. Seems there was some explanation

Lesee here. I have scan.exe 213,049 bytes dated 12-08-03

Art
http://www.epix.net/~artnpeg

David H. Lipman · Aug 4, 2004

I wonder if "Wrangler" is still around HE is someone who can answer this conundrum as I have
the same SCAN.EXE from the v320 ENGINE.

I am using Win2K SP4 for this test.

Maybe "PeaceKeeper" could also answer this query.

Dave

| On Tue, 03 Aug 2004 22:50:35 GMT, "David H. Lipman"
|
| >Art:
| >
| >I believe we have discussed this before...
| >
| >RWABS16.DLL
| >RWABS32.DLL
| >
| >Are not required by the Command Line Scanner. I use it on "this" PC and neither DLL
exist
| >on the PC at all.
|
| I know we've discussed it before. But I just tried it again. I put
| scan.exe and just the dats in a temp folder. It complains, one by one,
| until you have all three dll files I mentioned in the folder. Then it
| scans ok.
|
| I can't recall what the explanation eventually was concerning our
| different experience with this. Seems there was some explanation

Mal · Aug 4, 2004

David said:
Art:

I believe we have discussed this before...

RWABS16.DLL
RWABS32.DLL

Are not required by the Command Line Scanner. I use it on "this" PC and neither DLL exist
on the PC at all.

I thought they were extensions used for the GUI under both Win32 and
Win16... of course I might be incorrect.

The files I need:

clean.dat
License.dat
MCSCAN32.DLL
Messages.dat
names.dat
scan.dat
Scan.exe

Guy · Aug 4, 2004

Art said:
SCANPM.EXE works ok with just all the DAT files. SCAN.EXE requires
all the DAT files plus the three DLL files:

MCSCAN32.DLL
RWABS16.DLL
RWABS32.DLL

You can do this with Sophos???

Yes, when "Arnold" HackArmy came out last week(?) Sophos would not
detect so I wrote a PATTERN file to match it.

Contents SWEEP.PAT file:

Arnold_Virus BF04F4F655764B43 ; Backdoor.Hackarmy.gen

I opened the malware in a hex editor and found what appeared to be a
unique string. Sophos running with the pattern picked up the file with
no false positives. This is a good feature that allows screening of
those suspicious files during otherwise undetectable outbreaks.

McAfee will send you a Extra DAT to take care of some new malware
when you submit the suspect file to them and they add detection.

Thank you for the information, you have been helpful.

Guy · Aug 4, 2004

Dave said:
Guy:

As for the DATs on Wednesday. ...
by 4pm Eastern time and McAfee has been VERY good about
releasing them by this time.
...
EXTRA.DAT files are interim release files and are NOT included in
the ZIP file, they are included in an emergency release or the
next DAT revision.

That you, I'll know for what to look.

If the EXTRA.DAT is in the same directory as the Command Line
Scanner, it will automatically be used.

Good

The following is anEXAMPLE of an EXTRA.DAT
contents...

~ ~ ~ ~ ~ ~ ~ ~
116 178 158 176 77 51 207 210 110 88 201 220 98 65 160 242
87 101 163 212 104 93 87 178 0 204 142 87 12 51 38 191 ...
7708 256 12473 334 BackDoor-AZV.gen

These look somewhat like Sophos IDEs except they are decimal as opposed
to hexadecimal. The last line I do not understand, perhaps related to
the three week expiration of the extra.dat file.

Unless you know the inner workings of the software, writinmg your
own signature files is highly contraindicated.

Perhaps I will poke at it, I however heed your advise.

Hope the above helps....

Yes it does, thank you for your time and the information.

One more:

EXTRA.DAT files are accumulative if there should be multiple releases,
during a week prior to the weekly DAT.
There should be no need to concatenate?

null · Aug 4, 2004

I wonder if "Wrangler" is still around HE is someone who can answer this conundrum as I have
the same SCAN.EXE from the v320 ENGINE.

I don't have any GUI version installed. Maybe scan.exe finds some dlls
or supporting files in the PATH on your system which aren't
necessarily the same ones I find are required.

Art
http://www.epix.net/~artnpeg

David H. Lipman · Aug 4, 2004

Guy:

I am not sure what you are asking but I'll take a stab. Let's say that an EXTRA.DAT is
released and before the next regularly scheduled DAT release another EXTRA.DAT is released.
There can only be one EXTRA.DAT file in the ENGINE Directory. Since the file is ASCII, you
can concatenate the first EXTRA.DAT contents and the second EXTRA.DAT contents into one
EXTRA.DAT file.

for example...

EXTRA.DAT #1
68 178 136 180 77 51 216 130 241 55 108 188 13 51 179 76
11 241 137 188 13 51 141 79 9 55 157 179 13 13 114 181
207 55 114 178 13 51 113 183 59 35 141 179 51 204 139 113
9 204 138 179 13 207 137 231 29 51 141 141 242 53 79 183
242 204 114 178 10
5183 256 12473 334 U1

EXTRA.DAT #2
110 178 136 180 77 51 192 133 214 50 128 79 9 163 157 179
13 235 137 179 13 55 141 104 12 41 177 22 9 195 163 250
17 150 136 67 35 122 171 210 126 136 136 230 103 87 14 76
235 49 114 179 196 35 64 188 2 60 130 126 2 60 130 188
192 60 130 188 2 126 202 122 29 126 130 188 2 60 64 188
2 60 130 126 2 60 130 188 64 71 14 177 6 51 240 104
12 62 86 178 23 160 138 179 77 51 141 179 64 105 138
7583 256 12473 334 M6

Resultant EXTRA.DAT
68 178 136 180 77 51 216 130 241 55 108 188 13 51 179 76
11 241 137 188 13 51 141 79 9 55 157 179 13 13 114 181
207 55 114 178 13 51 113 183 59 35 141 179 51 204 139 113
9 204 138 179 13 207 137 231 29 51 141 141 242 53 79 183
242 204 114 178 10
5183 256 12473 334 U1

110 178 136 180 77 51 192 133 214 50 128 79 9 163 157 179
13 235 137 179 13 55 141 104 12 41 177 22 9 195 163 250
17 150 136 67 35 122 171 210 126 136 136 230 103 87 14 76
235 49 114 179 196 35 64 188 2 60 130 126 2 60 130 188
192 60 130 188 2 126 202 122 29 126 130 188 2 60 64 188
2 60 130 126 2 60 130 188 64 71 14 177 6 51 240 104
12 62 86 178 23 160 138 179 77 51 141 179 64 105 138
7583 256 12473 334 M6

When the NEXT DAT revision is released, is should contain the signatures that were in the
EXTRA.DAT files released.

McAfee also uses SuperDAT technology with EXTRA.DAT files. Therefore an executable may be
released that will automatically install an EXTRA.DAT file into the ENGINE Directory.
However, subsequent SuperDAT EXTRA.DAT files will overwrite the previous EXTRA.DAT file.

So I think I should majke the statement "the reguarly scheduled DAT releases" are
accumulative. This Wed's v4383 DAT revision will have all the signatures of DAT v4382
plus any EXTRA.DAT files created between v4382 and v4383.

Also, as Art Kopp noted, if you find a file that McAfee does not indicate to be infected and
you submit it to AVERT Web Immune (https://www.webimmune.net/default.asp) McAfee will create
a new EXTRA.DAT file specific to the new infector you found and will email that EXTRA.DAT
file to you.

Dave

| One more:
|
| EXTRA.DAT files are accumulative if there should be multiple releases,
| during a week prior to the weekly DAT.
| There should be no need to concatenate?
|
|
| > Dave
| >
|
|
| --
| Regards,
| Guy

Peacekeeper · Aug 4, 2004

David I will find out if you want,

Peace

Guy said:
Yes, when "Arnold" HackArmy came out last week(?) Sophos would not
detect so I wrote a PATTERN file to match it.

Contents SWEEP.PAT file:

Arnold_Virus BF04F4F655764B43 ; Backdoor.Hackarmy.gen

I opened the malware in a hex editor and found what appeared to be a
unique string. Sophos running with the pattern picked up the file with
no false positives. This is a good feature that allows screening of
those suspicious files during otherwise undetectable outbreaks.

Thank you for the information, you have been helpful.

David H. Lipman · Aug 4, 2004

Peacekeeper · Aug 4, 2004

I only scan irregularly here as too occupied in the mcafeehelp.com forums.

I will get back with our techs thoughts tomorrow

Peace(aussie)

Guy · Aug 4, 2004

David said:
Let's say that an EXTRA.DAT is released and before the next
regularly scheduled DAT release another EXTRA.DAT is released.
There can only be one EXTRA.DAT file in the ENGINE Directory.
Since the file is ASCII, you can concatenate the first EXTRA.DAT
contents and the second EXTRA.DAT contents into one EXTRA.DAT file.

Other words...

On a Thursday there is a new threat and NAI releases a EXTRA.DAT, one
day later on Friday a new threat and another EXTRA.DAT is released.

Friday's EXTRA.DAT does not include the signture(s) from Thursday's?

I must "Cat" all the EXTRA.DATs until the next DAT-####?

Thanks again.

David H. Lipman · Aug 4, 2004

Yes.

Note that McAfee may also distribute an emergency DAT release that will be based upon
standard DATs and not EXTRA.DAT and therefore will be cumulative.

Based upon this discussion...
Wed. released DAT v4383, New HOT infector, Thurs. may be released DAT v4384 and for another
new HOT infector Friday DAT v4385.

Dave

| David H. Lipman wrote:
|
| > Let's say that an EXTRA.DAT is released and before the next
| > regularly scheduled DAT release another EXTRA.DAT is released.
| > There can only be one EXTRA.DAT file in the ENGINE Directory.
| > Since the file is ASCII, you can concatenate the first EXTRA.DAT
| > contents and the second EXTRA.DAT contents into one EXTRA.DAT file.
| >
|
| Other words...
|
| On a Thursday there is a new threat and NAI releases a EXTRA.DAT, one
| day later on Friday a new threat and another EXTRA.DAT is released.
|
| Friday's EXTRA.DAT does not include the signture(s) from Thursday's?
|
| I must "Cat" all the EXTRA.DATs until the next DAT-####?
|
| Thanks again.
|
| --
| Regards,
| Guy

McAfee VirusScan Command Line Q's

Guy

Janne Aro

David H. Lipman

Guy

Guy

David H. Lipman

null

David H. Lipman

null

David H. Lipman

Mal

Guy

Guy

null

David H. Lipman

Peacekeeper

David H. Lipman

Peacekeeper

Guy

David H. Lipman