      Release Notes for McAfee(R) VirusScan (R)
                  Version 4.5.1 SP1
                      Patch 48
 Copyright (C) 2004 Networks Associates Technology,
                        Inc.
                 All Rights Reserved


==========================================================

Patch Release:    	Tuesday 16 March, 2004

This release was developed and tested with:

- VirusScan:           	4.5.1 SP1
- DAT Version:         	4.0.4333, March 3 2004
- Engine Version:      	4.3.20

Make sure you have installed these versions before
using this release.

==========================================================


Thank you for using VirusScan (R) software. This
file contains important information regarding this
release. We strongly recommend that you read the
entire document.

The attached files are provided as is, and with no
warranty either expressed or implied as to their
suitability for any particular use or purpose.
Network Associates, Inc. assumes no liability for
damages incurred either directly or indirectly as a
result of the use of these files, including but not
limited to the loss or damage of data or systems,
loss of business or revenue, or incidental damages
arising from their use. Patch files should be
applied only on the advice of McAfee Security
Technical Support, and only when you are actually
experiencing the issue being addressed by the Patch.
Patch files should not be proactively applied in
order to prevent potential product issues. You are
responsible for reading and following all
instructions for preparation, configuration, and
installation of Patch files. Patch files are not a
substitute or replacement for product Service Packs
which may be released by Network Associates, Inc. It
is a violation of your software license agreement to
distribute or share these files with any other
person or entity without written permission from
Network Associates, Inc. Further, posting of McAfee
Security Patch files to publicly available Internet
sites is prohibited. Network Associates, Inc.
reserves the right to refuse distribution of Patch
files to any company or person guilty of unlawful
distribution of McAfee software products. Questions
or issues with McAfee Patch files should be directed
to McAfee Security Technical Support.


__________________________________________________________
WHAT'S IN THIS FILE

-   About This Release
   -   Purpose
   -   Resolved Issues
       -   Registry Issues
       -   Other Issues
       -   Scheduler Issues
   -   Files Included with This Release
-   Installation
   -   Installation Requirements
   -   Installation Steps
   -   Testing Your Installation
-   Contacting McAfee Security and Network
    Associates
-   Copyright, Trademark Attributions & Patents
   -   Trademarks
   -   License Agreement and Attributions


IMPORTANT NOTE

    You must have installed Service Pack 1 for
    McAfee VirusScan 4.5.1 software before you
    install this release. You can download the
    Service Pack from the McAfee Security web site
    at:

       https://secure.nai.com/us/forms/downloads/upgrades/login.asp


    You will need to supply your customer grant
    number or user name and password to access this
    site.


__________________________________________________________
ABOUT THIS RELEASE


PURPOSE

This release includes new version of files
AVCONSOL.EXE, AVSYNMGR.EXE, CFGCOM32.DLL,
MCUPDATE.EXE, SCAN32.EXE, SCANEMAL.DLL,
SYNCUTIL.DLL, VSHWIN32.EXE, VSSTAT.EXE, VSUTIL.DLL,
WBHOOK32.DLL, and WEBSCANX.EXE, to resolve the
issues listed below.


RESOLVED ISSUES


REGISTRY ISSUES

1.  ISSUE:
    Some computers may exhibit symptoms of a scan
    task being invalid due to partial data or
    missing data in the registry. For example, a
    scan task of "C:\|1" may have become "C" or " "
    in the registry, which displays an error, "The
    item <C> to scan is invalid" or "The item < > to
    scan is invalid" respectively. This can occur
    when a slow shutdown process terminates
    AVSYNMGR.EXE prematurely, before it has finished
    updating the registry.

    RESOLUTION:
    AVSYNMGR.EXE is now allowed more time to
    complete writing data to the registry.
    SYNCUTIL.DLL now validates string entries before
    they are written to the registry.
    Invalid values are automatically corrected to
    the scan item "All Fixed Disks."

2.  ISSUE:
    AVSYNMGR.EXE and AVCONSOL.EXE make redundant
    writes to the registry that may overlap, when
    being processed on some computers. This could
    lead to a damaged registry structure, usually
    seen as a "Stop 1E" or "Stop 135" message, on
    Windows NT 4.0 Service Pack 6.

    RESOLUTION:
    AVSYNMGR.EXE and AVCONSOL.EXE have now been
    synchronized, and do not make redundant writes
    to the registry.

       NOTE:
       This issue can only be prevented. If the
       registry integrity has already failed, you
       may need to rebuild the affected computer.
       There are, however, tools that can boot a
       system and edit the registry to repair it;
       see Primus Article NAI28801 for more
       information.

3.  ISSUE:
    Systems with more than one shell statement
    (found at [HKLM\Software\Microsoft\Windows
    NT\CurrentVersion\Winlogon]) separated by a
    comma (,), or a shell statement containing a
    comma, could cause VirusScan to become unstable
    if left in a logged-off state. The VShield icon
    may be missing after logging on, or Microsoft
    Outlook may fail to open correctly.

    RESOLUTION:
    This Patch provides accommodation for varying
    shell values.


OTHER ISSUES

1.  ISSUE:
    The on demand scanner user interface displays
    that a file was deleted when an infected Worm or
    Trojan is found inside an archive file. No
    action had been taken.

    RESOLUTION:
    The on demand scanner user interface will
    display the action taken upon infected Worms or
    Trojans found inside an archive file
    accurately.

       NOTE:
       The action to take upon an infected file is
       dictated by the DAT files. For some
       infections the "Clean" action is to delete
       the infected file. These will display as
       deleted in the user interface.

2.  ISSUE:
    On Windows 98 a scan of "All fixed disks" or "My
    Computer" when there is no floppy disk in the
    drive would lead to scanning the HDD twice, once
    as "\" plus subfolders and again as "C:\" plus
    subfolders. When an infected file was found
    during the first pass of "\" there would be no
    action taken.

    RESOLUTION:
    The HDD will only be scanned once with the
    correct drive letter "C:\" and subfolders.

3.  ISSUE:
    A scan invoked via the command line with the
    switch /EXT fails to scan files of only the
    specified extension.

    RESOLUTION:
    The /EXT switch will cause the scanner to only
    scan files that match the specified extension.

       NOTE:
       The /NOALL switch is needed to be used in
       conjunction with the /EXT switch. The
       extensions specified with this switch must be
       uppercase.


4.  ISSUE:
    A hotkey could be used to enable or disable
    System Scan even when the property setting
    "System Scan can be disabled" has been
    disabled.

    RESOLUTION:
    When the property setting "System Scan can be
    disabled" has been disabled, the hotkey to
    enable or disable System Scan is ignored.

5.  ISSUE:
    Heightened awareness of security issues lead to
    a code review for possible security risks. An
    exploit, where a user could execute a program
    with system account privileges, was identified.
    This exploit cannot be taken advantage of when
    VirusScan is installed with the "Maximum"
    security setting.

    RESOLUTION:
    By modifying the syntax for a small section of
    code, this potential exploit is removed. This
    does not affect any functionality of they
    product.

6.  ISSUE:
    During an AutoUpdate task, the update fails and
    logs the error message "Cannot stop the
    On-Access Scanner. The .DAT Update cannot
    continue because the old .DAT files cannot be
    replaced."

    RESOLUTION:
    This Patch replaces the files WEBSCANX.EXE,
    SCANEMAL.DLL and VSSTAT.EXE to prevent the
    AutoUpdate task from failing.

7.  ISSUE:
    When running an on-demand scan on a Danish
    operating system, the scan fails.

    RESOLUTION:
    This Patch replaces the file SCAN32.EXE to
    correctly perform an on-demand scan on a Danish
    operating system.

8.  ISSUE:
    On Windows XP, the Windows taskbar disappears
    when VirusScan is enabled and the Windows
    taskbar is unlocked.

    RESOLUTION:
    VSSTAT.EXE now waits an extra half-second before
    displaying the taskbar icon, to avoid this
    issue.

       NOTE:
       This issue is also resolved in Windows XP
       Professional Service Pack 1.

9.  ISSUE:
    If you have configured AutoUpgrade for VirusScan
    using McAfee ePolicy Orchestrator, and you
    attempt to edit that task from the VirusScan
    console, a forward slash (/) is placed in front
    of the Domain/User information on the client.

    RESOLUTION:
    MCUPDATE.EXE no longer places a forward slash
    (/) in front of the Domain/User information on
    the client.


SCHEDULER ISSUES

1.  ISSUE:
    When the ePolicy Orchestrator Agent enforced
    policy, AVCONSOL.EXE replaced the current value
    of "dwLastExecEx" used to persist the last time
    to run (in minutes) with an old value from the
    registry. The old value was written back to the
    registry and reloaded the next time AVCONSOL.EXE
    was launched. This value is used to determine
    which tasks are missed on startup; tasks that
    were missed more than once did not run.

    RESOLUTION:
    A scheduled task that has been missed more than
    once consecutively now runs on startup as
    expected.

2.  ISSUE:
    When booting a computer later than the base time
    of a randomized daily task, the scheduler might
    reschedule the task to run the next day instead
    of the same day.

    RESOLUTION:
    Rescheduled daily tasks now run that same day.

3.  ISSUE:

    On computers that boot slowly, VirusScan may
    fail to run a missed scheduled task on startup.

    RESOLUTION:
    AVCONSOL.EXE now reads a DWORD value
    "MissedTaskDelay" that can be added to the
    registry key:

       HKLM\SOFTWARE\Network Associates\TVD\VirusScan\AVConsol\ScanTasks

    The number you assign this value is the number
    of minutes to delay a missed task on startup.

4.  ISSUE:
    On systems running Microsoft Windows NT 4.0,
    Windows 2000, or Windows XP, after the system
    shuts down and displays the shutdown screen,
    scheduled scans are still launched.

    RESOLUTION:
    AVSYNMGR.EXE stops all VirusScan processes when
    the system is shut down.


FILES INCLUDED WITH THIS RELEASE

This Release consists of a package called
VSC45148.ZIP, which contains the following files:

    AVCONSOL.EXE =
       The VirusScan Console
    AVSYNMGR.EXE =
       Synchronization Service of VirusScan
    CFGCOM32.DLL =
       Supporting DLL
    MCUPDATE.EXE =
       AutoUpdate/AutoUpgrade executable
    SCAN32.EXE =
       On-Demand Scanner executable
    SCANEMAL.DLL =
       Exchange Scan Add-in
    SYNCUTIL.DLL =
       Common Support library
    VSHWIN32.EXE =
       Subsystem of the On-Access Scanner
    VSSTAT.EXE =
       System Tray executable

       Common Utilities files
    WBHOOK32.DLL =
       Support library for the On-Access Scanner
    WEBSCANX.EXE =
       Download Scan/Internet Filter executable
    PATCH48.TXT =
       This text file
    PACKING.LST =
       Packing list


__________________________________________________________
INSTALLATION


INSTALLATION REQUIREMENTS

To use this Patch, you must have VirusScan 4.5.1 SP1
software installed on the target.

    NOTE:
    This Patch does not work with earlier versions
    of VirusScan software.


INSTALLATION STEPS

1.  Extract the Patch files from VSC45148.ZIP to a
    temporary folder on your hard drive.

2.  Open the Windows Control Panel by selecting
    Start | Settings | Control Panel. Double-click
    the "VirusScan" Control Panel applet and click
    "Stop."

3.  Close the VirusScan Control Panel applet.

4.  Make a copy of the original AVCONSOL.EXE file,
    AVSYNMGR.EXE, CFGCOM32.DLL, SCANEMAL.DLL,
    SYNCUTIL.DLL, VSHWIN32.EXE, VSSTAT.EXE,
    VSUTIL.DLL, WBHOOK32.DLL, and WEBSCANX.EXE
    files, located at:

       C:\Program Files\Network Associates\VirusScan

    Also MCUPDATE.EXE, located at:

       C:\Program Files\Common Files\Network Associates\McUpdate

    Also SCAN32.EXE, located at:

       C:\Program Files\Common Files\Network Associates\On Demand Scanner\Scan32

    You can either rename the existing file with the
    .BAK extension, or move the files to a different
    location on your hard drive. This procedure is
    useful if you ever want to uninstall this Patch
    and restore the previous files.

5.  Copy the new files from the temporary folder you
    created in Step 1 to their respective folders
    specified in Step 4.

6.  Open the Windows Control Panel by selecting
    Start | Settings | Control Panel. Double-click
    the "VirusScan" Control Panel applet and click
    "Start."


TESTING YOUR INSTALLATION

You can test the operation of the software by
running the EICAR Standard AntiVirus Test File on
any computer where you have installed the software.
The EICAR Standard AntiVirus Test File is a combined
effort by anti-virus vendors throughout the world to
implement one standard by which customers can verify
their anti-virus installations.

To test your installation:

1.  Copy the following line into its own file, then
    save the file with the name EICAR.COM.

       X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    The file size will be 68 or 70 bytes.

2.  Start your anti-virus software and allow it to
    scan the directory that contains EICAR.COM.

    When your software scans this file, it will
    report finding the EICAR test file.

3.  Delete the file when you have finished testing
    your installation to avoid alarming unsuspecting
    users.

    IMPORTANT:
    Please note that this file is NOT A VIRUS.


For more information on the EICAR test file, visit:

       www.eicar.org.


__________________________________________________________
CONTACTING MCAFEE SECURITY & NETWORK ASSOCIATES

Technical Support
    Home Page
       http://www.networkassociates.com/us/support/

    KnowledgeBase Search
       https://knowledgemap.nai.com/phpclient/homepage.aspx

    PrimeSupport Service Portal
       http://mysupport.nai.com

Login credentials required.


McAfee Security Beta Program
    Beta Web Site
       http://www.networkassociates.com/us/downloads/beta/

    E-mail
       avbeta@nai.com


Security Headquarters -- AVERT (Anti-Virus Emergency
Response Team)
    Home Page
       http://www.networkassociates.com/us/security/home.asp

    Virus Information Library
       http://vil.nai.com

    Submit a Virus Sample  AVERT WebImmune
       https://www.webimmune.net/default.asp

    AVERT DAT Notification Service
       http://vil.nai.com/vil/join-DAT-list.asp


Download Site
    Home Page
       http://www.networkassociates.com/us/downloads/

    DAT File and Engine Updates
       http://www.networkassociates.com/us/downloads/updates/

       ftp://ftp.nai.com/pub/antivirus/datfiles/4.x

    Product Upgrades
       https://secure.nai.com/us/forms/downloads/upgrades/login.asp

Valid grant number required.
Contact Network Associates Customer Service


Training
    McAfee Security University
       http://www.networkassociates.com/us/services/education/mcafee/university.htm



Network Associates Customer Service
    US, Canada, and Latin America toll-free:
   Phone:     +1-888-VIRUS NO or +1-888-847-8766
              Monday - Friday, 8 a.m. - 8 p.m.,
              Central Time

   E-mail:    services_corporate_division@nai.com
   Web:       http://www.nai.com/us/index.asp
              http://www.networkassociates.com/us/index.asp


For additional information on contacting Network
Associates and McAfee Security  including toll-free
numbers for other geographic areas - see the CONTACT
file that accompanied your original product
release.



__________________________________________________________
COPYRIGHT, TRADEMARK ATTRIBUTIONS & PATENTS

Copyright (C) 2004 Networks Associates Technology,
Inc. All Rights Reserved. No part of this
publication may be reproduced, transmitted,
transcribed, stored in a retrieval system, or
translated into any language in any form or by any
means without the written permission of Networks
Associates Technology, Inc., or its suppliers or
affiliate companies. To obtain this permission,
write to the attention of the Network Associates
legal department at:
5000 Headquarters Drive, Plano, Texas 75024, or call
+1-972- 963-8000.


TRADEMARKS

Active Firewall, Active Security, Active Security
(in Katakana), ActiveHelp, ActiveShield, AntiVirus
Anyware and design, Appera, AVERT, Bomb Shelter,
Certified Network Expert, Clean-Up, CleanUp Wizard,
ClickNet, CNX, CNX Certification Certified Network
Expert and design, Covert, Design (stylized N), Disk
Minder, Distributed Sniffer System, Distributed
Sniffer System (in Katakana), Dr Solomons, Dr
Solomons label, E and Design, Entercept, Enterprise
SecureCast, Enterprise SecureCast (in Katakana),
ePolicy Orchestrator, Event Orchestrator (in
Katakana), EZ SetUp, First Aid, ForceField, GMT,
GroupShield, GroupShield (in Katakana), Guard Dog,
HelpDesk, HelpDesk IQ, HomeGuard, Hunter, Impermia,
InfiniStream, Intrusion Prevention Through
Innovation, IntruShield, IntruVert Networks,
LANGuru, LANGuru (in Katakana), M and design, Magic
Solutions, Magic Solutions (in Katakana), Magic
University, MagicSpy, MagicTree, McAfee, McAfee (in
Katakana), McAfee and design, McAfee.com, MultiMedia
Cloaking, NA Network Associates, Net Tools, Net
Tools (in Katakana), NetAsyst, NetCrypto,
NetOctopus, NetScan, NetShield, NetStalker, Network
Associates, Network Performance Orchestrator,
NetXray, NotesGuard, nPO, Nuts & Bolts, Oil Change,
PC Medic, PCNotary, PortalShield, Powered by
SpamAssassin, PrimeSupport, Recoverkey, Recoverkey 
International, Registry Wizard, Remote Desktop,
ReportMagic, RingFence, Router PM, Safe & Sound,
SalesMagic, SecureCast, SecureSelect,
SecurityShield, Service Level Manager, ServiceMagic,
SmartDesk, Sniffer, Sniffer (in Hangul), SpamKiller,
SpamAssassin, Stalker, SupportMagic, ThreatScan,
TIS, TMEG, Total Network Security, Total Network
Visibility, Total Network Visibility (in Katakana),
Total Service Desk, Total Virus Defense, Trusted
Mail, UnInstaller, VIDS, Virex, Virus Forum,
ViruScan, VirusScan, WebScan, WebShield, WebShield
(in Katakana), WebSniffer, WebStalker, WebWall,
What's The State Of Your IDS?, Whos Watching Your
Network, WinGauge, Your E-Business Defender, ZAC
2000, Zip Manager are registered trademarks or
trademarks of Network Associates, Inc. and/or its
affiliates in the US and/or other countries.
Sniffer(R) brand products are made only by Network
Associates, Inc. All other registered and
unregistered trademarks herein are the sole property
of their respective owners.


LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE
LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU
PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND
CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF
YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE
ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED
LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT
ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE
RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A
BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE
AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED
THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF
THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL
THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE
PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF
PURCHASE FOR A FULL REFUND.


Attributions

This product includes or may include:

-   Software developed by the OpenSSL Project for
    use in the OpenSSL Toolkit
    (http://www.openssl.org/).

-   Cryptographic software written by Eric Young and
    software written by Tim J. Hudson.

-   Some software programs that are licensed (or
    sublicensed) to the user under the GNU General
    Public License (GPL) or other similar Free
    Software licenses which, among other rights,
    permit the user to copy, modify and redistribute
    certain programs, or portions thereof, and have
    access to the source code.  The GPL requires
    that for any software covered under the GPL
    which is distributed to someone in an executable
    binary format, that the source code also be made
    available to those users.  For any such software
    covered under the GPL, the source code is made
    available on this CD.  If any Free Software
    licenses require that Network Associates provide
    rights to use, copy or modify a software program
    that are broader than the rights granted in this
    agreement, then such rights shall take
    precedence over the rights and restrictions
    herein.

-   Software originally written by Henry Spencer,
    Copyright 1992, 1993, 1994, 1997 Henry Spencer.

-   Software originally written by Robert Nordier,
    Copyright (C) 1996-7 Robert Nordier. All rights
    reserved.

-   Software written by Douglas W. Sauder.

-   Software developed by the Apache Software
    Foundation (http://www.apache.org/).

-   International Components for Unicode ("ICU")
    Copyright (C) 1995-2002 International Business
    Machines Corporation and others. All rights
    reserved.

-   Software developed by CrystalClear Software,
    Inc., Copyright (C) 2000 CrystalClear Software,
    Inc.

-   FEAD(R) Optimizer(R) technology, Copyright
    Netopsystems AG, Berlin, Germany.

-   Outside In(R) Viewer Technology (C) 1992-2001
    Stellent Chicago, Inc. and/or Outside In(R) HTML
    Export, (C) 2001 Stellent Chicago, Inc.

-   Software copyrighted by Thai Open Source
    Software Center Ltd. and Clark Cooper, (C) 1998,
    1999, 2000.

-   Software copyrighted by Expat maintainers.

-   Software copyrighted by The Regents of the
    University of California, (C) 1989.

-   Software copyrighted by Gunnar Ritter.

-   Software copyrighted by Sun Microsystems(C),
    Inc.

-   Software copyrighted by Gisle Aas. All rights
    reserved, (C) 1995-2003.

-   Software copyrighted by Michael A. Chase, (C)
    1999-2000.

-   Software copyrighted by Neil Winton, (C)
    1995-1996.

-   Software copyrighted by RSA Data Security, Inc.,
    (C) 1990-1992.

-   Software copyrighted by Sean M. Burke, (C) 1999,
    2000.

-   Software copyrighted by Martijn Koster, (C)
    1995.

-   Software copyrighted by Brad Appleton, (C)
    1996-1999.

-   Software copyrighted by Michael G. Schwern, (C)
    2001.

-   Software copyrighted by Graham Barr, (C) 1998.

-   Software copyrighted by Larry Wall and Clark
    Cooper, (C) 1998-2000.

-   Software copyrighted by Frodo Looijaard, (C)
    1997.


