eTrust Antivirus Administrator Guide
Transcription
eTrust Antivirus Administrator Guide
e Trust Antivirus ® Administrator Guide r8 This documentation and related computer software program (hereinafter referred to as the "Documentation") is for the end user's informational purposes only and is subject to change or withdrawal by Computer Associates International, Inc. ("CA") at any time. This documentation may not be copied, transferred, reproduced, disclosed or duplicated, in whole or in part, without the prior written consent of CA. This documentation is proprietary information of CA and protected by the copyright laws of the United States and international treaties. Notwithstanding the foregoing, licensed users may print a reasonable number of copies of this documentation for their own internal use, provided that all CA copyright notices and legends are affixed to each reproduced copy. Only authorized employees, consultants, or agents of the user who are bound by the confidentiality provisions of the license for the software are permitted to have access to such copies. This right to print copies is limited to the period during which the license for the product remains in full force and effect. Should the license terminate for any reason, it shall be the user's responsibility to return to CA the reproduced copies or to certify to CA that same have been destroyed. To the extent permitted by applicable law, CA provides this documentation "as is" without warranty of any kind, including without limitation, any implied warranties of merchantability, fitness for a particular purpose or noninfringement. In no event will CA be liable to the end user or any third party for any loss or damage, direct or indirect, from the use of this documentation, including without limitation, lost profits, business interruption, goodwill, or lost data, even if CA is expressly advised of such loss or damage. The use of any product referenced in this documentation and this documentation is governed by the end user's applicable license agreement. The manufacturer of this documentation is Computer Associates International, Inc. Provided with "Restricted Rights" as set forth in 48 C.F.R. Section 12.212, 48 C.F.R. Sections 52.227-19(c)(1) and (2) or DFARS Section 252.227-7013(c)(1)(ii) or applicable successor provisions. © 2005 Computer Associates International, Inc. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. Contents Chapter 1: Introduction 9 Product Components ........................................................................................................... 10 Available Methods of Protection ............................................................................................. 13 How eTrust Antivirus Protects Against Viruses ......................................................................... 14 Suggestions for Staying Infection-Free ................................................................................... 15 Content Updates ................................................................................................................. 15 Signature Files .............................................................................................................. 16 Availability of Signature File Updates ................................................................................ 16 For More Information........................................................................................................... 17 Chapter 2: The eTrust Threat Management Console 19 Controlling Access to the eTrust Threat Management Console .................................................... 20 Navigating the eTrust Threat Management Console .................................................................. 20 Accessing CA Security Advisor ......................................................................................... 21 Getting Help ................................................................................................................. 22 Starting the eTrust Threat Management Console...................................................................... 23 Java Plug-in .................................................................................................................. 24 Enable Active Content in Internet Explorer ........................................................................ 25 Enable Animations in Internet Explorer ............................................................................. 26 Add a Trusted Site to Internet Explorer ............................................................................. 27 Set Session Time-out Value............................................................................................. 28 Chapter 3: Understanding the Dashboard 29 Using the Dashboard Tab ..................................................................................................... 29 Top 10 Detections.......................................................................................................... 29 License Information (Dashboard tab)................................................................................ 30 Product Information ....................................................................................................... 30 Restarting the Threat Management Server ........................................................................ 30 Chapter 4: Discovering Subnets 31 How Discovery Works .......................................................................................................... 31 Default Organization for Subnet Discovery .............................................................................. 32 Changing Default Organization After Installation ................................................................ 32 Discovering Computers Outside Local Subnet .......................................................................... 33 Using the Discovery Tab....................................................................................................... 34 Contents iii Specifying Subnet Information......................................................................................... 35 Specifying Discovery Configuration................................................................................... 35 Viewing Discovered Computers ........................................................................................ 35 Locating a Computer on a Subnet .................................................................................... 36 Adding a Computer to a Branch ....................................................................................... 36 Modifying Subnets ......................................................................................................... 36 Deleting Subnets ........................................................................................................... 36 Chapter 5: Organizing Your Security Network 37 Organization Tree ............................................................................................................... 37 Managing Branches........................................................................................................ 37 Adding a Computer to a Branch ....................................................................................... 38 Using the Organization Tab................................................................................................... 38 Creating Branches ......................................................................................................... 39 Viewing Client Information .............................................................................................. 40 Working with Branch Properties ....................................................................................... 40 Using Policy Proxy Servers .............................................................................................. 41 Chapter 6: Managing Policies 43 Policy Enforcement.............................................................................................................. 43 Policy Locking..................................................................................................................... 44 Policy Precedence................................................................................................................ 44 eTrust Antivirus Policy Types ................................................................................................ 45 Realtime Monitor Policy .................................................................................................. 46 Scheduled Jobs Policy..................................................................................................... 52 Legacy Signature Distribution Policy ................................................................................. 55 Send for Analysis Policy .................................................................................................. 56 Email Policies ................................................................................................................ 57 Common Policy Types .......................................................................................................... 60 Alert Subtabs ................................................................................................................ 60 Content Updates Policy................................................................................................... 61 Phone Home Policy ........................................................................................................ 65 Using the Policy Management Tab ......................................................................................... 66 Creating Policies ............................................................................................................ 66 Assigning Policies .......................................................................................................... 66 Viewing Assigned Policies................................................................................................ 67 Viewing Scheduled Job Policy Logs ................................................................................... 67 Chapter 7: Working with Clients 69 Managing Individual Computers ............................................................................................ 69 iv Administrator Guide Using the Clients Tab........................................................................................................... 70 Assigning a Computer to a Branch.................................................................................... 70 Assigning Policies to a Computer...................................................................................... 70 Managing Services ......................................................................................................... 71 Viewing Logs................................................................................................................. 72 Purging Logs ................................................................................................................. 74 Chapter 8: Managing User Access 75 Threat Management Server Access Considerations ................................................................... 76 Operating System Administrator Account .......................................................................... 77 Threat Management Server Installer Account..................................................................... 77 Authorized Administrator Accounts ................................................................................... 78 Guest Accounts ............................................................................................................. 79 Types of Access .................................................................................................................. 79 User Rights Characteristics.............................................................................................. 80 Access Example for Different Accounts.............................................................................. 81 Using the User Management Tab ........................................................................................... 81 Chapter 9: Generating and Viewing Reports 83 Reports ............................................................................................................................. 83 Discovery Statistics Reports ............................................................................................ 84 Managed Machine Reports .............................................................................................. 85 Scheduled Job Reports ................................................................................................... 86 Top 10 Reports ............................................................................................................. 86 Categorized Reports....................................................................................................... 87 Mail Option Reports........................................................................................................ 88 Forwarding Log Information.................................................................................................. 89 Using the Reports Tab ......................................................................................................... 90 Chapter 10: Managing Licenses 91 How Licensing Works ........................................................................................................... 91 Using the Licensing Tab ....................................................................................................... 92 Checking Product Usage ................................................................................................. 92 Chapter 11: Using the Alert Manager 93 Alert Features..................................................................................................................... 93 Basic Components............................................................................................................... 93 Alert Forwarding Policy ........................................................................................................ 94 Alert Manager..................................................................................................................... 96 Contents v Sending Alert Emails ........................................................................................................... 97 Sending Alerts to Unicenter and eTrust Security Command Center ............................................. 97 Running the Alert Manager ................................................................................................... 98 Alert Manager Tree.............................................................................................................. 98 Configuring Communication Ports .................................................................................... 99 Configuring Alert Settings ............................................................................................... 99 Local Alert Manager for UNIX and OS X Systems.....................................................................103 Appendix A: Using the Command Line Scanner Inocmd32 105 Scanner Options for Inocmd32 .............................................................................................106 Appendix B: Creating Custom Reports 111 Set Up the ODBC Data Source .............................................................................................113 Install the InfoReports Interface...........................................................................................116 Name Server Database .......................................................................................................117 Database Structure .......................................................................................................119 Appendix C: Integrating with Unicenter NSM 131 Preparing for Unicenter NSM Integration................................................................................131 Using TRIX to Import to the Repository............................................................................132 Using InoUpTNG to Populate the View..............................................................................133 Managing Antivirus Options in WorldView ..............................................................................133 Integrating with WorldView ............................................................................................134 Remote Scan View .............................................................................................................135 Appendix D: Managing NetApp 137 Managing the Scanner ........................................................................................................137 Add Another Filer to a Scanner .......................................................................................138 View Scanner Statistics .................................................................................................140 Managing Custom Move and Copy Directories ...................................................................140 View the Virus Detection Log ..........................................................................................142 Manage the Scanner Remotely .......................................................................................142 Managing the Filer..............................................................................................................142 Enable and Disable Virus Scanning ..................................................................................142 Specify File Extensions to Scan Using vscan......................................................................143 Specifying Shares to Scan Using CIFS..............................................................................144 Appendix E: Using the ETRUSTAV Console Program 147 ETRUSTAV Menu ................................................................................................................148 vi Administrator Guide Appendix F: Messages and Codes 153 Messages..........................................................................................................................153 Appendix G: Computer Viruses 157 Computer Infection Symptoms.............................................................................................158 Effects of a Computer Infection ............................................................................................159 Characteristics of Viruses ....................................................................................................159 Computer Virus Terms ........................................................................................................160 Appendix H: Acknowledgements 165 Apache Tomcat ..................................................................................................................166 CURL................................................................................................................................168 gSOAP..............................................................................................................................169 JRE ..................................................................................................................................181 HP JRE 1.4.2.08.................................................................................................................190 IBM Developer Kit for Linux .................................................................................................195 Jakarta .............................................................................................................................214 Open SSL .........................................................................................................................216 PCRE................................................................................................................................220 Struts...............................................................................................................................222 Sun JDK ...........................................................................................................................224 Third Party Licenses Related to JDK.................................................................................232 Sun JRE 1.5 ......................................................................................................................237 Sun JRE............................................................................................................................241 XERCES ............................................................................................................................242 XMLSEC............................................................................................................................247 zlib ..................................................................................................................................251 Index 253 Contents vii Chapter 1: Introduction The eTrust Antivirus software is a powerful antivirus solution for your enterprise network or your individual workstation. It protects workstations running Windows, UNIX/Linux, Macintosh OS X, and NetWare. At the time of this writing, eTrust Antivirus is certified by the International Computer Security Association (ICSA) to detect 100 percent of viruses in the wild. Introduction 9 Product Components Product Components eTrust Antivirus includes a set of components that provide maximum protection for your computing environment, whether it is a single computer or a large-scale enterprise. The main components are as follows: Threat Management Server The software that tracks all instances of eTrust Antivirus running in your network. The server is installed on any computer you want to use as a Threat Management Server. Once installed, authorized users can perform remote management functions based upon the automated discovery information using the eTrust Threat Management Console. Threat Agent The software that enables scanning on the local computer. The agent is installed on all desktops and servers in your security network. The agent includes a realtime scanner to scan files as they pass through the device and a local scanner for on-demand scanning. You can initiate scans, download updates, and review logs stored locally on the computer. Agents are available for most operating systems and can be centrally managed from the eTrust Threat Management Console. With the exception of NetWare platform, they can also be managed locally using the eTrust Threat Management Agent interface. The Threat Agent on NetWare is managed using a console application called ETRUSTAV or centrally using the eTrust Threat Management Console. eTrust Threat Management Console A Java-based interface that runs on the computer hosting the Threat Management Server. Security administrators can use the console to manage all computers discovered by the Threat Management Server remotely, propagate configurations, and set and enforce security policy. The administrator can create and apply various policies to ensure the following: Clients have the proper protection against malicious code Distribution of virus signature updates occurs in a timely manner Alerts are defined and handled properly Remote client scans provide a backup for the realtime scanning process Using the eTrust Threat Management Console, an authorized administrator can manage the organization of all computers in the network that are running instances of eTrust Antivirus using an organizational structure similar to a directory tree, the Organization tree. eTrust Threat Management Agent interface A web-based interface that lets end-users scan their local computers for viruses and apply the latest signature and product updates to them. 10 Administrator Guide Product Components Realtime Monitor An automatic, intercept driven scanner that checks a local computer for virus infections each time a file is executed, accessed, or opened. You can configure realtime monitoring to detect known and suspect infections, and the action to be taken when an infection is detected. Administrators can propagate realtime settings throughout the network, and enforce policy for this option. If an infected file is found, the policy-defined action is taken and an alert message is sent, displaying the name of the infected file and the virus. Local Scanner A scanner that checks a local computer for virus infections at the user's request. Using the eTrust Threat Management Agent interface, scans can be manually initiated or scheduled to run at a specific date and time or at repeated intervals. Note: An authorized administrator can schedule scans to automate scanning on both remote and local computers. Heuristic Scanner A scanning method that uses heuristic analysis, an artificial intelligence technique used to scan files for viruses whose signatures have not yet been isolated and documented. Rather than use a fixed algorithm to scan for specific virus signatures, heuristic analysis uses alternative methods to detect virus-like patterns of behavior. Note: To avoid overhead and an increased false detection rate, you should not use the heuristic scanner for realtime scanning. It is usually used only for local and scheduled scans. Furthermore, it is best to use heuristics only when doing a reviewer scan (safety level), as running it is resource intensive and may result in degraded performance. Shell Scanner A scanner that integrates with your Microsoft Windows operating system so you can conveniently right-click on any item on the desktop or in Windows Explorer and run a scan. Alert Manager A feature that lets you send messages from eTrust Antivirus and other Computer Associates products to individuals in your organization, using different methods of communication. There are two basic components to the Alert Manager: the Alert Manager service, which is responsible for the reception, processing, and distribution of Alert messages, and the Alert Manager interface, where you configure how Alert should send its messages. Introduction 11 Product Components Note: The Alert Manager is not available in any form on NetWare. On UNIX- or Macintosh OS X-based systems, the Alert Manager is also unavailable. However, through user-defined scripts and syslog, an equivalent level of notification flexibility can be achieved on these platforms, making it possible to forward alerts to the Alert Manager running on Windows. From that point all alert handling features of the Alert Manager can be used to process the event. CA-InfoReports A reporting tool that allows access into various areas of the eTrust Antivirus database. To enable the reporting tool, an ODBC connection to the Threat Management Server must be created. Additional standard reports on virus activity and antivirus-protected computers are provided out-of-the-box on the Reports tab of the eTrust Threat Management Console. Remote Install Utility A utility that enables automated remote client installations. It provides a graphical user interface that you can use to deploy the product to Microsoft Windows computers throughout the enterprise. Note: For non-Windows platforms, different methods are provided for performing remote installation. For example, on NetWare, the standard installation program serves as a remote installation tool and, on Macintosh OS X, a customizable script lets you perform remote installation. Installation Configuration File (ICF) A file you use to configure initial policy settings during the installation process before the eTrust Threat Management Console is available. This file also contains additional configuration settings that you cannot specify in the eTrust Threat Management Console. As there is no Local Scanner policy, you must specify any changes you want to make to the local scanner settings in the ICF file prior to installation. The ICF file defines the options for the various available modules. You can modify the ICF file using a text editor or, on Microsoft Windows, the Remote Install Utility interface. If available, it is easier to navigate and modify settings using the Remote Install Utility interface. Additional Utilities and Programs A set of task-specific utilities and programs, such as SETUP.EXE (a setup program for updating Windows 9.x computers through a login script when users log into a domain), Inocmd32 (a Command Line Scanner interface for use with all operating systems), Inocucmd (a Command Line Scanner only for use with the Rescue Disk feature for Windows 95/98), Examine (a utility to recover for operating systems Windows 95/98), and ETRUSTAV (a NetWare program to control many Threat Agent operations from a NetWare server console). 12 Administrator Guide Available Methods of Protection Available Methods of Protection eTrust Antivirus provides several scanning methods to protect your network from all types of infections. The following types of scans are supported: Realtime Monitor Scan Checks for viruses are performed automatically, each time a file is executed, accessed, or opened. You can create Realtime Monitor policies using the eTrust Threat Management Console to enforce settings for realtime scanning on client computers. Scheduled Scan Performs scans at a specific time or interval. You can create Scheduled Jobs policies using the eTrust Threat Management Console to enforce settings for scheduled scans on client computers. Command Line Scan Performs scans from the command line. Scan results are displayed on the screen during the course of the scan. Manual Scan Lets end-users initiate interactive scans on their local computer using the eTrust Threat Management Agent interface. Introduction 13 How eTrust Antivirus Protects Against Viruses How eTrust Antivirus Protects Against Viruses The eTrust Antivirus Realtime Monitor runs in the background and automatically examines files as they are accessed. Virus scans can run manually or be scheduled to run automatically. In addition, you can scan initiate manual virus scan, or schedule them to run automatically. Regardless of the method you use to initiate a scan, eTrust Antivirus uses the following techniques to detect computer viruses: Integrity Check Examines the program’s file size to see if it has increased, which may be indicative of a virus. This method is used primarily to check the integrity of the Critical Disk Area information. Rules-based Polymorphic Detection Observes the actions of programs, such as call functions, to detect suspicious program behavior. Polymorphic viruses disguise themselves with each infection in an attempt to defeat antivirus scanners, but rulesbased polymorphic detection can expose these kinds of viruses. Interrupt Monitoring Monitors all program system calls in an attempt to detect and thwart the sequence of system calls indicative of virus activity. Signature Scanning Looks for a unique pattern, determined by the Computer Associates Threat Research Team, that serves as a sign that a given virus is present. With the knowledge of what to look for and where to look for it, eTrust Antivirus automatically locates and deals with the virus. When eTrust Antivirus identifies a virus, you are given multiple options for how to deal with that virus, including deleting the associated file, renaming it, moving it to a quarantined area, or curing it. 14 Administrator Guide Suggestions for Staying Infection-Free Suggestions for Staying Infection-Free Here are some general suggestions to help keep your computer virus-free: Set all of your DLLs, executables, and other related files as read-only. This reduces the chance of executable files becoming infected. To protect critical files, such as those used in database applications, schedule a scan job to scan these files during off-peak hours. Scan floppy disks, CDs, and other removable media for viruses before you copy any files from them. Keep your environment current with the latest content updates. Manage your shared directories by setting access rights and permissions so that users have the appropriate level of authority for the directory, such as read-only, rather than full control. On Windows, UNIX, and OS X systems, if the Heuristic Scanner engine finds a file that you suspect is infected and you want to send it to Computer Associates for analysis, use the automated Send for Analysis feature. If handling the file manually, always rename it with an extension of AVB, and use a compression utility before sending the sample to Computer Associates. Content Updates Content updates contain the latest version of signature files, scan engines, and program updates, and are available for all supported versions and platforms. An important and differentiating capability of eTrust Antivirus is that no downtime or protection interruption is required to apply content updates. You can create a Content Update policy that automates the process of downloading updates and distributing them to computers throughout your network. The update process can operate transparently and not interfere or interrupt normal network activity. The eTrust Threat Management Console's Policy Management tab provides the necessary options and simplifies the process of creating a Content Update policy. A Content Update policy with enforced standards is one of the important factors to ensuring your network is protected from infection. For information on how updates work, see the Content Updates Policy (see page 61) section. Introduction 15 Content Updates Signature Files Keeping your signature files up to date is vital to protecting your network. Signature file updates enable eTrust Antivirus to recognize new viruses and provide protection agains them. The best way to keep signature files current is to create a Content Update policy with a regularly scheduled time and interval, so that your systems are automatically kept up-to-date. In addition, signature file updates may be manually downloaded from our Customer Support website at: http://www3.ca.com/support/vicdownload/ This website also provides information on newly detected viruses and other malicious software, and valuable information on protecting your environment. You can also find information on how to subscribe to our newsletter and receive alerts about new threats by e-mail. Note: For your protection, Computer Associates does not send out unsolicited executable files, nor use e-mail attachments as a standard method to distribute maintenance or product updates. However, Computer Associates does send out alerts that contain links that you can use to initiate the request for updates. This prevents the possibility of malicious code masquerading as an update from Computer Associates. Availability of Signature File Updates Regularly-scheduled signature updates are provided several times each week, typically on a daily basis. The Computer Associates research team makes updates available whenever significant threats appear in the wild. The updates provide the latest detection and protection capability. Note that while all virus infections can be detected, not all of the infections can be cured. Additional detection and protection information is made available on the CA Security Advisor website. As cures are discovered, they are added to the signature file updates. 16 Administrator Guide For More Information For More Information There are numerous resources for additional information. Your product media contains the following useful instructional documents that provide detailed explanations about the product’s comprehensive, feature-rich components: Readme File See this file for last-minute information about the product. The readme includes sections about operating system support, system requirements, installation, and known issues. Implementation Guide See this guide for detailed instructions about planning the roll-out of the product on your network. It provides complete installation and deployment instructions for all supported platforms. Administrator Guide See this guide for information relevant to the administration of the product. Online Help The help offers procedural information, field descriptions, and overview topics optimized for quick access and use. To access help, you can click the help icon from any page of the eTrust Threat Management Console. Most help topics also provide access to subject matter on related topics. Release Summary See the Release Summary for a list of new features and enhancements to existing features provided in the current release of the product. CA Security Advisor Web Site This website (http://www3.ca.com/securityadvisor) reports current security threats and tells you how to arm yourself against them. To view or download product documentation, go to the Computer Associates SupportConnect website (http://supportconnect.ca.com/). Introduction 17 Chapter 2: The eTrust Threat Management Console The eTrust Threat Management Console enables you to remotely manage all computers running eTrust Threat Management products on your network from a single console. With its web-based interface you can easily connect to any system hosting the Threat Management Server on your network and use it to manage client computers. As an authorized administrator, you can use the console to perform the following management functions: Discover and manage the configuration of eTrust Threat Management products running on computers in your network Create and enforce policies for virus and pest scanning Distribute scanning policies throughout your network Download and distribute product and signature file updates Configure distribution proxies to increase network traffic efficiency Grant other users permissions to use the eTrust Threat Management Console View logs of remote computers and scheduled scan jobs Schedule and view numerous reports that provide detailed information about the health of your network The eTrust Threat Management Console 19 Controlling Access to the eTrust Threat Management Console Controlling Access to the eTrust Threat Management Console You can control user access the eTrust Threat Management Console from the User Management tab. From here, you can view the current users, known as authorized administrators, that have access to the eTrust Threat Management Console. You can also add or remove authorized administrators, and add, edit, or remove a user's permissions. The eTrust Threat Management Console provides a wide range of permissions, from read-only access, to full control over your subnets, Organization tree, and policy assignment and management. Note: While these authorized administrators have special rights within the eTrust Threat Management Console, they do not acquire any special rights to the operating system or other applications. When adding a user and granting permissions to use the eTrust Threat Management Console, you can use any valid operating system account on the computer hosting the Threat Management Server. These accounts will retain their existing operating system permissions. Navigating the eTrust Threat Management Console Navigating the eTrust Threat Management Console is both simple and intuitive. Simply click a tab along the top of the page to access the different functional areas of the console. Each tab contains a group of subtabs that let you specify options for a particular task. The following table describes the purpose of each major tab: 20 Administrator Guide Tab Features and Options Dashboard Provides at-a-glance product status, license information, and Top 10 detections network-wide. From here, you can also manage the Threat Management Server. Discovery Lets you discover and manage subnets of the computers running eTrust Threat Management products on your network. Policy Management Provides access to all options and settings for creating, managing, and assigning policies throughout your network. Navigating the eTrust Threat Management Console Tab Features and Options Organization Lets you organize computers running eTrust Threat Management products into logical containers, or branches, in an Organization tree. You can then assign policies to the various branches of the tree. Client Provides access to properties, policies, and logs for a specific client computer. You can assign, modify, and remove policies; modify branch assignments, start or stop client services, and view and manage client logs. User Management Lets you grant users access to the eTrust Threat Management Console and assign the permissions you deem necessary. Report Displays a wide variety of reports and graphs for eTrust Threat Management products. Lets you schedule how frequently reports are generated. Licensing Provides detailed license information for your network, and allows you to enter or update license key and registration information. Accessing CA Security Advisor Clicking the Security Advisor link at the top of the console displays the Computer Associates Security Advisor website. This website provides up to the minute information on current and emerging security threats and is maintained by a network of Computer Associates rapid response centers from around the world. It delivers: The most comprehensive validated spyware, virus and vulnerability database in the industry Clean-up utilities, detection signature files, and remediation instructions Valuable documentation on implementing complete threat protection and Security Management Solutions Check this website frequently to find out about new and emerging threats. The eTrust Threat Management Console 21 Navigating the eTrust Threat Management Console Getting Help Click the help button at any time to get complete descriptions of the options for the currently active tab or subtab. All help topics contain links to related information that will assist you in performing tasks on a tab or subtab. The help button, displayed below, is located in the upper right corner of the console: 22 Administrator Guide Starting the eTrust Threat Management Console Starting the eTrust Threat Management Console You can open the eTrust Threat Management Console from the local computer hosting the Threat Management Server or from a remote computer using a web browser. To access the eTrust Threat Management Console follow these steps: 1. Choose one of the following: a. From the local computer hosting the Threat Management Server, click Start, Programs, Computer Associates, eTrust, eTrust ITM, eTrust ITM Console. Note: On OS X, choose /Applications/CA/eTrustITM and double click eTrust ITM Console. b. Open a web browser, enter the following URL in the address bar, and then click Go: https://[servername]:6688/AdminGUI/ where [servername] is the computer name or the IP address of the Threat Management Server. If you want to use an unencrypted connection over http (not recommended), use port 6689 instead. 2. When you try to open the eTrust Threat Management Console on a computer for the first time, you may see a Security Alert Dialog. Click View Certificate, then click Install Certificate and follow the wizard to avoid seeing the dialog in the future. 3. When the login dialog displays, enter the Username and Password of the local administrator in the appropriate fields and click Log in. Note: If you have to input a domain user, remember to add the domain name, a backslash (\), and then the user name. The eTrust Threat Management Console 23 Starting the eTrust Threat Management Console Note: You can obtain additional information for error codes using the Windows net helpmsg <msg id> command. The eTrust Threat Management Console appears: Java Plug-in If the eTrust Threat Management Console exhibits odd behavior or appearance when displayed, this is typically caused by a problem in the underlying Java plug-in that your web browser is using. Installing an updated Java plug-in is a simple way to correct this. Go to the Java Sun website (http://java.sun.com/products/plugin) to download the plug-in that you require. The eTrust Threat Management Console supports plug-in versions 1.4 or later. If you install a plug-in, then you should access the eTrust Threat Management Console using http://[nodename]:6688/ino/inoplug.html, instead of the URL specified in Open the Management Console for the Threat Management Server. 24 Administrator Guide Starting the eTrust Threat Management Console Enable Active Content in Internet Explorer To view graphs, reports, or use the active content provided in the eTrust Threat Management Console or its locally-stored help systems on Windows, the active content option must be enabled for your web browser. To enable active content in Microsoft Internet Explorer, follow these steps: 1. Select Tools, Internet Options. The Internet Options dialog appears. 2. Select the Advanced tab. 3. Select the Allow active content to run in files on My Computer check box, as shown below. 4. Click OK. You can now view all active content in the web-based interface, as well as the locally-stored help systems for Shell Scanner or Groupware Options. The eTrust Threat Management Console 25 Starting the eTrust Threat Management Console Enable Animations in Internet Explorer To view animations provided in the eTrust Threat Management Console or its locally-stored help systems on Windows, the animations option must be enabled for your web browser. To enable animations in Microsoft Internet Explorer, follow these steps: 1. Select Tools, Internet Options. The Internet Options dialog appears. 26 Administrator Guide 2. Select the Advanced tab. 3. Scroll down to the Multimedia section, then select the Play animations in web pages check box. 4. Click OK. Starting the eTrust Threat Management Console Add a Trusted Site to Internet Explorer When performing certain actions, such as adding a new download source for content updates, a Microsoft Internet Explorer security prompt may appear and ask you to add the new source to your list of trusted zones. If you receive this prompt and want to the add the source as a trusted site, follow these steps to add the site: 1. In the Internet Explorer window, select Tools, Internet Options. The Internet Options dialog appears. 2. Click the Security tab. 3. Select the Trusted sites content zone, and then click Sites. The eTrust Threat Management Console 27 Starting the eTrust Threat Management Console The Trusted sites dialog appears. 4. Enter the new download source in the Add this Web site to the zone field. For example, to add the default Computer Associates content update distribution site, enter the following: 5. Click Add, and then OK. For more information about trusted sites, see the Microsoft Internet Explorer documentation. Set Session Time-out Value The eTrust Threat Management Console session expires after 120 minutes. You can specify a different time-out value by editing the SessionTimeout parameter located in the following file: Drive:\Program Files\CA\SharedComponents\ThirdParty\Tomcat 5.5\webapps\AdminGUI\WEB-INF\web.xml 28 Administrator Guide Chapter 3: Understanding the Dashboard This chapter contains information on understanding the information presented on the Dashboard and using it to manage the Threat Management Server. For procedures on using the Dashboard tab, see the eTrust Threat Management Console online help. Using the Dashboard Tab The Dashboard tab provides quick access to important information about your eTrust Threat Management products. You can view the following information from the dashboard: Over-all health of your network via the Top 10 detection list Current license status Note: You can view detailed license information on the Licensing tab. Product and Threat Management Server information View eTrust Threat Management products administrator contact information In addition you can use the dashboard to perform the following tasks: Restart the Threat Management Server Edit eTrust Threat Management products administrator contact information Top 10 Detections The Threat Management Server collects and collates the logs of computers that are running the eTrust Threat Management Agent and displays the Top 10 detection information on the Dashboard tab. This provides a quick review of the most common detections on your network. For detailed information on these detections, and other detailed reports, use the Reports tab. Understanding the Dashboard 29 Using the Dashboard Tab License Information (Dashboard tab) The License Information area shows the current state of licensing. If the Managed Node Count is higher than the Licensed Node Count, a license warning is displayed. A more detailed account can be found on the Licensing tab. Product Information The Product Information area displays the operating system version of the system hosting the Threat Management Server, the eTrust Threat Management products version information, the date and time of the last discovery, and the date and time the Threat Management Server started running. You can restart the Threat Management Server at any time by clicking the Restart button. Restarting the Threat Management Server The Threat Management Server tracks all instances of eTrust Threat Management products running on your network. You can view the status of the Threat Management Server in the Product Information area, which displays the date and time the server was last started. To restart the Threat Management Server, click the Dashboard tab, then click the Restart button located in the Product Information area. 30 Administrator Guide Chapter 4: Discovering Subnets This chapter contains information on the discovery process, the Default Organization, and the Discovery tab. For detailed descriptions for each discovery option and procedures for performing discovery tasks, see the eTrust Threat Management Console online help. How Discovery Works The discovery process works as follows: 1. An authorized administrator specifies subnets for the Threat Management Server to query. The administrator also specifies a discovery frequency that sets how often the subnet is polled. Note: Once a subnet is queried, this frequency dictates how often the discovery information for each client is refreshed. 2. When the subnet definition is saved, an IP-directed broadcast, a UDP multicast, or a UDP unicast is sent (using UDP port 42508) to the defined subnet depending on the election method selected. 3. Through a transparent election process, a computer in that subnet is elected to reply to the Threat Management Server. 4. The elected computer returns response packets to the Threat Management Server (using TCP port 42509). These packets contain information about computers in the subnet that are running eTrust Threat Management products. This information includes: hostname, IP Address, MAC Address, virus signature or DAT file version information, product version information, policy settings, and other general data. The packets also include updates for any changes since the previous discovery. 5. The Threat Management Server stores the discovered data in its database. From this information, the Threat Management Server takes an inventory of the available computers in the security network. 6. This inventory appears on the Discovery tab of the eTrust Threat Management Console. If specified in the subnet definition, each computer also appears on the Organization tab and is automatically associated with a branch of the Organization tree. The discovery process automatically maintains current information about the status of the eTrust Threat Management products running on each computer on the subnet. Discovering Subnets 31 Default Organization for Subnet Discovery Default Organization for Subnet Discovery The Default Organization is the name of an existing branch in the Organization tree where a discovered computer can be assigned if an approved Threat Management Server is specified for the computer at installation time. You can specify an approved Threat Management Server for a client computer using the inoc6.icf configuration file. By using this method, the discovered computer is placed in the branch indicated by the Default Organization option. If an approved Threat Management Server is not specified for a computer, it is available in the list of computers for the subnet, but you have to manually add it to a branch. On OS X, you can also approve servers in the eTrust Antivirus Preferences Options panel that is available under System Preferences panel. On NetWare, you can set an approved Threat Management Server using ETRUSTAV. In addition, the NetWare install uses inoc6.icf that can be preset to use an approved Threat Management Server, as under Windows. Changing Default Organization After Installation To change the approved Threat Management Server after the installation on a Windows client computer, simply use regedit to change the client's registry to specify the new server: Key: \HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentV ersion\NameCli Item: ServerList On UNIX and OS X systems, you can use the InoSetApproved script, which is located in the $CAIGLBL0000/ino/scripts directory. Do this by specifying the IP address or list of addresses of the approved servers as the arguments to the script. Separate a each IP address with a blank space. For example: InoSetApproved 172.16.0.0 172.31.255.255 32 Administrator Guide Discovering Computers Outside Local Subnet Discovering Computers Outside Local Subnet If you perform a discovery and it does not find computers that you know are running instances of eTrust Antivirus, one possible cause is that your current network router configuration is blocking the discovery process from discovering those computers. During the discovery process, using the default setting of Free Election, the Threat Management Server sends an IP-directed broadcast to the subnet being discovered. If the routers on the network do not allow these packets to pass, the discovery process will be unable to query the subnets on the other side of the router. To correct this problem, you can do the following: Use the Specified Election method instead of the Free Election method. Note: You can also use the Sweep Poll method, but it takes longer so you will need to extend the timeout value. It also increases the work of the Threat Management Server, as it is polling each computer individually, so you will see an increase in CPU utilization by InoRPC. Configure the network routers to allow IP-directed broadcasts over UDP port 42508. Another way of troubleshooting UDP traffic issues is to use the eavdisc.exe utility (on UNIX and OS X system, the utility is called eavdisc). This utility is provided as an alternative to Free Election, and rather than rely on UDP broadcast to trigger the discovery, eavdisc limits traffic to TCP only. The eavdisc.exe program is located on the installation media in the /ITM/Common/Bin/Win32/Utility directory. To use eavdisc.exe, copy it to you local machine, open a command line window and run the utility supplying the IP address of the Threat Management Server as a parameter. The discovery is triggered and the computer should now show up in the subnet on the eTrust Threat Management Console. Discovering Subnets 33 Using the Discovery Tab Using the Discovery Tab Use the Discovery tab to perform the following subnet management tasks: Add (discover) a new subnet. The discovery process queries the subnet for clients running eTrust PestPatrol. Modify the configuration options of an existing subnet Delete one or more subnets Perform an immediate refresh of a subnet using the Discover Now option View product and organizational information for each computer on a subnet When you first click the Discovery tab, no subnets are listed in the Networks area, unless you are using the eTrust Threat Management Console on the computer that hosts the Threat Management Server. If so, the subnet of the Threat Management Server is automatically displayed. The Discovery tab provides several subtabs and buttons for performing subnet management tasks. For example, the Subnet Information and Discovery Configuration subtabs let you specify new subnets and modify the options of previously discovered subnets. Once a subnet is discovered, the product-specific and organization subtabs, located at the bottom of the page, are populated with information about the discovered client computers. Once populated, you can use the Organization subtab to add or remove a computer to or from a branch in your Organization tree. Note: You do not need special access permissions, such as an operating system account, to discover a subnet. However, to place a discovered computer into a branch in the Organization tree, you must have operating system administrative authority over that computer. 34 Administrator Guide Using the Discovery Tab Specifying Subnet Information Use the Subnet Information subtab to specify a subnet you want to discover. This tab allows you to enter a descriptive name for the subnet. If you do not enter a name, the default description is the IP address followed by the port number used for discovery. You then specify an IP address of a computer on the subnet, and the subnet mask. The IP address that you specify depends on the type of discovery, or polling method you specify on the Discovery Configuration subtab. If you choose the Free Election or Sweep Poll method, you can enter the IP address of any computer on the subnet. If you choose the Biased Election or Specified Election method, you must specify the IP address of the computer that you want to respond to the Threat Management Server. The computer must be running an eTrust Threat Management product. You may choose to verify the IP address using the Test button. You may also choose to change the default Organization for the discovered computers, by specifying a new organization in the Organization area of the subtab. Note: If another Threat Management Server has already discovered the specified subnet, the IP Address of the conflicting Threat Management Server is displayed. You should contact the administrator of this Threat Management Server to avoid the possibility of conflicting policies for this subnet. Note: You can create multiple instances of a subnet. Specifying Discovery Configuration Use the Discovery Configuration subtab to configure the policy settings for the subnet, the frequency the discovery is repeated, and the polling method used to perform the discovery. Once you have discovered a subnet, you do not need to specify these options again. The Repeat Every option automatically retrieves your subnet definition information and uses it to re-discover the subnet and refresh client information. Viewing Discovered Computers After the computers are discovered, select the instance of the subnet in the Networks group on the Discovery tab. The list of discovered computers appears on the product-specific and organization subtabs, located at the bottom of the page. These tabs display detailed information about the eTrust Antivirus running on the computer. You can use the Organization Details tab to assign a computer to branch in your Organization tree. Discovering Subnets 35 Using the Discovery Tab Locating a Computer on a Subnet Once you have discovered one or more subnets, you can quickly locate a computer on any of the discovered subnets. In the Networks area of the Discovery tab, enter the computer name in the textbox and click the Find node in subnets button. When the computer is found, the Antivirus Details, PestPatrol Details, and Organization Details subtabs, located at the bottom of the page, display detailed information about the computer. Adding a Computer to a Branch Use the Organization Details subtab, located at the bottom of the Discovery tab, to add a computer to a branch in your Organization tree. Once you click the Assign button you will be prompted to enter a username and password. The username and password you enter must have operating system administrative privileges on the client computer that you want to add to the branch. Note: You can also use the Client tab to add a computer to a branch. For more information, see Working with Clients (see page 69). Modifying Subnets The Discovery tab allows you to modify a single subnet, or a modify all discovered subnets. To modify a single subnet, you select the subnet in the Networks area. When you select the subnet, the specified options for that subnet appear in the subtabs to the right. Edit the options as needed, and click the Apply button to save the modifications. To modify all previously discovered subnets, click Edit All, modify the options as needed, and click the Apply button to save the modifications. Deleting Subnets You can also use the Delete and Delete All buttons on the Discovery tab to delete a single subnet or to delete all subnets. The eTrust Threat Management Console prompts you to verify the deletion. Use these buttons carefully, as you cannot undo the deletion of a subnet. If you accidentally delete a subnet, you must re-enter the subnet definition and configuration information to discover the subnet again. 36 Administrator Guide Chapter 5: Organizing Your Security Network This chapter contains information on using the Organization tab to create and manage your Organization tree. For detailed procedures on performing organization tasks, see the eTrust Threat Management Console online help. Organization Tree The Organization tree is a hierarchical representation of your security network. You use the tree to apply policies to groups of computers that require the same protection settings against malicious programs or code. Using the Organization tab, you create an Organization tree with containers, called branches. These branches are typically organized to mirror the physical locations of computers on your network. The organization of the tree is completely flexible and is often organized to segment computers into various categories by department, function, type of user, or any other arrangement that suits your business needs. Each branch in the tree is analogous to a file-system directory or folder, which also contains subdirectories or sub-folders. Your Organization tree can contain as many sub-branches as necessary. Finally, you add computers to the branches and sub-branches, and then assign policies to the branches. All computers in the branch inherit the policy from the branch, unless you apply a policy to a specific computer in that branch. For more information, see Policy Precedence. Note: A computer can only be a member of one branch at a time. Managing Branches The features of the Organization tab provide you with complete flexibility in managing the branches and sub-branches of your Organization tree. From this tab you can view a list of computers in each branch, create new branches, rename branches, and delete branches. In addition, you can assign and remove policies from specific branches, view a list of users that have permissions to manage a branch, and assign policy proxy computers to a branch. A policy proxy computer shares the load of distributing policies to the computers in a branch or sub-branch, so that policy can be rapidly distributed throughout the network, and the Threat Management Server is not responsible for the delivery of policy to each individual computer. Organizing Your Security Network 37 Using the Organization Tab Adding a Computer to a Branch Use the Organization Details subtab, located at the bottom of the Discovery tab, to add a computer to a branch in your Organization tree. Once you click the Assign button you will be prompted to enter a username and password. The username and password you enter must have operating system administrative privileges on the client computer that you want to add to the branch. Note: You can also use the Client tab to add a computer to a branch. For more information, see Working with Clients (see page 69). Using the Organization Tab Use the Organization tab to perform the following tasks: Create branches and sub-branches View the computers contained in a branch View, assign and remove policies and scheduled jobs to or from branches and sub-branches View the users who have permissions for managing a branch or subbranch Configure policy proxy servers and assign them to branches The Organization tab provides the Clients and Properties subtabs, which you use to perform these tasks. 38 Administrator Guide Using the Organization Tab Creating Branches Use the Add button on the Organization tab to create the branches and subbranches you will use to organize the computers on your network into logical groupings for policy management purposes. Your organization tree can contain as many branches and sub-branches as necessary. Once defined, you can easily add computers to each branch and sub-branch. The following example Organization tree has a branch called Accounting. Under that branch, there are sub-branches of every office that has an accounting department, such as Office A, Office B, and Office C. Under each sub-branch representing an office, you could then arrange the computers from each of the accounting departments. You can also use this tab to rename a branch by clicking Edit, refresh the Organization tree by clicking Refresh, and delete branches or sub-branches by clicking Delete. Organizing Your Security Network 39 Using the Organization Tab Viewing Client Information Using the Client subtab you can view a list of computers that reside in the selected branch. The subtab displays the following information for each computer: Name of client computer Version of the eTrust Antivirus application and engine Version of signature files The subtab provides at-a-glance information for each computer. However, for detailed information you can click the computer name and view the detailed information that appears in the pop-up dialog for that computer. Note: To perform management tasks on a particular computer, you can use the Client tab. For more information, see Working with Clients (see page 69). Working with Branch Properties The Properties tab lets you assign or remove policies and schedule scan jobs, view the eTrust Threat Management Console users that are permitted to manage the branch, and add or remove policy proxy servers. With a branch of the Organization tree selected, you can perform any of these tasks by selecting the appropriate item from the drop-down list. Detailed procedures for performing these tasks are provided in the eTrust Threat Management Console online help. Note: If you have multiple Threat Management Servers on your network, the Organization tree under each Threat Management Server must be managed separately. To preserve policy management integrity, you cannot apply a policy from one Threat Management Server to a computer that is managed by another Threat Management Server. 40 Administrator Guide Using the Organization Tab Using Policy Proxy Servers From the Properties subtab you can designate one or more policy proxy servers. The policy proxy server improves network efficiency by sharing the workload of policy distribution with the Threat Management Server. When the Threat Management Server distributes policies, it goes down the list of computers in the Organization tree. When it finds a policy proxy server it enlists the help of that computer to distribute policies. Since the proxy distributes the policies to the other computers in its branch, the Threat Management Server can skip the rest of the computers in that branch and find the next proxy server. It then passes the policies to that proxy, and so on through the network. For example, if a branch has ten computers, and one computer is designated as the proxy server, the Threat Management Server sends the information once—to that one proxy server. The proxy then passes the information to the nine remaining computers in its branch. This minimizes the number of times that the Threat Management Server has to send the commands, thereby improving the performance of the Threat Management Server and the network in general, and reducing the amount of time necessary to distribute policies throughout the network. Note: The role of the policy proxy server is distinct from the role of the signature redistribution server. The policy proxy server is used to distribute policy settings throughout the network. The signature redistribution server makes the signature update files available to other computers. Further, the policy proxy server should not be confused with an Internet proxy server. To assign a proxy server from the Properties subtab, select Proxy from the drop-down list and complete the Please Select Proxy dialog. Using Proxy Servers in Sub-Branches The policy proxy server distributes updates on behalf of the Threat Management Server to the computers in its branch and any subordinate subbranches. However, if the sub-branch contains its own policy proxy server, the first proxy server detects this and enlists the help of the subordinate proxy server to distribute updates to computers in its sub-branch and any other subordinate sub-branches. Organizing Your Security Network 41 Using the Organization Tab Proxy Override Option The override option specifies what should happen if a policy proxy server for a given branch is currently unavailable and there are policies that must be distributed. By setting the override option, the proxy server located above the disabled proxy in the Organization tree assumes the responsibility of distributing the updates to the computers ordinarily served by the proxy that is unavailable. If you do not specify this option and the policy proxy server is unavailable, the policy updates are not distributed to the computers normally served by that proxy server, until it becomes available again. Proxy Server Considerations When determining if a computer should be a policy proxy server, consider the following items: 42 Administrator Guide You can designate any number of computers as proxy servers. You can designate any computer in a branch or sub-branch as a proxy server, except for computers running Windows 95 or Windows 98. Chapter 6: Managing Policies This chapter contains information on creating and managing policies from the eTrust Threat Management Console's Policy Management tab. For detailed information on policy management options and procedures, see the eTrust Threat Management Console online help. Policy Enforcement A policy contains the settings that you want to apply to multiple computers to safeguard them against malicious programs or code. As an eTrust Threat Management products administrator, you can create and enforce policy settings and assign them to branches in your Organization tree to ensure that all computers are equally protected. Policies that you apply to a branch always take precedence over settings that an end user may have applied to his or her computer locally. If a user changes an assigned policy setting, the Threat Management Server detects the change and automatically returns the settings to those defined by the administrator, thereby enforcing the policy. When the Threat Management Server discovers a new subnet, or refreshes its database of existing subnets, it receives information on all policies for each client, along with the product version, signature information, and operating system information, such as the computer name, IP address, OS version and MAC address. The Threat Management Server updates its database and examines the information. If it finds that a policy setting on the client computer does not match the policy setting assigned to the branch the computer resides in, it flags the discrepancy and resets the policy. Note: You can prevent end-users from changing policy settings on their local computers by locking the policy. The following section describes policy locking. Managing Policies 43 Policy Locking Policy Locking When you create or modify a policy, you can choose the Lock Settings option on the Policy subtab. This setting prevents end users from changing policy settings on their local computers. During the discovery process, the Threat Management Server pushes the locked policy to the computers that reside in within the branch. If you do not use the Lock Settings option, the Threat Management Server will continue to distribute policies to the computers in the branch where the policy is assigned; however, the end user can change those policy settings on their local computer. Should the end user changes the settings, the Threat Management Server will automatically reset the policy settings during the next subnet discovery or refresh; however, there will be period of time when the client computer's policies are not the same as those defined for it in the Threat Management database. Note: The Threat Management Server refreshes its database based on the interval that you specify in the Repeat Every option on the Discovery Configuration subtab. Policy Precedence A policy's precedence can be either inherited or specified. Inherited An inherited policy is one that is inherited from a higher level branch in your Organization tree. For example, if you apply a policy to a particular branch, that policy applies to all sub-branches and client computers that reside beneath that branch of the tree. The sub-branches and client computers inherit the policy from the higher-level branch. Specified A specified policy is one that is applied to a specified branch, sub-branch or computer. This type of policy overrides the inherited policy from the branch above it. When the Threat Management Server performs a discovery, it looks at the lowest level branch in your Organization tree (a branch that does not have another branch beneath it). It then checks the policies that are applied to that branch. If a policy is applied to the branch, it is kept, and not changed by a policy that would otherwise be inherited from the branch above it. The discovery process then continues up the Organization tree to the next branch level. If no policy is applied at the next branch level, the Threat Management Server uses the policy applied at the branch level above, and so on. 44 Administrator Guide eTrust Antivirus Policy Types eTrust Antivirus Policy Types Use the Policy Management tab to create and manage the following eTrust Antivirus policies: Realtime Monitor Scans a file before they it is accessed to ensure the file is not infected. Scheduled Jobs Determines when and how scheduled scans occur. Legacy Signature Distribution Enables the distribution of content updates to prior versions of eTrust Antivirus using a r8 Threat Management Server or redistribution server. Send for Analysis Specifies detailed contact information that is included whenever you submit a virus to Computer Associates for further analysis. Lotus Notes Email Policies Manages eTrust Antivirus policies on your Lotus Notes e-mail server. Note: Email polices are only for computers running Windows. MS Exchange Email Policies Manages eTrust Antivirus policies on your Microsoft Exchange e-mail server. Note: Email polices are only for computers running Windows. The following sections contain additional information for each policy type. For policy procedures, see the eTrust Threat Management Console online help. Managing Policies 45 eTrust Antivirus Policy Types Realtime Monitor Policy The Realtime Monitor automatically performs a file scan each time a file is executed, written to, or opened. When an infection is found and a treatment action is unsuccessful, file access is denied, which prevents the infection being spread further. You can monitor for known and unknown viruses, specify detection methods, and manage infected files. Using the realtime settings available, you can block access to certain groups of files (based on file extension) or all files, so that potentially dangerous files are not opened, copied, or executed by a user or the system. On Windows systems, by enabling the quarantine feature, users who are detected attempting to copy infected files to a server can be automatically suspended from any further access to that server, thereby helping to isolate the infected user and prevent the spread of the infection. On Windows and OS X systems, if an infection is found, a window is displayed with the name of the infected file and the name of the infection. On NetWare systems, if an infection is found, a message is displayed on either the Console Screen or the Logger Screen, depending on the version of Netware. If the infected file was accessed from a client computer, a window is displayed on that client with the name of the infected file and the name of the infection. Note: Remember, the settings you choose for the Realtime Monitor settings apply only to the realtime scan. How Realtime Monitor Works The Realtime Monitor offers automatic virus protection by intercepting attempts to access files and scanning them to ensure they are not infected. On Windows systems, the interception is accomplished by using a VxD (Virtual Device Driver). Under UNIX, this interception is accomplished through integration of the Realtime Monitor and the Computer Associates Event Notification Facility (CAIENF) to provide antivirus protection. Under NetWare, the Realtime Monitor uses the NetWare FSHOOKS subsystem. Under OS X, the Realtime Monitor uses a kernel extension (KEXT). 46 Administrator Guide eTrust Antivirus Policy Types Realtime Policy Subtabs You create Realtime Monitor policies by selecting Realtime Monitor from the Type drop-down list on the Policy Management tab. When you select this option, several subtabs appear on the right side of the Policy Management page. The following subtabs allow you to specify the scan options for this policy: Policy Specifies a descriptive name for the policy and lets you lock the policy. Scan Lets you specify the scanning options for Realtime Monitor, such as the scanning direction, the thoroughness of the scan, and the action to perform if an infection is detected. Selection Lets you specify the scanning engine to use during the scan, the file extensions to scan, and whether to scan compressed files. Filters Lets you specify the processes and directories to exclude from scanning and block all access to specified files. Advanced Manages settings for protected areas and advanced protection options for different types of drive devices. For example, on Windows systems, you can specify protected drive areas for monitoring, while on UNIX, these options would not be applicable, as all drive types are always protected. Quarantine Available on Windows systems only. Suspends users from accessing a server if they attempt to copy an infected file to the server, thereby isolating the user and preventing the spread of the infection. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 47 eTrust Antivirus Policy Types Quarantined Users This feature is available on Windows only. By enabling the quarantine feature, users who are detected attempting to copy infected files to a server can have their access to the server automatically suspended for a specified period of time. The user is blocked from any further access to the server for the length of time specified by the Quarantine time, up to 24 hours. During the quarantine time, you have the opportunity to determine what the problem file is, isolate it, and clean the infected computer. In addition, messages can be sent, listing the name of the user who tried to move an infected file, so that the appropriate administrator is notified. Further, the name of a quarantined user is listed on the Quarantine tab when a particular computer is selected in the list of computers. An Authorized administrator can easily restore the quarantined user access again by removing the name of the user from the Quarantine tab. Note: Because the quarantine blocks server access based on user name, the quarantine affects any users signed on with the same name. This is particularly important if a network has many people sharing the same user name, such as GUEST. If one user is signed on as GUEST and is quarantined because of a detected attempt to copy an infected file, all other users named GUEST are quarantined also. Note: The Administrator account on a Windows NT or Windows 2000 computer cannot be quarantined. A user with administrator rights, however, can and will be quarantined when necessary. 48 Administrator Guide eTrust Antivirus Policy Types Automatic Activation of the Realtime Monitor Once you have configured the Realtime Monitor on Windows systems, it is automatically activated each time the computer is started and the Realtime Monitor icon is displayed in the Windows system tray. Note: If the Realtime Monitor icon is not displayed, you can activate it from the Windows Start menu. When selecting whether to install ENF during the eTrust Antivirus installation on UNIX systems, you can determine if you want the Realtime Monitor to activate automatically when you start the computer. If you choose not to install ENF, realtime will not be available at all on your system. There is no system tray or Realtime Monitor icon. When you install eTrust Antivirus on OS X systems, the Realtime Monitor is configured to automatically activate when your start the computer. You can disable the Realtime Monitor using the Realtime Monitor Options dialog. There is no icon that indicates the status of the Realtime Monitor. When you install eTrust Antivirus on Netware systems, the Realtime Monitor is configured to automatically activate when you start the computer. You can disable the Realtime Monitor using the ETRUSTAV console application. There is no system tray or Realtime Monitor icon. Managing Policies 49 eTrust Antivirus Policy Types Realtime Monitor Icon Options On Windows systems, you can access all the Realtime Monitor settings and manage the monitoring of files from the Realtime Monitor icon in the system tray. On OS X, you can access these settings from the Realtime Monitor icon on the menu bar. The following options are available: Realtime Options Starts eTrust Threat Management Agent interface and displays the Settings tab, where you can modify your realtime scan settings. Disable Realtime Temporarily disables realtime scanning. This option suspends the activity of the Realtime Monitor, but does not remove it from memory or shut it down. Monitor Outgoing Files Monitors files sent out from a local drive. Outgoing files are files being copied from a local drive and files that are executed from a local drive. Outgoing files are scanned when they are opened. If the file is infected, you are denied access to it Monitor Outgoing and Incoming Files Monitors both incoming files and outgoing files. Incoming files are files received by your local machine. Incoming files are scanned only when they are closed. Snooze Disable the Realtime Monitor for a specified number of minutes only. Animated Icon Toggles the animation of the Realtime Monitor icon in the system tray on or off. This option is not available on OS X. Display Logo Lets you hide or show the splash screen that is displayed when you start the eTrust Threat Management Agent interface from the Realtime Monitor icon. This option is not available on OS X. Policy Job Delay Settings Lets you choose whether to run a policy update now or postpone it a specified number of hours. This option is not available on OS X. Launch eTrust ITM Starts eTrust Threat Management Agent interface and displays the Scan tab. 50 Administrator Guide eTrust Antivirus Policy Types Download Updates Now Opens the eTrust ITM Download Progress window, runs a content update for the local computer, and displays the progress of the update in the window. About Starts the eTrust Threat Management Agent interface and displays the Dashboard tab. License and Registration Starts eTrust Threat Management Agent interface and displays the Advanced tab, where you can register licenses. Exit Removes the Realtime Monitor icon from the system tray. Realtime monitoring remains active. Realtime Messaging On Windows systems, if the Alert option is configured and active, messages can be sent by Broadcast, Microsoft Mail, Microsoft Exchange, SMTP, SNMP, Trouble Ticket, and Pager, whenever an action is taken. The messages also appear in the realtime scan log and the Windows NT Event Log or Windows 2000 Event Viewer. For more information, see the Alert online help. Messages also can be sent when Quarantine is invoked. While Alert is not available on UNIX and OS X systems, the hooks to userdefined scripts and syslog provide an equivalent level of notification flexibility. Accordingly, Windows systems can be configured to receive alerts forwarded from UNIX and OS X agents to the Threat Management Server as the Alert Manager sends these alerts to the email server. Alert is not available in any capacity for the Netware platform. On UNIX and OS X systems, eTrust Antivirus events will be directed to syslog, as specified in the UNIX and OS X configuration file, /etc/syslog.conf. For more information, see Using Alert Manager in UNIX and OS X Systems. Managing Policies 51 eTrust Antivirus Policy Types Scheduled Jobs Policy You can create Scheduled Jobs policies to perform regularly scheduled scanning on multiple computers. You should perform scheduled scans on a regular basis, typically during off-peak usage times. The use of scheduled scans is especially encouraged for those user with defined exclusions in the Realtime Monitor policy. You should avoid scheduling scans during scheduled backups, as those scans could have an effect on the performance of the backup. When setting schedule scan options, the CPU utilization setting has no direct numeric value to CPU usage. Rather, it correlates to CPU resource availability. For example, you might select Low for scans scheduled to take place during normal work hours when CPU resources are likely required for other work related tasks and should not be consumed by scanning activities. For scans scheduled during evenings and weekends, when resource requirements are normally lower, the Normal or High CPU setting would be more appropriate. Note: The options available for scheduled scans are the same as those available from the Local Scanner on a client computer. The following tabs are available: Policy Specifies a descriptive name for the policy and lets you lock the policy. Scan Specifies the objects to scan and the action to perform on detected pests. Schedule Specifies the time, date, and interval for the scan, and CPU usage level. Directories Specifies directories to scan. 52 Administrator Guide eTrust Antivirus Policy Types Scheduled Jobs Subtabs You create Scheduled Job policies by selecting Scheduled Jobs from the Type drop-down list on the Policy Management tab. When you select this option, several subtabs appear on the right side of the Policy Management page. The following subtabs allow you to specify the scan options for this policy: Policy Specifies a descriptive name for the policy and lets you lock the policy. Scan Lets you specify the scanning options for the scheduled scan, such as the scanning direction, the thoroughness of the scan, and the action to perform on detected infections. Selection Lets you specify the file extensions to scan, and whether to scan compressed files or files migrated to external storage. Schedule Specify the time, date, and interval for the scan. On Windows systems, lets you specify the CPU usage level. Directories Lets you specify directories to scan. Exclude Lets you specify directories to exclude from the scheduled scan. Log Lets you view the summary information and detailed logs for scheduled scans. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 53 eTrust Antivirus Policy Types Considerations for Scanning Network Drives On Windows, you can map to a network drive from a local computer and perform a scan. Similarly, on UNIX and OS X, you can mount and scan a remote file system. This might be useful occasionally for scanning a specific file, but it is not the preferred method for managing network drives as significant network overhead is incurred when a local computer scans a network drive. The preferred method for scanning a network drive is for a remote administrator to schedule a scan job on the network computer, using the eTrust Threat Management Console. An instance of eTrust Antivirus must reside on the computer to be scanned. Once scheduled, the scan will be performed locally on the network computer. This method is significantly more efficient when compared to running a scan from one computer against network mapped drives that physically reside on another computer. 54 Administrator Guide eTrust Antivirus Policy Types Legacy Signature Distribution Policy Create Legacy Signature Distribution policies to distribute product and signature updates to computers running legacy versions of Computer Associates antivirus software. Legacy versions include r6, r7, and r7.1. You can choose to download update signatures immediately, on a specific day, or on a regularly repeated basis. In addition, you can specify the download source and configure redistribution servers. A redistribution server makes the signature updates available to other legacy computers. Note: On NetWare systems running eTrust Antivirus r8, you must use the Legacy Signature Distribution Policy to download signature and product updates. The Legacy Signature Distribution policy provides the following subtabs: Policy Specifies a descriptive name for the policy and lets you lock the policy. Schedule Enable scheduled updates and specifies the date, time, and frequency of the updates. Also lets you start an immediate download of updates. Incoming Lets you perform incremental updates, when appropriate, and add, modify, or delete download sources. Outgoing Specifies a computer as a Redistribution Server and manages the signatures to download for redistribution. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 55 eTrust Antivirus Policy Types Send for Analysis Policy The Send for Analysis policy enables you to specify detailed contact information to be included with the information sent from your company whenever a virus is submitted to Computer Associates for further analysis. After you create a Send for Analysis policy, you may want to place it on the Organization tree root folder, as it is typically the same for all computers. You may also choose to change the default location for submitting an infected file to specify an internal address in your organization. For example, multiple infections of the same type can strike a large organization. By sending every problem file to an internal administrator, you can monitor the occurrence of infections and if you have already received a solution from Computer Associates, there may be no need to pass the infected file any further. Note: This policy type does not apply to NetWare. The Send for Analysis policy provides the following subtab: Policy Specifies a descriptive name for the policy and lets you lock the policy. Virus Analysis Contact Information Specified your company's contact information. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. 56 Administrator Guide eTrust Antivirus Policy Types Email Policies Create e-mail policies to specify how realtime components will protect your Lotus Notes or Microsoft Exchange e-mail server. The Notes Option integrates with eTrust Antivirus to scan for infections in documents and email file attachments. Infected Lotus Notes attachments can be automatically detected. This option also notifies the users through the host messaging system whenever an infection is found. Before you install the Notes Option, review the Readme file to verify that you have the required software and hardware. You must also ensure that your Lotus Notes Domino account has its user rights configured properly. The Exchange Option integrates with eTrust Antivirus to scan for infections in documents attached to email messages and folders. Use this option, to automatically cure infected Microsoft Exchange attachments. The Exchange Option scans all mail passing through the server. The Exchange Option runs on the server where the Microsoft Exchange Server resides. It can detect, cure, or block infected email attachments and prevent them from spreading throughout your enterprise. Before you install the Exchange Option, review the Readme file to verify that you have the required software and hardware. You must also ensure that your Microsoft Exchange account has its user rights configured properly and meet the Exchange Full Administrator requirement. Managing Policies 57 eTrust Antivirus Policy Types Lotus Notes Email Policy Subtabs You create Lotus Notes email policies by selecting Lotus Notes Email Policies from the Type drop-down list on the Policy Management tab. When you select this option, several subtabs appear on the right side of the Policy Management page. The following subtabs allow you to specify the scan options for this policy: Policy Specifies a descriptive name for the policy and lets you lock the policy. Scan Lets you specify the scan engine, scanning direction, the thoroughness of the scan, and the action to perform on detected infections. Selection Specifies files to include or exclude from scanning, and whether to scan compressed files. Notification Lets you send an email notification when a detection occurs. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. 58 Administrator Guide eTrust Antivirus Policy Types Microsoft Exchange Email Policy Subtabs You create Microsoft Exchange email policies by selecting Microsoft Exchange Email Policies from the Type drop-down list on the Policy Management tab. When you select this option, several subtabs appear on the right side of the Policy Management page. The following subtabs allow you to specify the scan options for this policy: Policy Specifies a descriptive name for the policy and lets you lock the policy. Scan Lets you specify the scan engine, scanning direction, the thoroughness of the scan, and the action to perform on detected infections. Selection Specifies files to include or exclude from scanning, and whether to scan compressed files. Notification Lets you send an email notification when a detection occurs. Options Specifies special scanning options and a timeout value for scanning your Microsoft Exchange server. Misc Specifies log options, timeout value, and background scanning options. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 59 Common Policy Types Common Policy Types Use the Policy Management tab to create and manage the following policies that are common to eTrust Antivirus and eTrust PestPatrol: Alert Forwarding Creates customized alerts for multiple computers, reduces message traffic, and minimizes the dissemination of notifications that are not critical. Content Update Specifies how and when you want to download program updates and signature files. Phone Home Enables client computers to send their information to a specific Threat Management Server, enabling that server to automatically update its database with current information about the client. The following sections contain additional information for each policy. For policy procedures, see the eTrust Threat Management Console online help. Alert Subtabs The Alert Forwarding policy allows you to create customized Alerts for multiple computers. Alert policies can help cut down on message traffic and minimize the dissemination of notifications that are not critical. Alert policies may differ for client computers and servers, depending on your organization's needs. Note: Alert Forwarding is not available on Unix or OS X. On these platforms, alerts can be sent to a user-defined shell script for further processing. The Alert Fowarding policy provides the following subtabs: Policy Specifies a descriptive name for the policy and lets you lock the policy. Alert Specifies where to send notification information and how frequently to send it. Alert Filter Lets you manage notification severity levels, customize sets of notification messages to be reported for different service components, and determine the types of messages should be passed to the Alert Manager. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. 60 Administrator Guide Common Policy Types Content Updates Policy The eTrust Threat Management Console lets you create a content update policy that automatically downloads both product updates and signature files for your eTrust Threat Management products. The download method for gathering the updates is HTTP. Note: If your eTrust Antivirus license expires you will be unable to download content updates, which include the latest signature and DAT files, as well as other program updates. The Content Updates policy provides the following tabs: Policy Specifies a descriptive name for the policy and lets you lock the policy. Update Scheduler Schedules the date, time, interval, and frequency updates occur. Components Lets you choose the product components and signatures you want to update. Download Settings Specifies the source from which to collect the updates. Redistribution Option Enables a computer on your network to act as a redistribution server for updates. This reduces network traffic by allowing other computers on your network to collect their updates directly from the redistribution server and can significantly reduce the amount of time that would otherwise be required to update computers throughout the enterprise. Note: Before a computer can act as a redistribution server, you must first install the Redistribution Server option from the product media onto that computer. Legacy Redistribution Enables computers running legacy versions of eTrust Antivirus to collect their updates from a redistribution server running eTrust Antivirus r8. Common Specifies common communication settings. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 61 Common Policy Types How the Content Updates Work When a scheduled content update job runs, your computer connects to the first download source specified in Source list on the Server subtab. The update job attempts to collect all of the components specified on the Components subtab. If the connection cannot be established for some reason, such as heavy network traffic, a connection failure, or a timeout, your system will go to the next source on the list. The content update job collects all the requested components that are available from the first source before it connects to another source. If all of the requested components are collected from the first source, the job finishes. If a component is not available from the first source, your computer queries the next source in the Source list. This process continues until all of the requisite component updates have been retrieved for the different versions and platforms of the components specified on the Components subtab. If an update is not found, the computer automatically attempts the update process five additional times at 5 minute intervals. If, after the fifth attempt, the computer is still unable to get the updates, it waits until the next scheduled update job, at which point it will automatically attempt to retrieve updates again. Note: Internet Explorer may prompt you to add the download source to your list of trusted sites. For information on how to add a trusted site to your Internet options, see Add a Trusted Site to Internet Explorer (see page 27). 62 Administrator Guide Common Policy Types How Redistribution Servers Work You can use multiple computers, called redistribution servers, to distribute content updates in an efficient manner. To make a computer a redistribution server, you must first install the Redistribution Server from the product media, then enable the Redistribution Server checkbox on the Redistribution Option subtab. Note: The redistribution server can only distribute policies for the eTrust Threat Management products installed on that computer. This means if the hosting machine only contains eTrust Antivirus, it can only distribute policies for eTrust Antivirus and no other eTrust Threat Management products. For example, one computer in your network can collect the updates from the Computer Associates website. Other computers in different locations throughout your network can connect to that computer to get the latest updates. Those computers, in turn, can make the updates available to other computers in their subnets. In this scenario, the first source on the Source list could be a departmental network server. The second source could be a server in a different department. The third source could be an internal distribution server. Each of these source computers must be designated as a redistribution server on the Redistribution Option subtab. Note: The role of the redistribution server is distinct from the role of the policy proxy server. The redistribution server makes the content update available to other computers. The policy proxy server distributes policy settings throughout the network. Managing Policies 63 Common Policy Types Considerations for Using UNIX and OS X Systems as a Redistribution Server A UNIX system can serve as a Redistribution server both for other UNIX systems and for Windows systems. To do this, the UNIX system must have Samba installed. (Samba is a free third-party software package that enables UNIX systems to interact with Windows systems using the UNC method. It is distributed as part of some versions of UNIX, and it can also be obtained at www.samba.org.) The Samba daemon (smbd) must be running, and INOUPD$ must be defined as a share in the Samba configuration file (smb.conf). An OS X system can serve as a Redistribution Server for other OS X, UNIX, and Windows systems. To do this, a share named INOUPD$ must be defined in the Samba configuration file (/etc/smb.conf). The INOUPD$ share cannot be password-protected. Here is a sample entry: [INOUPD$] path = /Library/Application Support/eTrustAntivirus/ino/Outgoing guest ok = yes browseable = no read only = yes Note: There is a space between the words Application and Support. 64 Administrator Guide Common Policy Types Phone Home Policy The Phone Home feature enables a client computer to report information to a specified Threat Management Server. It provides reverse discovery or "selfintroduction" functionality, where the client computer informs the server that it is now present and active. You can configure which Threat Management Server a given client computer reports to and the frequency with which it reports to the server. The server identifies the client and updates its database with the necessary client information, such as the host name and the polling and broadcasting port numbers. Each time the client phones home, the Threat Management Server examines the client and, if necessary, enforces policy and licensing checks. For example, if any settings have been changed on the client computer so that they conflict with the policies defined on the Threat Management Server, the values are automatically reset on the client computer. To use this feature, you do not need to know in which subnet a client resides. If the subnet for a client does not already exist on the server, upon phoning home, it is automatically added. The Phone Home Policy provides the following subtabs: Policy Specifies a descriptive name for the policy and lets you lock the policy. Schedule Specifies when and how often a computer will phone home to a specified Threat Management Server. You can set up the client computer to report to the server on a regular basis. Additional Specifies communication settings. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Managing Policies 65 Using the Policy Management Tab Using the Policy Management Tab Use the Policy Management tab to perform the following tasks: Create, modify, and delete policies Assign or remove policies to or from a branch The Policy Management tab provides the following subtabs: Policy Specifies a descriptive name for the policy and lets you lock the policy. Policy type subtabs Specifies the policy settings for each type of policy. The subtabs displayed change based on the type of policy you want to create. Creating Policies The policy options you specify from the eTrust Threat Management Console can be applied to any computers in the branches of your Organization tree. In addition, you can control whether the end user can change the options. To access these policy options, select eTrust Antivirus from as the Application drop-down list, and then the option you want from the Type drop-down list. Subtabs appear on the right side of the tab for each policy type. After you specify policy settings, the policy instance appears in the Policies list area. When you select the policy instance, the settings for that policy appear in the subtab on the right side of the tab. With the settings displayed, you have the option to edit the settings. For information about policy options, see the online help. Assigning Policies After you create a policy instance, you can apply the policy to a branch in the Organization tree. To assign policy, select it from the Policies list area and click Assign in the Assigned To area. In the Assign Branch dialog, select a branch and click the right arrow. Repeat this process to assign the policy to more than one branch. When all the branches appear in the right column of the Assign branch dialog, click Assign Branches. When you apply a policy to a branch, the policy applies to all the sub-branches in that branch, and to all the computers in the branch. Note: You can also assign policies using the Organization tab. 66 Administrator Guide Using the Policy Management Tab Viewing Assigned Policies To see where a policy instance is applied, highlight the policy name in the Policies list area. The branches to which this policy is applied will appear in the Assign To area. You can remove a policy from a branch by selecting the branch name in the Assigned To list, and clicking Remove. If the policy is applied at the branch level, the branch name is listed. If the policy is applied to a sub-branch, but not to the parent branch, the path of the sub-branch is listed, in the form of branch/sub-branch. Viewing Scheduled Job Policy Logs When you select Scheduled Jobs from the policy type drop-down list, the Log subtab appears in the lower portion of the Policy Management tab. Using this subtab, you can view log result statistics for scheduled jobs. For each scheduled job dispatch time, a log entry will be created for every time the job ran. The log entry shows summary statistics on the number of computers on which the job was run, along with success and error count statistics. To get more detailed information for what transpired on a given computer, click the log for each computer on which the job was run. Statistics for scans on each computer include the total number of files scanned, the total number of infections found, and the number of files cured. Managing Policies 67 Chapter 7: Working with Clients This chapter contains information on managing individual computers using the Client tab. You can find detailed descriptions for each option and procedures for performing client-related tasks in the eTrust Threat Management Console online help. Managing Individual Computers In many large enterprises there may be a need for a specific computer to require a special set of policies that are different from the policies used to manage other computers. Using the Client tab you can specify the special policies that should be applied to an individual computer. Policies applied to a specific computer using this method temporarily override any policies that you apply to the branch in which the computer resides. However, the next time the Threat Management Server discovers the computer, it will reset the policies back to those applied to the parent branch. If you have the need to define a permanent, special policy for a given computer (one that the Threat Management Server will not reset), you can use the following process to maintain policy control over that computer: Create a special branch or sub-branch in the Organization Place the computer(s) into the branch or sub-branch Create the special policy Assign the policy to the branch or sub-branch The Client tab also lets you view the properties and logs for a specific computer, and allows you to start, restart, or stop services. Working with Clients 69 Using the Clients Tab Using the Clients Tab Use the Clients tab to perform the following tasks on a specific computer: View client properties Assign a computer to a branch View scanning, distribution, and general events logs View, assign, and modify policies Start, restart, and stop eTrust Antivirus services Purge logs The Client tab provides the following tabs: Properties Lets you view information about a specific computer, assign policies to the computer, and start, stop, or restart services. Logs Lets you view the logs of a specific computer. For complete option descriptions for each of these tabs, see the eTrust Threat Management Console online help. Assigning a Computer to a Branch You can use the Client tab to assign a computer to a branch by clicking Assign, which is located on the Properties subtab. When you click Assign, the Organization dialog appears and allows you to drill down to the branch or subbranch of the tree where you want to add the computer. Assigning Policies to a Computer Use the Properties subtab to apply policies to a specific computer. With the computer displayed on the Properties subtab, click the Assign button for the policy type you want to assign. A dialog appears listing all of the current policies for that type. You can select a policy from the list and click OK. For more information, see Managing Individual Computers (see page 69). 70 Administrator Guide Using the Clients Tab Managing Services The Services Control area on the Properties subtab provides a convenient way to access the Computer Associates eTrust Threat Management products services running on the client computer. It is similar to the Windows NT Services feature and can be used for managing background processes on the Windows 9x operating system or for managing daemons under UNIX. After finding a computer on the Client tab, click the Properties subtab to view, start, and stop services. The following services can be managed from the Services Control area: eTrust ITM Job Service Schedules background tasks such as scan jobs and content update downloads. On Windows, this agent is InoTask.exe. eTrust ITM Realtime Service Provides realtime, on-access scanning. On Windows, this agent is InoRT.exe. eTrust iGateway Service Provides the host service for the eTrust Threat Management Agent interface. eTrust ITM RPC Service Listens for the administrative server's discovery and policy requests. On Windows, this agent is InoRPC.exe. eTrust ITM Server Service Discovers clients and enforces policy throughout the network. Note: This service only appears if the eTrust Integrated Threat Management server component is installed on this computer. eTrust ITM Web Access Service Handles communication between the Java GUI layer and the native function interfaces. On Windows, this agent is InoWeb.exe. Note: This service only appears if the eTrust Integrated Threat Management server component is installed on this computer. Note: On UNIX and OS X, the agent names do not use the .EXE extension. Working with Clients 71 Using the Clients Tab Viewing Logs Use the Logs subtab to view the logs for a specific computer. You can locate the computer whose logs you want to view by entering the name of the computer in the Node Name field and clicking Find. Once the client is found, click the Logs subtab and select the type of log you want to view from the drop-down list. You can view the following types of logs: eTrust Antivirus - Shell Scanner Contains scanning logs for the client computer for scans initiated through the Windows only Shell dialog, available from the Scan for Viruses option of the right-click pop-up menu in Windows Explorer. eTrust Antivirus - Realtime Scanner Displays the Realtime Monitor scanning logs for the client computer. Realtime scanning information is appended to the existing log, so there is only one log entry for each day. eTrust Antivirus - Scan Jobs Shows a list of logs that contain the results of the scan jobs that have run on your local computer. This includes both local and scheduled scans. For each job, there is a scan log that contains the results for each time that the job has run, listed by the date and time. If a job only runs one time, you have one result log. If the job runs periodically, there is a unique result log for each scan job. You can view the scan job logs for the local computer, both locally initiated and remotely initiated. An authorized administrator can view scan job logs for multiple computers, using the eTrust Threat Management Console. General Events Displays logging information of general events for each day. You can also see operating system error codes here. This category displays the following types of messages: Critical Message This is the highest level message. It requires immediate attention once logged. This message could mean there is a serious threat was detected, or there is a problem with the service, such as an error loading an engine. Warning Message This second priority message provides non-critical warning information. Informational Message This type of message provides information on events such as a service starting or stopping. 72 Administrator Guide Using the Clients Tab Distribution Events Displays logging information of content distribution events for each day. Events are recorded for any actions that occur during the content update and distribution process. This includes details about connecting to a distribution source, starting and stopping a download, and information about whether the content has been downloaded successfully. Logs Stored in Standard Database Format All log information is stored in a DB directory, in a file format that is accessible by standard database tools that support the ODBC (Open DataBase Connectivity) standards. This log file is named by the month, day, year, and time of day that it is created and has an extension of .DBF (.dbf on UNIX and OS X systems). Collecting System Metrics Information On Windows systems, the system metrics features let you collect information about antivirus activity to analyze the impact of this activity across your enterprise. The collection methods and features are as follows: Command line utility for login scripts or schedulers Monitoring realtime statistics with the Performance Monitor Purging collected records All log information is stored in a file format that can be accessed by standard database tools, using the ODBC (Open Database Connectivity) standards. Working with Clients 73 Using the Clients Tab Performance Monitor Through the standard Windows NT, Windows 2000, and Windows Server 2003 Performance Monitor application, PERFMON, you can monitor realtime antivirus activity. The Performance Monitor, using counters, can monitor the following realtime information: Boot Virus Infections Cure Errors Cured Boot Virus Infections Cured Files Deleted Files Found Virus Infected Files Moved Files Renamed Files Scan Error Scanned computer Scanned Files Scanned Files in Archives For more information about monitoring activity, see the appropriate Windows Performance Monitor documentation. Purging Logs For each client computer, you can determine whether you want to save all logs or delete them after a certain number of days. From the Client tab, you can click the Assign next to Purging Logs in the Policies area of the Properties subtab. 74 Administrator Guide Chapter 8: Managing User Access This chapter contains information on managing user permissions using the User Management tab. For detailed information on user management options and procedures, see the eTrust Threat Management Console online help. Managing User Access 75 Threat Management Server Access Considerations Threat Management Server Access Considerations Administrators and users can be granted access to the Threat Management Server and eTrust Threat Management Console based on existing user accounts on the computer where the Threat Management Server resides or elsewhere on the network. Note: These access permissions apply to the Threat Management Server and not to the management of the operating system of the computer where the Threat Management Server resides. The following types of accounts can have access to the Threat Management Server: The operating system administrator or root account on the computer where the Threat Management Server resides The account used to install the Threat Management Server (root user in UNIX systems, a user with administrative privilege on OS X) Authorized administrator accounts The eTrust Threat Management Console's built-in security features let you grant control to personnel charged with managing eTrust Antivirus in your enterprise as needed, including providing a generic guest account, without compromising operating system security. The access permissions for authorized administrator accounts on the Threat Management Server are independent of the authority granted to the account by the operating system. Only valid, authorized administrator user accounts can access the eTrust Threat Management Console to manage eTrust Antivirus. The management functions the authorized administrator can perform are based upon the permissions granted to that user account. Authorized administrator accounts can, in turn, grant permissions to other accounts. The authorized administrator defines a user's privileges in the eTrust Threat Management Console by setting access permissions for that user. These permissions are applied to the subnets and branches in the Organization tree. When a user attempts to log onto the Threat Management Server, the server examines these settings to determine if the user is valid and what permissions he or she has. To do so, the Threat Management Server component consults its own internal security table. 76 Administrator Guide Threat Management Server Access Considerations Operating System Administrator Account The operating system administrator or root account on the computer where the Threat Management Server resides is automatically granted full control of the root categories of the Subnets and the Organization tree. This account, therefore, has administrative control over both the Threat Management Server computer and the features available from the eTrust Threat Management Console. For Windows, this is the Administrator account. For UNIX and OS X systems, this is an administrator account with root privileges. This administrator account on the Threat Management Server can in turn assign a user with a valid account on the Threat Management Server to an authorized administrator account. Threat Management Server Installer Account Similar to the privileges that are automatically assigned to the operating system administrator account, the account that installs the Threat Management Server is also automatically granted full control of the root categories of the subnets and the Organization tree. If the account used to install the Threat Management Server is different from the operating system administrator account, when you display the access permissions, you will also see the separate installer account appear in the list of user accounts. If the operating system administrator account is used to install the Threat Management Server, then a separate installer account will not be created. Note: UNIX systems do not use a separate account to install eTrust Threat Management products. The root user installs the product. Granting Administrator Rights at Installation Time In some cases, to manage computers in a large network, you might want to grant administrator rights over many computers to the administrator of the Threat Management Server. A Threat Management Server administrator is automatically given administrative privileges on a client computer if the IP address of the Threat Management Server is specified to the client computer when the Threat Agents are installed. This can be accomplished by customizing the inoc6.icf configuration file. This creates a trusted relationship that lets an administrator put computers in branches without requiring separate login and password information for each computer. For more information, refer to the sample inoc6.icf file provided with the product. On NetWare, you can set an approved Threat Management Server using ETRUSTAV. In addition, the NetWare installation uses the INOC6.ICF settings, which can be preset to use an approved Threat Management Server, as under Windows. Managing User Access 77 Threat Management Server Access Considerations Authorized Administrator Accounts The operating system administrator account can grant access permissions to other users that have valid operating system accounts on the computer where the Threat Management Server resides, or to existing accounts on the network. Users that are given these rights are referred to as authorized administrators for the security network. To connect to the Threat Management Server computer, a user must have a valid account on the computer where the Threat Management Server resides. Before a user can manage branch policies in the Organization tree, an authorized administrator must first set access permissions for that user's account. These permissions determine the user's ability to change policy settings and perform other management tasks. Note that if the user wants to add a computer to a branch, he or she must have administrative authority for that computer. Authorized administrator accounts do not have any special permission on the operating system where the Threat Management Server resides. They can be granted different levels of permissions within the eTrust Threat Management Console; from full access to all features of the eTrust Threat Management Console, to read-only access. You can set permission levels based upon the needs of your enterprise. An authorized administrator has great flexibility in assigning these access permissions. 78 Administrator Guide Types of Access Guest Accounts You can create a guest account on the Threat Management Server for other users to sign on to the Threat Management Server and use the eTrust Threat Management Console. For example, on Windows NT or Windows 2000, you can use the Guest account on the computer where the Threat Management Server resides to create an account for authorized users to log onto the Threat Management Server as needed. By copying the Guest account to a new account and giving it a name of InoAdmin, for example. Then use the eTrust Threat Management Console access permissions options to grant Full Control to this new account. Users who then log onto the Threat Management Server with this account are granted full control of the eTrust Threat Management Console and its features, but have very limited access to the Windows operating system on which the Threat Management Server is running installed. Note: Whatever account you use as a model for a guest account will retain any operating system permissions that it already has. This method of using a guest account lets you provide access to the eTrust Threat Management Console as needed, without the need to create a separate account for each remote administrator who wants to access the Threat Management Server. You may also create different types of generic accounts with different levels of access, and make them available to administrators as needed. Types of Access When a user connects to the computer that hosts the Threat Management Server, the system first checks to see that the user has a valid account on the computer. If it is valid, then access is granted to the eTrust Threat Management Console, based on the permissions set for that user by an authorized administrator. Access rights Organization tree, policy, and subnet management. The following table lists the types of access and the associated permissions: Type of Access Permissions None User has no access. Read User has read access to the Organization and Discovery tabs. Access to view an object in the list and its associated properties, but no access to make changes or move a computer to a different category. Managing User Access 79 Types of Access Type of Access Permissions Change User has change access to the Organization and the Discovery tabs. Access to see an object and its properties in the list, access to make changes to the policy settings applied to a branch, and ability to move a computer to a different branch. Delete User has access rights to delete the selected item. Includes Change Permissions. Cannot add users. Full Control User has full control. Can add users and grant access for managing access permissions to other accounts. Note: Permissions are cumulative. For example, a user with Change permissions also has Read permissions. A user with Delete permissions also has Change and Read permissions, and so on. User Rights Characteristics After access rights are applied for a user, these rights have the following characteristics: User Identifies the user with access to the selected branch, including the domain the user is in. Rights Indicates the access rights that the user has for that branch. Reason User rights can be inherited or specified: 80 Administrator Guide Inherited indicates that the user rights applied to the branch have been inherited from user rights applied at a higher level in the hierarchy, such as the root of the Organization tree. Specified indicates that the user rights applied to the branch have been applied to this particular level of the hierarchy, such as the root of the Organization tree. Using the User Management Tab Access Example for Different Accounts The following table shows how different access rights can be assigned to different accounts: Authorized Administrator User 1 User 2 Organization tree (root object) Full Control Change Read Accounting Full Control Change Read Sales Full Control Change Read Travel Full Control Change Read Branch All the accounts in the example have access to the Organization tree. The authorized administrator has full control. This account can manage all the branches in the tree and can set policy for all the computers in the branches. User 1 has change access, and User 2 only has read access. These rights would apply to the policy and subnet management, as well. Using the User Management Tab Use the User Management tab to perform the following tasks: View current users and their permissions Add users and permissions Remove users and permissions Modify user permissions The User Management tab lists current users in the Current Users area, and provides options for adding new users in the Add user area. In addition, you can delete existing users from the Current Users area by selecting a user and clicking Delete. To modify an existing user, select the checkbox next to the user's name, and click Edit. Note: You can also view user permissions on the Organization tab by selecting Permissions from the drop-down list. Managing User Access 81 Chapter 9: Generating and Viewing Reports This chapter contains information for generating and viewing reports from the Reports tab of the eTrust Threat Management Console. For detailed descriptions for each report option and report procedures, see the eTrust Threat Management Console online help. Reports The Reports tab provides access to a wide variety of reports. From this tab you can generate and view reports for discovery statistics, managed machines, scheduled jobs, Top 10 threats, categorized reports, and mail option reports. Many reports provide color graphs, augmented by summary and detailed information, as well. You can also view domain reports for computers in your network that are grouped into domains that were discovered by the Threat Management Server, whether they are running eTrust Threat Management products or not. The Threat Management Server generates the reports based on the information collected from each client computer. You determine the start date for the reports, and how often they are generated by using the Report Scheduler options located on the Report tab. Generating and Viewing Reports 83 Reports Discovery Statistics Reports The Discovery Statistics reports provide statistical information from the Threat Management Server for all discovered computers, as well as those that have expired. Expired computers are those that missed being discovered beyond the number specified in Max Missed Discoveries option on the Discovery tab. You can view these reports by clicking the Machine Information Report folder, which contains the following reports: Deployment Displays a list of all eTrust Threat Management products currently installed, grouped by operating system. If a Windows XP computer has both eTrust Antivirus and eTrust PestPatrol installed, the report increments both Antivirus and PestPatrol numbers by 1 for that operating system. If the computer has only eTrust Antivirus, only Antivirus is incremented by 1 for that operating system. Load Per Server Displays the load on the downloads sources assigned for content update download in the top three preferences. The report shows the number of computers that have each server listed as a primary or a secondary distribution source. Load Per Policy Displays the distribution load on a per policy basis. The report shows the number of computers that have each policy listed. Signatures Displays the number of computers that have the virus and pest scanning engines installed. It includes the engine name, number of computers with the engine installed, as well as the counts for each signature or DAT file version detected in the subnets. Signature Exception Displays the current version of the signature or DAT file versions for this Threat Management Server, and using this information as a benchmark, shows up to three out-dated signature versions detected for each engine on discovered computers. Note that the most recent, not the oldest, outdated version is shown. Signature Exception Details Displays the details of all computers with any of the three outdated signature versions detected in the Signature Exception report. The computer's name, IP address, and MAC address is shown, as well as the Threat Management Server and branch to which the computer belongs. 84 Administrator Guide Reports Managed Machine Reports The Managed Machines reports display information about managed and unmanaged machines. Computers that have eTrust Threat Management products installed and are being managed by this Threat Management Server are considered managed machines. Computers that do not match this criteria are considered unmanaged machines. The Threat Management Server must have a discovery definition for the subnet where a computer resides in order to manage it. The reports are generated by enumerating and comparing all domains in a network to the discovered computers in the Threat Management Server database. A match indicates a managed machine; otherwise, the machine is unmanaged. Domain Summary Displays every domain detected, and the number of managed and unmanaged machines for each domain. Protected Machines Total Displays information about the computers that have eTrust Threat Management products installed, with details including domain name, IP address, branch name, and product version. Unprotected Machines Total Displays information about the computers that do not have eTrust Threat Management products installed, with details including associated computer name and domain name. Microsoft Windows Network Displays managed and unmanaged machines, by domain name. Generating and Viewing Reports 85 Reports Scheduled Job Reports The Scheduled Job reports displays summary information about the scheduled virus and pest scanning jobs. The report contains the following information: Machine Name Name of the computer the job is pushed to by the Threat Management Server. Report Time The time that the scan job reports back to the Threat Management Server as completed. Error The number of errors encountered by the scan job. Files Scanned The number of files scanned by the scan job. Files Cured The number of files cured by the scan job. Top 10 Reports The Top 10 reports display the most widely detected threats on your network, grouped into various time-frames. The time frame is calculated based on the local time zone where Threat Management Server is located. You can also view this information by computers and users. The following reports are available: Top 10 Virus Report Displays a top-ten virus summary and a list of all viruses detected grouped into time-frames. Top 10 Pests Report Displays a top-ten pest summary and a list of all pests detected grouped into time-frames. Top 10 Machines Report Displays discovered computers most often infected by viruses and pests, grouped into time-frames. Top 10 Users Report Displays user most often infected by viruses and pests, grouped into timeframes. 86 Administrator Guide Reports Categorized Reports These reports are broken down into categories by subnet, branch, user, computer, and by the action taken on the threat. The following reports are available: Per Virus Reports / Per Pest Report Virus report displays detailed information for each virus detected. Pest report displays detailed information for each pest detected. You can get specific information about a particular virus or pest by clicking the virus or pest name. These two reports provide the following subdivisions: By Subnet Displays detailed information about the detected virus or pest using the subnet category. By Branch Displays detailed information about the detected virus or pest using the branch category. By User Displays detailed information about the detected virus or pest using the user category. By Computer Displays detailed information about the detected virus or pest using the computer. By Action Displays detailed information about the detected virus or pest using the action category. Per Pest Category Report Displays detailed information about detected pests by pest category. Note: When you view pest reports, such as the Per Pest Report, the number of pest detections may appear as an alarmingly high number. This is because a pest is typically made up of many different items (several files, several key registries, etc.) and the total number of detected items for each pest is reflected in the report. Per Machine Reports Displays summary information for each virus or pest found, categorized by computer name. Per User Reports Displays summary information for each virus or pest found, categorized by user name. Generating and Viewing Reports 87 Reports Mail Option Reports The following reports are available for the Lotus Notes and MS Exchange mail servers: Per Virus Reports Displays every virus detected on your email servers. Per Machine Reports Displays detailed information for every email server that has reported viruses in emails. Per User Reports Shows detailed information for every email user that has reported a virus or pest. 88 Administrator Guide Forwarding Log Information Forwarding Log Information The reports you view on the Reports tab are generated by the Threat Management Server. The threat detection reports are based on data that must be collected from client computers. The following steps describe the configuration process for collecting this data and generating reports: 1. Configure the subnet definitions for your security network. 2. Add the discovered client computers to the branches in your Organization tree. 3. Set up log forwarding, as follows: Forward Logs from Client to Threat Management Server On a client computer, set the Alert options to forward logs to the Threat Management Server (or the policy proxy server if your network is setup to forward in an escalation hierarchy level). If you plan on generating reports per discovered threat, make sure to forward logs to the Threat Management Server and set the Custom Notification to the Malware Detection Report category on the Alert Filter tab. In addition, select the service module from the specific messages you want reported. Forward Logs from Threat Management Server to Threat Management Server On a computer hosting a Threat Management Server, set the Alert options to forward logs to itself. For generating reports per discovered threat, make sure to forward logs to the Threat Management Server and set the Custom Notification to the Malware Detection Report category on the Alert Filter tab. In addition, select the service module from the specific messages you want reported. For more information about setting Report Alert options, see Using the Alert Manager (see page 93). 4. Use the Report Scheduler on the Reports tab to schedule the generation of reports. Generating and Viewing Reports 89 Using the Reports Tab Using the Reports Tab Use the options available on the Reports tab to do the following: View reports, summaries, and graphs Schedule the date, time, and frequency of report generation When you first access the Report tab, you see the Application and Domain Report Frequency options on the right side of the page. You can use these options to schedule the generation and frequency of your reports. The Reports tree that appears on the left side of this window helps you to quickly browse through the available reports to select the report you want to view. When you select a report, it appears on the right side of the page. Use the Details and Graph subtabs at the top of the page to go from the report data to the report graph. If you want to return to the Application and Domain Report Frequency options, simply click the Report Scheduler link at the top of the Reports tree. Note: If you are unable to view report graphs, check the active content setting in your web browser. For more information, see Enable Active Content in Internet Explorer (see page 25). 90 Administrator Guide Chapter 10: Managing Licenses This chapter contains conceptual information for managing licenses for your eTrust Threat Management products. For detailed descriptions for each licensing option and procedures for performing licensing tasks, see the eTrust Threat Management Console online help. How Licensing Works The Threat Management Server acts as a license cache for the client computers that it manages. The eTrust Threat Management products installed on those clients are therefore relieved of having to directly interface with the Computer Associates license servers to check licenses. The Threat Management Server performs a daily verification of its licensing information with the Computer Associates Licensing Server (over the Internet using a secure SSL connection) and periodically examines the licenses in its cache to ensure the information is current. Client computers can then validate their license credentials through a simple, local RPC call to the Threat Management Server. If your company requires the use of a proxy server to access the Internet, you can click the Proxy Server button at the bottom of the Licensing tab so the Threat Management Server is aware of your Internet proxy server. This button invokes the Proxy Server Configuration dialog, where you can easily specify your server configuration. Note: If your eTrust Antivirus license expires you will be unable to download content updates, which include the latest signature and DAT files, as well as other program updates. Managing Licenses 91 Using the Licensing Tab Using the Licensing Tab Use the Licensing tab to perform the following tasks: Activate or import license keys Enter or modify registration information View current license information and usage Set up a license proxy server The Licensing tab provides two methods for activating a license. You can use the Activate a Key or Import License File buttons to use either method. The Activate a Key method lets you enter both your registration and licensing key manually. The Import License File method lets you browse to and select a license file. Until you activate your first key, the fields on the Licensing tab are empty. Once you have entered a key and your registration information, the information appears on the tab each time you access it. If you need to change your license or registration information at later time, you will be prompted for a password, which you specify when you enter your first license. Checking Product Usage The Product Usage area of the Licensing tab displays a graph that shows the number of purchased licenses and their current status. The number along the left of the graph indicates the total number of purchased licenses. The colored bars indicate the following: Green indicates licenses are valid for 30 days or more before there is a licensing shortage. Yellow indicates there are less than 30 days before there is a licensing shortage. Red indicates there are not enough licenses to protect all computers on your network. You can use this graph to check product and license usage. You can also get summary information about licensing on the Dashboard tab. 92 Administrator Guide Chapter 11: Using the Alert Manager This chapter describes the use of the Alert Manager component. It contains information about the alert settings that are integrated into the eTrust Antivirus interface. Alert runs on Windows NT, Windows XP, Windows 2000, and Windows 2003 systems. This chapter also describes the use of the Local Alert Manager settings on UNIX and OS X systems. Alert Features The following Alert features let you receive information and messages from client computers: Remote management and configuration of Alert Service Clients can send alerts using IP, in addition to the standard IPX protocol Messages contain full paths of any virus-infected files Basic Components The basic components of Alert include the following: Alert Service Service that receives, processes, and distributes Alert messages. ALBUILD.DLL DLL that acts as the channel between Alert and other applications. This should be located in the home directory where the software is installed. Alert Manager User interface you use to configure how Alert sends its messages. Using the Alert Manager 93 Alert Forwarding Policy Alert Forwarding Policy You can create alert policies that match to your systems and their uses. A policy for a workstation may be configured differently than one for a server, and another may be configured for the Threat Management Server, based on the roles each of these device types. You can send critical, warning, and informational alerts. An Alert Forwarding policy should be created to forward all alerts to the Threat Management Server. Additionally, a policy should be defined so that the Threat Management Server forwards alerts to itself. This forces the alert to be written to the Threat Management Server’s alert database. On the Threat Management Server, you should further specify policies pertaining to missed polls and discovery timeouts. Additionally, you should establish an alert policy to send realtime alerts to the Alert Manager for handling. By default, each connected client will get a notification message when malicious code is found, even though only one of the clients triggered the alert. To minimize confusion, it is good practice to disable the Realtime Pop-up Messages option on the Advanced subtab in the Realtime Monitor policy and instead have the realtime alerts sent to the Alert Manager for handling. This ensures that the alerts will be directed to the right location where they can be handled most efficiently. Note: If you are using the eTrust Security Command Center Integration Kit, you must have a policy on the Threat Management Server to forward all events to itself and policies on the client machines to forward all their events to the Threat Management Server. You set Alert Forwarding policy using the following settings: Alert Subtab The Report To options found under the Alert subtab define where the alert messages should be sent. Alerts will be sent based on the configuration of the Alert Manager. Choosing Local Alert Manager requires that the Alert Manager is installed locally on the desktop or server. Choosing Event Log lets you use the Windows Event Logs to review the alerts. On the server running the Alert Manager, you must have a policy in place to send all received alerts to the Local Alert Manager. You need to send alerts to either a server acting as an event queue or directly to a server running the Alert Manager service. Enter the appropriate server name in the Machine Name field. The Forward to client name field is used to forward the alerts to another computer. 94 Administrator Guide Alert Forwarding Policy The Queue Up value is used to queue alert messages before forwarding. For testing the installation, it is recommended that the Queue Up value of 10 be decreased to 0 or 1. By reducing this value, messages are delivered more quickly, reducing testing time. Set the value at 1 to provide a immediate issuance of alerts. Time Out values specify the amount of time after which messages are sent regardless of whether the Queue Up value has been reached. For example, if the Queue Up value is set to 10, after 5 minutes, any messages in the queue are forwarded even if the queue is not full. The last value is the Skip Older Than value, which removes any message in the queue older than the value indicated. Alert Filter Subtab The Alert Filter subtab offers you the option of receiving all informational, warning, and/or critical alert messages generated. Alternately, you can select specific alerts in the custom notification options. By selecting only those alerts you require, you reduce excessive and unnecessary alerts thus improving the signal to noise ratio that administrators will be working with. For example, you may want to send critical alerts only. This can easily be accomplished using the Alert Filter Subtab. If you select custom alerts, you can further customize your policies and choose from a list of alerts. At a minimum, it is recommended that you always send critical alerts. The following is a suggested list of alerts to select: Workstations: Malware Detection Report Local Scanner Realtime Scanner Job Server Servers: Malware Detection Report Local Scanner Realtime Scanner Job Server – Information - Scheduled Scan Job (%s) has been cancelled ITM Server – Critical – Select the database errors – Information – The Threat Management Server has stopped – Critical – A poll to subnet %1 timed-out Using the Alert Manager 95 Alert Manager Note: Alert policies must be defined for in order for several of the reports provided with the product to function. Without the data provided by these alerts, there will be no data to report against. For more information about creating Alert Forwarding policy, see the Alert online help. Alert Manager The Alert Manager is a centralized management component that sends alerts generated by the client computers and servers running eTrust Threat Management products to other destinations. The Alert Manager receives alerts based on the Alert Forwarding policies that you deploy. The following graphics shows the Alert Manager interface: 96 Administrator Guide Sending Alert Emails Sending Alert Emails There are a number of settings available when configuring the Alert Manager. The following three options are available for sending alert messages by email: Lotus Notes Microsoft Exchange SMTP Use the SMTP option if you are not running Lotus Notes or Microsoft Exchange, or you do not want to configure those options within the Alert Manager. The SMTP options only require an email address and a valid user's name. Once an alert is received, it will be sent to the specified email address. Alternately, you can configure the Lotus Notes and Microsoft Exchange options. There must be a Microsoft Outlook (MAPI) client installed on the computer running the Alert Manager. The credentials used to log into the client should be those of a member of the mail administrator’s group with the appropriate service rights. Contact your mail administrator for assistance in setting up the MAPI client with the appropriate credentials. You can send alerts through a broadcast message to a user's screen, a printer, or an event log. Numeric and alphanumeric paging is also offered using dialup or email. To do this, you need a modem in the computer and a telephone line. If you know how to alert someone using a pager, you can take advantage of SMTP also. Sending Alerts to Unicenter and eTrust Security Command Center You can also integrate the Alert Manager with Unicenter, eTrust Security Command Center, and/or eTrust Audit. Unicenter provides enterprise network management, offering a centralized console and automated actions that can be performed in response to the event being detected. Activating the Alert integration to eTrust Security Command Center or eTrust Audit enables the alerts to be sent to the eTrust Audit collectors. Once received by eTrust Audit, the eTrust Audit facilities can be used to further filter and relate these messages with other events, initiating specific actions, including the sending of other alerts. Additional integration can be achieved with eTrust Audit and eTrust Security Command Center using the Product Integration Kits (PIKs), which are included with eTrust Security Command Center. For more information about integrating with eTrust Audit or eTrust Security Command Center, see the appropriate product’s documentation. Using the Alert Manager 97 Running the Alert Manager Running the Alert Manager You can use the Alert Manager to select a remote computer to manage alert messages. Before you start Alert, you must establish a Service Account connection and select a remote computer. Alert Manager Tree The Alert Manager tree has two main branches: Activity and Configuration. Under Activity, a historical listing of alerts (Activity Log) is accessible. When you select the Alert Summary option, the current status of Alert is shown. Every message generated by Alert is stored in the Event Log. You can view, print, or clear these logs. For directions, see the Alert online help. You can configure the Event Log destination so that Alert will put an event for a selected server in the Event Log of that computer. Under Configuration, the Ports object lets you configure communication ports. The Default object lets you configure default settings used by all applications that use the Alert service. You can also enter configuration information specifically for an individual application, which will override the default Alert configuration. eTrust Antivirus, a third object, is packaged with the Alert Manager and is an instance of this. All applications calling Alert specify one of the following Event Priorities: 98 Administrator Guide Critical Warning Informational Alert Manager Tree Configuring Communication Ports The Ports object, located under the Configuration branch, contains communication port profiles. The following port configurations are used by the Pager and any function that utilizes serial port access: Port The name of the communications port you want the pager message to be broadcast from. Baud Rate The baud rate being used by your modem. Parity The parity setting, none, odd, or even, of your modem. Data Bits The number of data bits, 7 or 8, that your modem uses. Stop Bits The number of stop bits, 1 or 2, that your modem uses. Configuring Alert Settings You can configure various methods for sending your alert messages. Broadcast Option The Broadcast option is located under the eITM object in the Configuration branch. Alert broadcasts can be sent to specific network users or groups. To learn about adding broadcast recipients, see the Alert online help. Unicenter TNG Option The Unicenter TNG option is available from the CA Unicenter object, located under the eITM object in the Configuration branch. The Unicenter TNG option makes it possible to send a message to the Unicenter TNG console or the Unicenter TNG WorldView repository, or both, when an alert is generated. Note: The Alert application must run on both the Event Management machine as well as the Unicenter TNG WorldView machine. For information about how to send a message to the Unicenter TNG Console, or to the Unicenter WorldView repository, or both, refer the Alert online help. Using the Alert Manager 99 Alert Manager Tree Sample TNG Alert Scenarios Sample scenarios of tailoring Alert messages sent to the Unicenter TNG Console are described in the subsequent topics. Example 1 If you want to send informational alerts to the Unicenter TNG Console using blue text, for example, configure a recipient as follows: Option Setting Application Event Priority Informational (display-only) Severity Informational Color Blue Send to console Selected In the TNG WorldView group: Selected Update object status in WorldView repository Example 2 If you want to send error alerts to the Unicenter TNG Console using red text, and have the object status in the WorldView repository updated, configure another recipient as follows: Event Priority Description Application Event Priority Critical (display-only) Severity Error Color Red Send to console Selected In the TNG WorldView group: Selected Update object status in WorldView repository 100 Administrator Guide Alert Manager Tree eTrust Audit Option The eTrust Audit option is located under the eITM object in the Configuration branch. Use the eTrust Audit option to send a message to the eTrust Audit Viewer or Security Monitor when an alert is generated. Use the Recipients (Routers) dialog box to add a domain or an individual server to the recipient list. Email Option The email option is available as either the Lotus Notes or the Microsoft Exchange option, located under the eITM object in the Configuration branch. The email option is used to send email messages to specific users. Important! The Microsoft Exchange or Lotus Notes Client must first be installed on your computer in order to be able to send messages or enter configuration data on this screen. Consult the appropriate Windows documentation for instructions about how to set up your email account. Pager Option The Pager option is located under the eTrust Antivirus object in the Configuration branch. The Pager option is used to a send a numeric or alphanumeric pager message. When you highlight the Pager option, the current list of recipients appears. To learn how to add pager recipients, refer to the Alert online help. Note: Before you can add pager recipients, you need to configure your communications ports. Note: When sending an alphanumeric page, consult your pager manual for proper modem settings. Interpreting the Pager Message There are several messages similar to the ones below that can be sent to an alphanumeric pager. Words that appear in italics are filled with an actual user name, workstation address, path and file name, virus name, or server name. Boot Virus Detected (username at workstation address) Manager Detected a Virus [virusname] in [path] (username at workstation address) Infected File [servername/path] Detected Infected File [path] Accessed by username at workstation address Using the Alert Manager 101 Alert Manager Tree SMTP Option The SMTP option is located under the eITM object in the Configuration branch. Use the SMTP option to provide information for Alert to send messages using SMTP (Simple Mail Transfer Protocol). You can enter an email address for a recipient and send the message over the Internet. SNMP Option The SNMP option is located under the eITM object in the Configuration branch. You can use the SNMP option to send an SNMP ‘trap’ (message) to an SNMP manager. Examples of SNMP managers include Unicenter, NetWare Management System (NMS), HP OpenView, and IBM Netview. The Alert online help explains the fields on the SNMP Configuration window and how to use them. Trouble Ticket Option The Trouble Ticket option is located under the eTrust Antivirus object in the Configuration branch. Trouble Ticket is used to alert users through a printed document. Testing the Recipients You can click Test on the toolbar to test any of the Alert messaging functions without an actual “alarm” condition. For more information about this, see the Alert online help. Note: You must test any features after the configuration is completed. Be sure to inform any Alert recipients that a test is taking place. 102 Administrator Guide Local Alert Manager for UNIX and OS X Systems Local Alert Manager for UNIX and OS X Systems Under UNIX and OS X, you may use the Local Alert Manager setting to send notification information to a shell script that you write yourself. The script then takes any action you indicate, such as sending an email to a specified address when the eTrust Antivirus detects a virus. Use the script InoSetAlert to specify the name of the script that you want to run when an alert is generated. For example, the command below causes /home/myfiles/myscript to be used as the alert script: InoSetAlert /home/myfiles/myscript The following command turns the feature off: InoSetAlert -delete Under OS X, you can also indicate an alert script to be run in the eTrust Antivirus Preference Options panel that can be run from System Preferences panel. eTrust Antivirus sends specific information, which it receives as standard script arguments such as $1, $2, and so on, to the script. These arguments, in order, are: 1. Time of the event (as a string, such as "10:15:20 AM 22-Jan-2001"). 2. Code number for the event. The code number for a virus detection by Realtime is 26. 3. The severity of the event: 1=Information, 2=Warning, 3=Error. 4. The name of the node on which the event occurred. 5. The text of the message generated by eTrust Antivirus. Using the Alert Manager 103 Appendix A: Using the Command Line Scanner Inocmd32 Command line scanners are provided for most of the platforms supported by eTrust Antivirus. On Windows systems, use the INOCMD32.EXE Command Line Scanner to perform scans from the command line. Scan results are displayed on the screen during the course of the scan, and are also saved in the scan log for viewing or printing at a later time. On UNIX systems, which are case-sensitive, and on OS X systems, use the command inocmd32. Note: On eTrust Antivirus 7.0 or 7.1 for NetWare, use the ETRUSTAV console application to perform scanning. For more information, see Using the ETRUSTAV Console Program (see page 147). The command syntax for INOCMD32 is: inocmd32 [-options] file|directory|drive Each option is preceded by a dash -. Some options have associated action choices. Specify at least one file or directory to scan. On Windows systems, you can specify a drive to scan. Examples: inocmd32 -ACT cure -SCA mf -LIS:myscan.txt c:\temp This command invokes the INOCMD32 Command Line Scanner to scan the drive and directory c:\temp, sets the file action ACT to Cure, sets the special cure action SCA to Move File if Cure Fails, and sends the scan results to a file named myscan.txt. inocmd32 -NEX -ARC /home/myfiles This command invokes inocmd32 to scan the UNIX directory /home/myfiles and all its subdirectories, and to scan archive files, which are identified by their contents rather than their names. Using the Command Line Scanner Inocmd32 105 Scanner Options for Inocmd32 Scanner Options for Inocmd32 The following scanner options are available for Inocmd32: ENG engine The type of engine to use: Ino The InoculateIT engine. Vet The Vet engine. MOD mod Scan mode. Use MOD to set the scan Safety Level. Secure Use the Secure mode as the standard method for scanning files completely. Reviewer If you suspect you have an infection that is not being detected by the Secure mode, you can use the Reviewer mode. Default: Secure ACT action Infected file action. Specify what to do with an infected file. Use one of the following action options: Cure Attempt to cure an infected file automatically. Even if the infected file is cured, we recommend that you delete the infected file and then restore the original file from a backup. Rename Automatically rename an infected file. With this option, an infected file is renamed with an AVB extension. Infected files with the same name are given incremental extensions in the form AV#. For example, FILE.AV0, FILE.AV1, and so on. After a file is renamed with an AVBtype of extension, it is not scanned subsequently. Delete Delete an infected file. Move Move an infected file from its current directory to the Move folder. Default: Report Only 106 Administrator Guide Scanner Options for Inocmd32 EXE Scan specified files only. The list of file extensions indicated by the Specified Extensions Only option for regular files in the interface determines which files are scanned. EXC Exclude files from scanning. The list of file extensions indicated by the All Except the Specified Extensions option for regular files in the GUI determines which files are excluded from the scan. ARC Scan archive files. Use this option to scan compressed files. ARF Apply extension filter to the contents of archived files. NEX Detect compressed files by content, not by file extension. NOR On Unix, skip remotely mounted file systems. NOS No subdirectory traverse. Use this option to exclude from the scan the subdirectories in the specified directory. FIL:pattern Only scan files that match pattern. Use shell wildcard patterns to select files to scan. Example: The pattern *.doc will scan only files with a .doc extension. SCA action Special Cure Action. Use this option when the ACT action is set to Cure. Use one of the following SCA actions. CB - Copy Before A copy of the original file is made, and the copy is moved to the Move folder before the cure is attempted. RF - Rename if Cure Fails If a file cannot be cured, it is renamed with an AVB extension. MF - Move if Cure Fails If a cure fails, the infected file is moved from its current directory to the Move folder. MCA action Macro Cure Action. Use one of the following action options. Using the Command Line Scanner Inocmd32 107 Scanner Options for Inocmd32 RA - Remove All All macros are removed from the infected file. RI - Remove Infected. Only the macros that contain infected code are removed from the infected file. SPM mode Special Mode. Use this option to run a scan with one of the following modes: H Specifies the Heuristic engine to scan for unknown viruses. P Applies actions set by the ACT switch to archived files. SFI Stop at first infection in archive. If this option is in effect and an infected file is found as files are extracted from a compressed file, no additional files in the archive are scanned. SMF Scan migrated files on Windows and NetWare systems. Use this option to scan files that have been migrated to external storage. With this option in effect, files that have been backed up are restored to the local drive and scanned. If this option is not in effect, and there is an entry in a directory for a file that has been backed up and moved off the local drive, the file is not scanned. SRF Skip regular file scanning of archives. If you use this option, compressed files are not scanned. BOO Windows system boot sector scan. The default setting is to Report Only. Use the ACT option to set this option to cure boot sector infections. MEM On Windows systems, scan memory. Scan for infections in programs currently running in memory. LIS:file Use this option when you run a scan and send the scan result list to a specified file. APP:file Append scan report to file. Use this option when you run a scan and append the scan result list to an existing specified file. 108 Administrator Guide Scanner Options for Inocmd32 SYS On Windows systems, enable system cure. Use this option to invoke the system cure facility for any infected file(s) that are found and which have a system cure associated with them. Please refer to the virus encyclopedia on the Computer Associates web site for current information about viruses and associated system cures. Note that in some cases, you must reboot your computer for a system cure to take effect. VER Verbose mode. Use this option to display detailed scan information. COU Activates the file counter. Use this option to return a message after 1000 files have been scanned. The message is repeated each time 1000 files are scanned. COU:number Activates the file counter and sets it to the value indicated. Use this option to return a message after the indicated number of files has been scanned. The message is repeated after the indicated number of files has been scanned. SIG Signature. Use this option to display signature version numbers. SIG:dir Signature directory. Use this option to display signature version numbers of engines in the specified directory. HEL or ? Display command line help. Using the Command Line Scanner Inocmd32 109 Appendix B: Creating Custom Reports Note: The information in this Appendix applies only to Windows. The reports available from the Report tab in the eTrust Threat Management Console are XML files and are stored in the \Program Files\CA\eTrust Antivirus\Avreports directory. You can customize the output of these reports by editing the sample XSL stylesheet, also contained in the \Avreports directory. To set up a schedule for reports, you can use the CfgReport.exe utility, located in the eTrust Antivirus directory. The default report schedule is daily for virus reports and every other day for domain reports. You may also use the CA-InfoReports utility to create reports from various areas of the eTrust Antivirus database. This utility functions in a similar manner to other available reporting solutions. You can install CA-InfoReports from the product media from the \bin\support\report\CA InfoReports directory. We recommend that you install CA-InfoReports on your desktop for ease of access and use. Note: You must copy the \Program Files\CA\eTrust Antivirus\DB directory to your local drive before generating reports. This ensures that the hash store protecting the database does not become corrupted. Should it become corrupted, you can restore the database from a previous tape copy or create a clean database and rebuild your policies and hierarchical structure. You should copy the database to the same directory, as you will have to create an ODBC connection for access by the CA-InfoReports solution. The following reports are included: AdminClient.rep Reports all computers configured with the eTrust Antivirus Admin Client. AdminServer.rep Reports all computers configured with the eTrust Antivirus Admin Server. InoculateITEngine&Signature.rep Reports all computers with their current version information for the antivirus engine and signature for the InoculateIT signature update. InoculateITSignature.rep Reports all computers with their current version information for the antivirus signature for the InoculateIT signature update. Creating Custom Reports 111 Scanner Options for Inocmd32 Misspoll.rep Reports those computers that have missed their discovery poll. Discovery is the polling process that obtains computer and signature version information for management in the Threat Management Server. Policy Violation.rep Reports those computers that have performed policy violations in relation to the policies currently configured on the computer. VetEngine&Signature.rep Reports all computers with their current version information for the antivirus engine and signature for the VET signature update. VetEngineSignatureVersion.rep Reports all computers with their current version information for the antivirus signature for the VET signature update. Additionally, a program called Report Builder.exe is included in \bin\support\report, which can be used to create custom reports from the data within the database. If you want to create custom reports, they can be generated out of the Threat Management Server database. This is accessed through an ODBC connector. The schema of the database is described in Name Server Database (see page 117). 112 Administrator Guide Set Up the ODBC Data Source Set Up the ODBC Data Source To set up the ODBC data source, follow these steps: 1. Choose Settings, Control Panel from your Windows Start menu. In the Control Panel, choose Administrative Tools and then Data Sources (ODBC). The ODBC Data Source Administrator dialog displays: Creating Custom Reports 113 Set Up the ODBC Data Source 2. Click the System DSN tab and then click Add. The Create New Data Source dialog displays: 3. Select Driver do Microsoft dBase(*.dbf) and click Finish. The ODBC dBase Setup dialog displays: 114 Administrator Guide Set Up the ODBC Data Source 4. Enter a descriptive name, such as eTrust Antivirus Database, in the Data Source Name field. Click to deselect the Use Current Directory check box, and then click Select Directory. The Select Directory dialog displays: 5. Browse to the C:\Program Files\CA\eTrust Antivirus\DB\Tree directory and click OK. 6. Click OK in the ODBC dBase Setup dialog. 7. Your ODBC Data Source Administrator dialog displays as follows: Creating Custom Reports 115 Install the InfoReports Interface 8. Click OK. The ODBC connector is now set up. Install the InfoReports Interface CA InfoReports is on the product media in the \bin\support\report directory. To install the InfoReports interface, follow these steps: 1. When you are prompted to install the InfoSuite and the Threat Management Server, click OK to both. 2. Select the pieces you want to install. You must install InfoReports at a minimum. You can install InfoReports Administrator, Sample Reports, and On-Line Documentation. 3. Copy the sample reports to the InfoReports working directory so you do not have to browse for them, which makes reporting easier. Note: When you open a sample report to create a new report, remember to select your new DSN as the data source. To view a report, you can choose File, Print Preview in the interface. 116 Administrator Guide Name Server Database Name Server Database This section explains the meaning of DBF files used in the Name Server database. It discusses the fields and their meanings, and their referential integrity. It is designed to give users a better understanding of the database so that they can retrieve information that cannot be viewed from the user interface. Users can build reports according to their specific interests to query information from the Name Server database. The Name Server database is made of 11 DBF files. Each DBF file contains a table in the Name Server database. User can use Computer Associates’ InfoReport Builder to build a report. Other vendors’ software can also open the DBF file as long as they support ODBC source type and dBase files. Nine example reports build on InfoReport Builder: AdminClient Report: Gives details about all the AdminClient of InoculateIT. AdminServer Report: Gives details about all the AdminServer of InoculateIT. InoculateITEngine&Signature Report: Gives details about all computers have the engine and signature version specifies by the user. InoculateIT Signature Report: Gives details about all the computers have signature version specified by the user. Misspolls Report: Gives the total and details of the computers miss the poll x times. The user specifies X. PolicyViolation Report: Gives details about all computers violate the policy specified by the user. VetEngine&Signature Report: Gives details about all the computers having the Vet Engine Version and Signature specified by the user. VetEngineVersion 1 Report: Gives details about all the computers having signature version higher than the version specified by the user. VetEngineVersion 2 Report: Gives details about all the computers having signature version lower than the version specified by the user. Note: It is very important to copy your database files reside in the directory of InoculateIT into the working directory of CA InfoReport. Otherwise, no report can be generated from the examples. InoculateIT database path (default): C:\Program Files\Computer Associates\InoculateIT\DB\Tree CA InfoReport working path (default): C:\infosuite\working Creating Custom Reports 117 Name Server Database The Leaves.dbf file is needed for the nine report examples to work. Leaves.dbf can be found in the path C:\Program Files\Computer Associates\InoculateIT\DB\Tree\leaves.dbf. To use the examples, follow these steps: 1. Run CA InfoReport. 2. Open the examples using CA InfoReport. 3. Choose File, Print Preview to view the result of the report. Example files: 118 Administrator Guide AdminClient.rep AdminServer.rep InoculateITEngine&Signature.rep InoculateIT Signature.rep Misspoll.rep PolicyViolation.rep VetEngine&Signature.rep VetEngineVersion 1.rep VetEngineVersion 2.rep Name Server Database Database Structure The following is the structure of the Name Server database. Note: The following diagram illustrates the structure of the database and is an accurate representation of how eTrust Antivirus data is organized. It does constitute a thorough representation of how data is accessed or manipulated by the product software implementation level proper. What follows is accurate, illustrative description that helps explain the overall organization of the database. Creating Custom Reports 119 Name Server Database ANALYSIS.DBF This file contains the analysis policy records. 120 Administrator Guide Field Type Description KEY Character Uniquely identifies the analysis policy record. SENDADDR Character E-mail address of the receiver. SUBJECT Character Subject of the e-mail. AUTOSEND Integer Indicates auto status. RPLYADDR Character Reply e-mail address. COMPANY Character Company name of the sender. COMPADDR Character Company address of the sender. PHONE Character Phone number of the sender. SITE Character Site ID of the sender. CONTACT Character Contact Name. computer Logical computer Name. IPADDR Logical IP Address. Name Server Database Field Type Description USERNAME Logical User Name. UPDATE Integer Last Update. DESC Character Description of the policy. ENFORCED Logical If this bit is set, then the entire SENDFORANALYSIS field is cared about. LOCKED Logical If this bit is set, then the analysis settings should be locked down. SMTP Character The name of the SMTP server to send to. Integrity: None AUTH.DBF This file contains the rights that have been given to users. The local administrators and domain administrators will not appear in this DBF, since their access cannot be altered. There must be only one record for each USER/ID combination. Fields: Field Type Description USER Character Contains the SID in NT, or the user ID in Unix. ALLOW Integer A bitmap with each set bit granting the user a right. DENY Integer A bitmap with each set bit revoking a right for the user. If a right is both granted and denied, the right is denied. ID Character A GUID that identifies the object the object applies to. Currently, this may be a branch ID, a hardcoded GUID that identifies all subnet objects, or the null branch ID, which does not grant or deny access to anything, but is used to allow a user to be contained in the user database. Integrity: Field Description USER Must contain a valid SID or user ID for the local system. Creating Custom Reports 121 Name Server Database Field Description ID Must contain a branch ID, the all-subnets ID, or the null branch ID. BRANCHES.DBF This file contains the branches within the Name Server’s database. Fields: Field Type Description KEY Character Contains the unique ID of the branch. NAME Character The display name of the branch. PARENT Character Contains the ID of the parent branch. If and only if the branch is the root branch, PARENT will be the same as KEY. UPDATE Integer Last Update. FLAGS Integer Currently always 0. Integrity: Field Description PARENT Must be a valid branch ID. GENERIC.DBF This file contains the data common to all variable length policies. Currently, these are the real-time and distribution policies. This DBF makes it easy to use structures that actually control the application as policies. Fields: 122 Administrator Guide Field Type Description KEY Character Contains the unique ID of the policy. DESC Character The description of the policy. UPDATE Integer Last update. CARE Character Contains the care bits of the policy. TYPE Integer The type of policy pointed to by KEY. Name Server Database Integrity: A policy file must exist for every key, and the type of the policy must be the same as the TYPE field. JOBS.DBF This file contains a record for each scheduled scan job. Fields: Field Type Description KEY Character Contains the unique ID of the job. NAME Character The description of the policy. UPDATED Integer Last update. JOB Integer Contains the ID of the job in the job queue. Integrity: None JOBITEMS.DBF This is a file contains the responses from the computers for the particular run of the scheduled scan job. Indexes: None Fields: Field Type Description LEAF Character Contains ID of the computer that responded. BOOTINF Integer BootVirusInfections field. BOOTINFC Integer BootInfectionsCured field. SCANNED Integer FilesScanned field. FOUND Integer VirusFound field. INFECT Integer FilesInfected field. CURED Integer FilesCured field. DELETED Integer FilesDeleted field. MOVED Integer FilesMoved field. RENAMED Integer FilesRenamed field. ARCSCAN Integer ArchiveScanned field. Creating Custom Reports 123 Name Server Database Field Type Description FINARC Integer FilesInArcScanned field. SERROR Integer ScanErrorFiles field. CERROR Integer CureErrorFiles field. ELAPSED Integer The number of seconds that it took for the computer to perform the scan. TIME Character The FILETIME that the computer started the scan, encoded as a date. ERROR Integer The error code obtained when submitting the job on the computer. If the error code is -1, then the computer accepted the job, but never responded back. Integrity: 124 Administrator Guide Field Description LEAF Must contain a valid computer ID. Name Server Database LEAVES.DBF This file contains a record for each computer in the Name Server database. Note: For field OSCODE the corresponding number is: Windows 9x: 1 Windows NT/2000: 2 Solaris: 125 Linux: 126 The bit mask for VIOLATION field : Real-time Policy Violation: Ox0001 Distribution Policy Violation: Ox0002 Analysis Policy Violation: Ox0004 Alert Policy Violation: Ox0080 Fields: Field Type Description KEY Character Contains the unique ID of the computer. BUILD Integer Build number of eTrust Antivirus found on this computer. EVIOLATION Integer For each set bit, the leaf violates some setting policy of the tree, but it does because when the policy was established, the RPC call to change the settings of the computer failed. HOST Character Host name. VIOLATION Integer For each set bit, the leaf violates some setting policy of the tree. IPADDR Character IP address. MISSED Integer The number of polls this computer has missed since the last time it responded to a poll. NAME Character Name of the computer. OSCODE Integer The code of the operating system of the computer. OSVER Integer Version of the operating system. PORT Integer The port number used by eTrust Antivirus. SIGCNT Integer The number of valid signatures. Creating Custom Reports 125 Name Server Database Field Type Description SIG1 Character eTrust Antivirus engine version. SIG2 Character eTrust Antivirus signature version. SIG3 Character Vet engine version. SIG4 Character Vet signature version. SIG5 Character SIG6 Character SIG7 Character SIG8 Character SIG9 Character SIG10 Character SUBNET Character Contains the ID of the subnet that this computer last appeared in a poll of. If the computer never appeared in a poll, the ID is all 0’s. VERSION Integer The eTrust Antivirus version. RESPOND Character The date of the last time the computer responded to a name server poll. The time fields of SYSTEMTIME are not used. UPDATE Integer Last update. BRANCH Character Corresponds to the branch ID. APPS Character A bit mask indicating the installed on the box. LICENSES Character A bit mask indicating the licensed software on the box. EXPIRED Logical The leaf is expired, which means that the leaf has missed too many polls. TIMEOFF Integer Add this number of minutes to the UTC time to get the computer’s local time. This is a signed 16-bit value, but will always appear in the database as a positive integer. MAC Character Contains the MAC address of the client. FLAGS Integer Currently will be set to 1 if the computer was the one to respond to the last poll, or 0 if not. Integrity: Field Description BRANCH Must contain a valid branch ID, or contain the null branch ID. 126 Administrator Guide Name Server Database Field Description VERSION If < 0x600, then a corresponding record in legacy.dbf must exist. Otherwise, a corresponding record in legacy.dbf must not exist. SUBNET Must contain a valid subnet ID, or contain all zeros. LEGACY.DBF This file contains a record for each computer in the Name Server database that has an InoculateIT version less than 6.0. It contains information essential to remotely manage these legacy computers. Fields: Field Type Description KEY Character Contains the unique ID of the computer. NAME Character The computer name. DOMAIN Character Contains the eTrust Antivirus domain of the computer. MASTER Character Contains the eTrust Antivirus master of the computer. UPDATE Character Last update. Integrity: Field Description KEY Must contain a valid leaf ID, of a computer with a version less than 6.0. POLICY.DBF This file links branches with their policies and jobs. Fields: Field Type Description KEY Character Contains the ID of the branch. TYPE Integer The type of the policy, which is the bit that is set if the computer violates the policy. Creating Custom Reports 127 Name Server Database Field Type Description POLICY Character Contains the ID of the policy. INHERIT Logical If true, then the branch inherits this policy from its parent. Integrity: Field Description POLICY Must contain a valid policy ID of the type specified by TYPE. KEY Must contain a valid branch ID. RPCMAST.DBF This file links RPC Masters with their branches. Fields: Field Type Description BRANCH Character Contains the ID of the branch. LEAF Character Contains the ID of the leaf that is the RPC Master of the branch. OVERRIDE Logical If true, then if communication with the RPC Master fails, the RPC Master of the parent branch is used. Integrity: Field Description BRANCH Must contain a valid branch ID. LEAF Must contain a valid leaf ID. SUBNET.DBF This file determines which subnets are to be polled, and when they are to be polled. Fields: 128 Administrator Guide Field Type Description KEY Character Contains the unique ID of the subnet. Name Server Database Field Type Description IPADDR Character IP address. IPMASK Character The subnet mask for the subnet. PORT Integer Port number, which used by eTrust Antivirus. FREQ Integer The port that polls to this subnet should broadcast to. TIMEOUT Integer The number of seconds between the start of a poll and the timeout. LASTPOLL Character The last time this subnet was polled. MISSED Integer The number of polls that a computer may miss before it is automatically purged from the tree. A value of 0 means that the computer is never purged. PLFLAGS Integer The flags to use with the poll. POLLSTRT Integer The number of seconds from 24:00 when polling may start on a subnet. POLLSTOP Integer The number of seconds from 24:00 when polling of the subnet stops. STRTDAY Integer The number of days since Sunday when polling may start. STOPDAY Integer The number of days since Sunday when polling will end. BRANCH Character The branch that any new computers from this subnet are placed in if they are not already in the tree. UPDATE Integer Last update. SHARADDR Character The IP address of the other name server that was. DESC Character Description of the policy. FLAGS Integer The flags of the subnet record. LASTRESP Character The last time that a response to a poll was received. It is encoded in the format YYYY/MM/DD HH:MM:SS. JOBID Integer The ID of job in the queue of polls. Creating Custom Reports 129 Name Server Database Integrity: 130 Administrator Guide Field Description BRANCH Must contain a valid branch ID. Appendix C: Integrating with Unicenter NSM The following topics describe the integration of eTrust Antivirus with Unicenter NSM on Windows platforms, and also describe the scanning options available for managing a computer from a Unicenter NSM Business Process View in WorldView. eTrust Antivirus works with Unicenter NSM on the Enterprise, Local, and Workgroup Servers. The Unicenter NSM platform required is determined by the operating system of the server: Unicenter NSM for Windows NT, 2000, or 2003 must be installed on all Windows NT- or 2000-based Enterprise, Local, and Workgroup Servers. The Unicenter NSM that corresponds to the hardware and operating system of the UNIX-based Enterprise, Local, or Workgroup Local Server must be installed on those servers. Preparing for Unicenter NSM Integration Integrating eTrust Antivirus with Unicenter Network and Systems Management (NSM), is a simple matter of importing the results of the eTrust ITM discovery process into the Unicenter NSM repository and creating appropriate Unicenter Business Process Views. The Unicenter NSM platform required is determined by the operating system of the server. Important! To enable this integration, the Threat Management Server must be installed on same system as the Unicenter NSM. Integrating with Unicenter NSM 131 Preparing for Unicenter NSM Integration Using TRIX to Import to the Repository Use the Repository Import/Export program (TRIX) to invoke the import script that is provided with eTrust Antivirus. This creates an Antivirus class. You can access the TRIX program from the Start menu, Unicenter, NSM, WorldView program group. Choose Repository Import/Export to launch the TRIX interface. Then, use TRIX to open the script file, TRIX0.TNG, and import it into the repository. This import script file is located in the directory where eTrust Antivirus is installed. You must know the name of the repository to which you wish to connect, and use a valid User ID and Password to sign on to the repository. TRIX can also be invoked by entering the following at the command prompt. trix This executes TRIX.EXE. For more information about TRIX, refer to the Unicenter NSM documentation. 132 Administrator Guide Managing Antivirus Options in WorldView Using InoUpTNG to Populate the View After completing the import to the repository, use the InoUpTNG utility to create the antivirus Business Process View and populate it with a display of the computers in your antivirus network. InoUpTNG discovers computers in your network based on the computer information in the Unicenter NSM database, and the subnet discovery information in the Admin Server database. The utility uses the information from both of these sources to populate the WorldView repository. The Unicenter NSM network must have been discovered and a computer must already exist in the Unicenter NSM repository before you run InoUpTNG. The subnet discovery for the Threat Management Server must also have been completed. Based on the computer information in the Threat Management Server database, InoUpTNG searches the Unicenter NSM repository for matching computer objects. If InoUpTNG finds a matching computer in the Unicenter NSM database, it creates an Antivirus object and links it to the computer. Then the object is displayed in the Business Process View. This provides the view of all the computers that are running instances of eTrust Antivirus in your network. If there are multiple Threat Management Server in your network, the utility discovers them. Conversely, if the computer is not already in the Unicenter NSM database, then an object will not be created for it, and it will not be displayed in the view. Managing Antivirus Options in WorldView After you have a Business Process View of your antivirus network, you can manage the scanning options for the computers in the view. Integrating with Unicenter NSM 133 Managing Antivirus Options in WorldView Integrating with WorldView When you right-click on a computer in the view, the standard Unicenter options for managing objects are available. In addition, the following options are available for managing the antivirus software on computers in the view: Configure Realtime Use Configure Realtime to set the Realtime Monitor options for the selected machine. This displays the same options that are available for managing the Realtime Monitor on a local machine. For more information about using the realtime monitor options, see Using the Realtime Monitor. Configure Distribution Use Configure Distribution to set Signature Update options for the selected machine. This displays the same option that is available for managing signature updates on a local machine. Schedule Job Use Schedule Job to set Schedule Scan Job options. This displays the Remote Scan View, which provides access to the same option that is available for managing scheduled scan jobs on a local machine. You can create a new scheduled scan job or modify an existing job. For more information, see Remote Scan View (see page 135). Display Logs Use Display Logs to view and manage log information for the selected machine. This displays the same view and option that is available from the Log Viewer on a local machine. For more information about using the Log Viewer, see Viewing and Managing Logs. Configure Contact Use Configure Contact to set the Contact Information options for the selected machine. This displays the same option that is available for managing the contact information options on a local machine. For more information about using the contact options, see Using the Local Scanner. Display Summary (for legacy computers) This is available for legacy machines only. Use Display Summary to display summary information for a selected machine that is running a 4.x version of the eTrust Antivirus. 134 Administrator Guide Remote Scan View Broadcast Configuration (for legacy computers) This is available for legacy machines only. Use Broadcast Configuration to manage broadcast configuration information for a selected machine that is running a 4.x version of the eTrust Antivirus. Configure Service (for legacy computers) This is available for legacy machines only. Use Configure Service to manage antivirus services for a selected machine that is running a 4.x version of the eTrust Antivirus. These options enable you to set scanning options for the selected computer in the same way that a user sets the options on a local computer. To view and modify options on a computer, you must have a valid user ID and password for the Admin Server that manages the computer. Note: When you select a legacy computer and right-click on it, you can select legacy options to manage that computer. These options display the dialogs for the older versions of the product. To manage options on a computer, you need a valid user ID and password on that computer. Remote Scan View From the Remote Scan View, you can add a new scheduled scan job, edit an existing job, or delete a selected job. These are the same options that are available for managing scheduled scan jobs on a local computer. These options are available from the Options menu, and the toolbar buttons. You can also access these options by right-clicking on a job in the list on the left. In addition, when you highlight a job in the list on the left, you can rightclick anywhere in the summary on the right to display the available options. The Remote Scan View displays the selected computer on the left side of the window. You can expand the computer to display jobs that are scheduled to run on the computer, if any. When you highlight a job in the list on the left side of the window, summary information about the job is displayed on the right. This displays the properties used for the job. For more information about using the schedule scan job options, see Using the Scheduled Scanner. Integrating with Unicenter NSM 135 Appendix D: Managing NetApp This appendix describes how to use the eTrust Antivirus Network Appliance Filer Scanner with a filer from Network Appliance™ (NetApp®). For installation information, refer to the eTrust Antivirus Implementation Guide. Managing the Scanner This section describes how to control the scanner and its antivirus settings. A Microsoft Management Console (MMC) snap-in controls the scanner. You can use the MMC to configure which filers are registered to scanners and to manage the scanners remotely. Managing NetApp 137 Managing the Scanner Add Another Filer to a Scanner The installation wizard let you configure one filer with a scanner. To add another filer to a scanner (register a filer with a scanner), follow these steps: 1. From the product program folder, launch Scanner Management (MMC snap-in). The console window opens. 2. In the left pane, expand Console Root, eTrust Antivirus NetApp Scanner. The AV Machines node displays: 138 Administrator Guide Managing the Scanner 3. Select AV Machines. The list of managed scanner machines appears in the right pane. If your machine is not in the list, you need to add the machine to the MMC. To do so, right-click the AV Machines node and select Administrator AV Machine. You can also add a remote scanner this way, as long as the local machine has the required privileges. 4. Double-click the machine. The Properties dialog displays: 5. Enter the name of the filer or click the browse button to locate and select the filer. 6. Click Add to add any additional filers. Managing NetApp 139 Managing the Scanner View Scanner Statistics To view scanner statistics, click the Statistics tab on the Properties dialog. For more information, see the eTrust Antivirus NetApp Filer Scanner online help. Managing Custom Move and Copy Directories The installation process creates the following registry values and sets these values to the location of the eTrust Antivirus Move directory. HKLM = HKEY_LOCAL_MACHINE. HKLM\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\NetApp Scanner CopyDir MoveDir 140 Administrator Guide Managing the Scanner Change Infected File Destination to the Filer On the Cure Action Options dialog, if you specify Move File or Copy File, then the scanner, by default, moves infected files from the filer to the eTrust Antivirus Move directory on the local scanner machine (usually Program Files\CA\eTrustITM\Move). You can change this setting. To move infected files to the filer instead of the scanner, use Regedit to manually change the registry configuration values on the scanner machine. The new values override the Move and Copy directories of the Realtime Monitor. Directories must not have a trailing backslash and can point to local drives or mapped drives, or be specified as universal naming convention (UNC) paths. Example: HKLM\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\NetApp Scanner\MoveDir=\\f760\vol1\move Manage Files in a Custom Move Directory Once you specify a custom Move directory, you cannot use the eTrust Antivirus interface to manage its files. Instead, you must use the RestMove command line utility. It is in the installation directory of the scanner machine and has these characteristics: Displays original file names and their infections Supports standard DOS wildcards: * and ? To display information about all files in the Move directory, enter the following command, pointing to the moved files, and specify the -i switch: RestMove \\f760\vol1\move\*.* -i Result: \\f760\vol1\move\31ed8c4e-b930-45f0-8c1e-35e1d3570cd6 Original file name: \\F760\VSCAN_ADMIN$\vol\vol1\sabra01\eicar2.com Infection name: EICAR test file Detected by engine 23.61.00, signature 23.61.50 on 6/16/2003, 1:06:11 PM To restore the files to their original location, enter the RestMove command and do not use the -i switch. You can provide single paths for both the MoveDir and the CopyDir because the values are stored in single registry keys. Therefore, a scanner serving multiple filers can store moved and copied files in different locations. Managing NetApp 141 Managing the Filer View the Virus Detection Log The scanner adds an entry to the Realtime Scanner log whenever it receives a file request for a file with a virus. The scanner also sends a message to the filer’s system console that notifies the filer administrator of the virus infection. To view the Realtime Scanner log, go to the Logs tab of the eTrust Threat Management Agent interface. Manage the Scanner Remotely To manage scanner antivirus settings remotely with the Administrators View, follow these steps: 1. Initiate the Threat Management Server to discover all of the scanners. 2. Put the scanners into a group. Note: Be careful when choosing settings, because the software applies the settings to both the eTrust Antivirus engine and the scanner running on the machine, and some of the realtime settings do not fit with both. 3. Set realtime antivirus settings for the group. 4. Push the policy to the selected filer’s scanner. Managing the Filer This section provides procedures to manage the filer and its environment. Common Internet file system (CIFS) virus protection is a feature of the filer's operating system, Data ONTAP, which gives CIFS clients on-access virus scanning of files on a filer. On-access virus scanning is the scanning of a file before a CIFS client is allowed to open it. For more information about the filer, go to the Netwrok Appliance Antivirus Scanning website (http://www.netapp.com/tech_library/3107.html). Enable and Disable Virus Scanning To enable and disable virus scanning, enter the following command: vscan on [-f][on|off] where -f forces virus scanning to be enabled even if no virus scanning clients are available to scan files. Note: Turning on virus scanning when no clients are available to scan files causes the CIFS clients not to be able to access filer files. 142 Administrator Guide Managing the Filer Specify File Extensions to Scan Using vscan A default list of file extensions is available when you enable vscan. Up to 255 file extensions can exist in the file extensions list. Note: The extension list on the filer processes before the extension list on the scanner machine that you establish through realtime scanner configuration. For example, if *.vbs is not configured on the filer for scanning, VBS-files do not pass to the scanner. Therefore, even if VBS files are configured for scanning on the scanner, they do not reach the scanner for processing. Also, if an extension is in the extension list on the filer but not specified in the realtime scanner configuration, the filer passes the corresponding files to the scanner, but the scanner ignores these scan requests. To control which files to scan, there are commands you can use to change the default list of file extensions. To display the default list of file extensions for the filer to scan, enter the following command: vscan extensions To add to the default list of file extensions for the filer to scan, enter the following command: vscan extensions add ext[,ext...] where ext is the extension to add. Example: vscan extensions add txt To replace the default list of file extensions with a new list, enter the following command: vscan extensions set ext[,ext...] where ext is the extension to set. To remove file types from the default list of file extensions, enter the following command: vscan extensions remove ext[,ext...] where ext is the extension to remove. To reset the file extensions list to the default list, enter the following command: vscan extensions reset Managing NetApp 143 Managing the Filer Specifying Shares to Scan Using CIFS You may want to indicate whether your virus-scanning application performs a virus scan when clients open files on a specified share. You can turn scanning on or off for shares that you specify, either for any access or for read-only access. Turn Scanning Off for Files in a Share The default state of a share has virus scanning turned on. You can turn virus scanning off for files in a share. Reasons to do this may include: the users are restricted to trusted users, the files are restricted to read-only mode, or speed of access is more important than safety. To turn virus scanning off for files in a specified share, enter the following command: cifs shares -change share_name -novscan where share_name is the name of the share for which you want to turn off virus scanning. The setting is persistent after rebooting. Turn Scanning Off for Read-Only Access in a Share You can turn virus scanning off in a share for users who open files for readonly access to increase the speed of file access. The default state of a share has virus scanning turned on. To turn virus scanning off for read-only access to files in a specified share, enter the following command: cifs shares -change share_name -novscanread where share_name is the name of the share for which you want to turn off virus scanning. The setting is persistent after rebooting. 144 Administrator Guide Managing the Filer Turn Scanning On for Read-Only Access in a Share To turn virus scanning on for read-only access to files in a specified share, enter the following command: cifs shares -change share_name -vscanread where share_name is the name of the share for which you want to turn on virus scanning. The setting is persistent after rebooting. Add a Share With Scanning Off You can create a share with virus scanning turned off. The default state of a share has virus scanning turned on. To add a share that has virus scanning turned off, enter the following command: cifs shares -add share_name /path -novscan where share_name is the name of the share that you want to create with virus scanning turned off and path specifies where you want the share created. Data ONTAP creates the share with virus scanning turned off. Managing NetApp 145 Appendix E: Using the ETRUSTAV Console Program This appendix describes how to use the ETRUSTAV Console Program. After installing eTrust Antivirus for NetWare on a NetWare server, use the ETRUSTAV console program to take advantage of its features. The ETRUSTAV program invokes a menu from which you can control many eTrust Antivirus operations on the server. From the NetWare command line, entering ETRUSTAV starts the program. To start all the eTrust Antivirus services at the same time as starting ETRUSTAV, you must instead enter ETRUSTAV AUTOSTART. Note: eTrust Antivirus r8 does not support NetWare 4.x. Using the ETRUSTAV Console Program 147 ETRUSTAV Menu ETRUSTAV Menu Use the keyboard Up and Down arrow keys to navigate the ETRUSTAV menu items. The Enter key activates the selected menu option. You can exit the ETRUSTAV program and pop-up option screens by pressing the Escape key. Note: The default options for the ETRUSTAV program are set by the inoc6_nw.icf file during installation. For more information about the inoc6_nw.icf settings, see Installation Configuration File. The following list contains the ETRUSTAV menu selections: Start All Services Loads and starts all eTrust Antivirus services. Stop All Services Stops and unloads all eTrust Antivirus services. Start Selected Service Starts an individual eTrust Antivirus service. If there are any services not already running, a pop-up menu appears from which you can select the service to start. Stop Selected Service Stops and unloads an individual eTrust Antivirus service. If there are any services currently running, a pop-up menu appears from which you can select the service to stop. Configure Local Scanner Opens a pop-up menu from which you can modify Local Scanner Settings. From the Local Scanner Settings pop-up menu, you can view or modify Scanning Options or Selection Options. Scanning Options: Safety level Specifies the scan safety level. Secure - Use as the standard method for scanning files completely. Reviewer - Use if you suspect you have an infection that Secure mode is not detecting. Scanning engine Specify the antivirus engine to use in the scan: Inoculate IT - The Inoculate engine. Vet - The Vet engine 148 Administrator Guide ETRUSTAV Menu Heuristic Scanner Specify whether to use the Heuristic Scanner to scan for unknown viruses: No - Do not use the Heuristic Scanner. Yes - Use the Heuristic Scanner. File Action Specify an action option for infected file: Cure - Attempt to cure an infected file automatically. Even if the file is cured, it is recommended that you delete the infected file and restore the original file. Delete - Delete an infected file. Move - Move an infected file from its current directory to the Move folder. Rename - Automatically rename an infected file with an AVB extension. Assigns incremental extensions in the form #.AVB to infected files with the same name, for example, File.0.AVB, File.1.AVB, and so on. After a file is renamed with an AVB-type of extension, it is not subsequently scanned. Report Only - Report an infected file. Cure Options If Cure Fails Specify the cure fail option when File Action is set to Cure: Copy File Before Cure - Make a copy of the original file and put it in the Move folder before attempting the cure. Move File - Move an infected file from its current directory to the Move folder if a cure fails. No Action - Do nothing if cure fails. Rename File - Rename a file with an AVB extension if a cure fails. Macro Virus Treatment - Specify a removal option for an infected file. Remove Infected Macros - Remove only the macros that contain infected code from the infected file. Remove All Macros - Remove all macros from the infected file. Selection Options: Do not scan migrated files Specify whether to scan files that have been migrated to external storage: Yes - Do not scan migrated files. Using the ETRUSTAV Console Program 149 ETRUSTAV Menu No - Scan migrated files. Scan Files With Extensions Specify scanning of files with filename extensions: All Extensions - Scan all files. All Except the Specified Extensions - Scan all files except the files that have extensions specified in the Available Extensions list. The Available Extensions list is specified with the Edit Extensions List option. Specified Extensions Only - Scan only the files that have extensions specified in the Available Extensions list. The Available Extensions list is specified with the Edit Extensions List option. Edit Extensions List Use to specify the existing set of filename extensions. Note: You can view or modify the list only when the All Except the Specified Extensions or Specified Extensions Only selections are made from the Scan Files With Extensions option. You can edit extensions in the Available Extensions list by selecting an extension and using the F5, Delete, or Insert key. Delete key - Use to delete a selected extension from the list: Yes - Deletes the selected filename extension(s) from the list. No - Keeps the filename extension(s) in the list. F5 key - You can use the F5 key to mark extensions for deletion from the list with the Delete key. Insert key - Use to add an extension to the list. Enter a filename extension in the Enter Extension field. Scan Compressed Files Specify scanning of archived files: Yes - Scan compressed files. Note: Options for the type of archive file scanning and compressed file types are specified with the Compressed File and Archive types to support options. No - Do not scan compressed files. Compressed File Options Use to specify the options for scanning archived files. Note: You can view or modify the types of archived files only when the Scan Compressed Files option is set to Yes. Specify whether to filter files inside archives by extension. 150 Administrator Guide ETRUSTAV Menu Specify whether to stop scanning an archive file when an infection is found. Determine a file's compression by its filename extension or contents. The default setting is by filename extension. Archive types to support Specify which types of archived files: Note: You can view or modify the types of archived files only when the Scan Compressed Files option is set to Yes. In the Compressed File Options List, specify the type of archived files for scanning. You can select Yes to include the file type or No to exclude the archived file type. Run Local Scanner Opens a pop-up menu from which you can specify a full pathname to scan. Check Status of Scheduled Jobs Displays the status of any scheduled scan job that is currently running. Information displayed is refreshed every second as the job progresses. Check Status of Realtime Scanning Displays the status of realtime scanning from the time the Realtime Monitor was started. Information displayed is refreshed every second. Display signature versions Displays the current scan engine and signature versions for the eTrust Antivirus engines installed on the server. Advanced: Check status of services Displays the status of all eTrust Antivirus services. Set discovery ports Display and specify the current port numbers that the discovery procedure uses for listening to broadcast messages. In the pop-up field: Select the Enter key to display the current port numbers that the discovery procedure uses for listening to broadcast messages. Enter POLL and specify a port value to set the port number on which the eTrust Antivirus client listens for polls from the Admin Server. Enter SUBNET and specify a port value to set the port number that eTrust Antivirus clients use to communicate within a subnet. Using the ETRUSTAV Console Program 151 ETRUSTAV Menu Enter BOTH and specify a port value to use the same value for the port number on which the eTrust Antivirus clients listen for polls from the Admin Server and the port number that eTrust Antivirus clients use to communicate in a subnet. Restore infected files in Move folder Restores an infected file from the Move directory to its original location. After the command is entered, follow the onscreen instructions. Set approved Admin Servers Display and specify the current set of approved eTrust Antivirus Admin Servers. In the IP address field pop-up: Select the Enter key to display the current set of approved eTrust Admin Servers. Set the eTrust Antivirus Admin Servers at the specified IP addresses as approved for the NetWare server on which the command is run. Enter IP addresses in the format <ip-address-1> <ip-address-n> separated by a space. For example, entering IP addresses 192.168.130.2 192.168.130.10 causes the Admin Servers at those IP addresses to be set as approved eTrust Antivirus Admin Servers. Set eTrust Antivirus environment variable Specify an environment variable for eTrust Antivirus. For example, entering AV_VAR1=1 would set the value of a hypothetical environment variable AV_VAR1 to 1. Note: eTrust Antivirus environment variables are only used inside eTrust Antivirus. They have no effect on other programs running on your server. 152 Administrator Guide Appendix F: Messages and Codes This appendix contains messages and codes that may appear when using eTrust Antivirus. Messages Error 2 The system cannot find the file specified Reason: The file does not exist. Action: Verify the correct name and spelling of the file. Error 3 The system cannot find the path specified Reason: The directory is incorrect. Action: Verify the correct directory. Error 5 Access denied Reason: You do not have access to an object or file. Action: Contact your system administrator for access to the object or file. Messages and Codes 153 Messages Error 120 This function is not supported in this system Reason: A mismatched policy decoder is installed on a client system. Action: Contact Computer Associates Customer Support. Error 258 (0x102) wait operation timed out Reason: A synchronization object timed out. This is generic synchronization error which is usually reported in a debug log file. The action that was to take place before the timeout will be reattempted on the next cycle. Action: Stop and restart the eTrust ITM Services. Error 1331 Logon failure: account currently disabled. Reason: A user with disabled account tried to log on to the eTrust Threat Management Console. Action: Use a valid account to log on to the eTrust Threat Management Console. 154 Administrator Guide Messages Error 1717 Unknown interface Reason: A Management-Server request was made to a machine that is not a management server. A request was made after the RPC service was started, but the RPC service was not fully initialized. Action: Make sure requests are sent only to Management Servers. Retry the request later. Error 1722 The server cannot be contacted Reason: The RPC service on the server is down. The client cannot resolve the name of the server. A firewall is preventing a connection between the client and the server. Action: Start the RPC service on the server. Make sure the client is using the correct server name. Configure the firewall to allow a connection between the client and the server. Error 1722 The RPC server is too busy to complete the operation. Reason: The proxy is busy handling other requests, and it cannot accept new requests. Action: Retry the request later. Messages and Codes 155 Messages Error 1726 General RPC error Reason: The connection to the server was lost. Action: Restore the connection to the server. Error 1789 The trust relationship between this workstation and the primary domain failed. Reason: A domain account was used to log in to the eTrust Threat Management Console, but the workstation was not a member of that domain, or the account was not valid. Action: Ensure the workstation and the account are on the correct domain before logging into the eTrust Threat Management Console, or ensure that the account is valid. 156 Administrator Guide Appendix G: Computer Viruses The threat of computer viruses and infections is a major security consideration for any computer user. A computer virus is a computer program that can destroy information on your workstation. Similar to a biological virus, a computer virus can reproduce itself by attaching to other files, usually executable programs. When unexecuted in a compressed file, computer viruses are not dangerous, but when they are executed, they can create havoc. To classify as a virus, a suspicious file must have the ability to: Replicate Attach to other executables There are many types of infections, including the file infections, macro viruses, worms, and trojan infections. Computer Viruses 157 Computer Infection Symptoms Computer Infection Symptoms Symptoms of infection vary depending upon the particular virus infecting your system. The following list contains some of the more common symptoms you are likely to encounter: Screen displays a message such as “Your PC is a turtle!” Screen displays strange graphic patterns, such as bouncing balls. File size increases. Sometimes this is dramatic, causes the files to become too big to load in the memory. Frequently the change in size is small. The timestamp on a file is changed. You might notice a *.com or *.exe file with a timestamp more recent than when you loaded it. Error message about writing to a write-protected disk, even though your application is not attempting a write operation. Long time to load programs and the configuration of your computer is not changed. Computer running slower than normal. Computer has less memory available than normal. The same problems occur on several computers. Screen displays an error “Bad command or file name” even when you know the file should be on the disk. Unable to access an existing drive. CHKDSK suddenly discovers bad sectors on more than one computer. Problems like difficulty in copying files on your computer. Computer locks up frequently. If your computer displays one or more of these symptoms, it could have an infection. Since it is difficult to determine if these symptoms are infectionrelated, the Computer Associates antivirus software helps you to confirm whether or not your workstation is infected. 158 Administrator Guide Effects of a Computer Infection Effects of a Computer Infection Not all infections damage your computer. Some are just nuisances, continually reproducing themselves or displaying strange graphics or messages on your screen. Most viruses are stealthy, remaining hidden until they start running. If an infection does cause damage, the damage varies depending upon the particular infection in your system. In general, viruses can do the following damage to your computer: Hang your computer Erase, modify, and hide your files Scramble data on your hard disk Attack and scramble the File Allocation Table (FAT) Attack and scramble the Partition Table Format your hard disk Characteristics of Viruses The different types of viruses may exhibit different behavioral characteristics, based on how they function. Virus Type Behavior Memory resident Loads in memory and takes over control of the operating system. Memory resident viruses attach themselves to executable files (such as *.exe, *.com, and *.sys files). These viruses often change the file attribute information and the file size, time, and date information. Stealth Hides their presence. While all viruses try to conceal themselves in some way, stealth viruses make a greater effort at concealment. For example, a stealth virus can infect a program, adding bytes to the infected file. It then subtracts the directory entry of the infected file by the same number of bytes, giving the impression that the size of the file has not changed. Polymorphic Modifies their appearance and change their signature (their identifiable code) periodically. For example, they inserts garbage code into the middle of a file execution, or change the order of execution. This allows the virus to escape signature scanning detection methods. Computer Viruses 159 Computer Virus Terms Computer Virus Terms The following list contains common computer virus terms: Armored Virus A virus uses special tricks to make tracing, disassembling, and understanding of their code more difficult. Boot Record The program recorded in the Boot Sector. All floppy disk have a boot record, whether or not the disk is actually bootable. Whenever you start or reset your computer with a disk in the A: drive, DOS (on some older Windows systems) reads the boot record from that diskette. If a boot virus infects the disk, the computer first reads the boot sector where virus code resides, and then jumps to the sector where the virus has stored the original boot record. Boot Sector The first logical sector of a drive. On a floppy disk, this is located on side 0 (the top), cylinder 0 (the outside), sector 1 (the first sector.) On a hard disk, it is the first sector of a logical drive, such as C: or D:. This sector contains the Boot Record, which is created by FORMAT (with or without the /S switch). The sector can also be created by the DOS SYS command. Boot Sector Infector Every logical drive for both hard and floppy disks, contains a boot sector. It is true even for the non-bootable disk. This boot sector contains specific information relating to the formatting of the disk, the data stored, and contains a boot program (which, on some older Windows operating systems, loads the DOS system files). The boot program displays the familiar “Non-system Disk or Disk Error” message if the DOS system file is not present. It is also the program that is infected by viruses. A boot sector virus can arise by leaving an infected diskette in a drive and restarting the computer. When the program in the boot sector is read and executed, the virus goes into memory and infects your hard drive. Because every disk has a boot sector, it is common to infect a computer from a data disk. All “boot viruses” infect the boot sector of floppy disks; some of them, such as Form, also infect the boot sector of hard disks. Other boot viruses infect the master boot sector of hard disks. Boot Sector or Master Boot Sector Virus A term that describes a virus that places its starting code in the boot sector of floppy disks, and either the boot sector or master boot sector of hard disks. This virus is difficult to detect because many disk examination tools do not let you see the partition sector, which is the first sector on a hard drive. This virus is called a multipartite virus. 160 Administrator Guide Computer Virus Terms CMOS — Complementary Metal Oxide Semiconductor A memory area used in AT and higher class PCs for storage of system information. CMOS is battery backed RAM, originally used to maintain date and time information while the PC was turned off. CMOS memory is not in the usual CPU address space and cannot be executed. While a virus can store and corrupt data in the CMOS, it cannot hide there. Cavity Virus A virus overwrites a part of the host file filled with a constant (usually nulls), without increasing the length of the file, but preserving its functionality. Companion Virus Creates a new program, which (unknown to the user) is executed by the command-line interpreter instead of the intended program. On exit, the new program executes the original program so those things appear okay. The only way this has been accomplished is by creating an infected .COM file with the same name as an existing .EXE file. Dropper A program, modified to “install” a virus on the target system. A dropper contains the virus code so that it is not detected. A dropper is effectively a Trojan Horse. False Positive, False Negative A false positive (or Type-I) error is one, the anti-virus software claims that a file, infected by a virus when in reality the file is clean. A false negative (or Type-II) error is one in which the software fails to indicate when a file is infected. False negatives are more serious than false positives, although both are undesirable. Fast Infector A typical file infector, for example the Jerusalem virus, copies itself to memory when a program infected by it is executed, and then infects other programs when they are executed. When a fast infector virus is active in memory, it infects not only executed programs, but any file opened. Running a scanner or integrity checker can result in all or many programs becoming infected at once. File Virus Attaches to or replaces *.COM and *.EXE files, although in some cases, it can infect files with .SYS, .DRV, .BIN, .OVL, and .OVY extensions. The most common file virus is a resident virus. It resides in the memory of your computer at the time the first copy is run, and takes clandestine control of the computer. This virus commonly infects additional programs as you run them. However, a non-resident virus infects one or more files whenever an infected file is run. This virus often changes the file attribute information and the file size, time, and date information. Computer Viruses 161 Computer Virus Terms In the Wild A term that indicates a virus detected in several organizations in the world. It contrasts with a virus that has only been reported by researchers. Despite popular hype, most viruses are “in the wild” and differ only in prevalence. Some are new and rare. Others are old, but do not spread well, and therefore are extremely rare. Macro Virus Written in the macro language of specific computer programs, such as a word processor or spreadsheet. A macro virus infects files (not the boot sector or partition table), and resides in the memory when executed. It can run when you access a program document, or triggered by user actions, such as certain keystrokes or menu choices. A macro virus can be stored in files with any extension and is spread through file transfers, or email. Master Boot Record The 340-byte program located in the Master Boot Sector. This program begins the boot process. It reads the partition table, determines what partition to boot from (usually C:), and transfers control to the Boot Sector. The Master Boot Record is often called the MBR, and often called the “master boot sector” or “partition table”. The master boot record is created when FDISK or FDISK /MBR is run. Master Boot Sector Reads the first sector of the hard disk. This sector is located on the top side (“side 0”), outside cylinder (“cylinder 0”), first sector (“sector 1”). The sector contains the Master Boot Record. Multipartite Virus Combines the characteristics of memory resident, file, and boot sector virus. Partition Table A 64-byte data structure that defines the way a PC’s hard disk is divided into logical sections known as partitions. The most important one is stored in the Master Boot Record (MBR). Polymorphic Virus Produces varied (yet fully operational) copies of itself so virus scanners cannot detect all instances of the virus. RAM — Random Access Memory A place where the program is loaded to execute. The significance for a virus is to grab memory to be active. Some virus scanners declare a virus active whenever it is detected in RAM, even though it may be inactive in a buffer area of RAM. 162 Administrator Guide Computer Virus Terms Resident A property of most common computer viruses. A virus that loads into memory, hooks one or more interrupts, and remains inactive in memory until some trigger event. When the trigger event occurs, the virus becomes active, either infecting something or displaying a message or object. All boot viruses are resident viruses, as are the most common file viruses. Script Virus (VBScript, JavaScript, HTML) Written in script programming language, such as VBScript (Visual Basic Script) and JavaScript. These script viruses make use of Microsoft’s Windows Scripting Host (WHS) to activate themselves and infect other files. Since WHS is available on Windows 98 and Windows 2000, the viruses can be activated simply by double clicking the *.vbs or *.js file from the Windows Explorer. Slow Infector A virus that only infects when you create or modify a file. Sparse Infector A virus that infects occasionally; for example, every 10th executed file, or only files whose lengths fall within a narrow range. By infecting less often, such viruses minimize the probability of being discovered. Stealth Virus Hides the modifications it makes in the file or boot record. Usually, by monitoring the system functions used by programs to read files or physical blocks from storage media, and forging the results of such system functions so that programs which try to read these areas see the original uninfected form of the file instead of the actual infected form. To do this, the virus must be resident in memory when the antivirus program is executed. Trojan Horse Performs unauthorized and malicious actions, such as displaying messages, erasing files, or formatting a disk. A Trojan horse does not infect other host files. Trigger condititon or date Indicates the condition or date that the virus payload is triggered. A dateactivated virus can infect your computer 365 days a year. This virus can also infect your computer prior to the specified date. Tunneling Virus A virus that finds the original interrupt handlers in DOS and the BIOS and calls them directly, thus bypassing any activity monitoring programs. Computer Viruses 163 Computer Virus Terms TSR — Terminate but Stay Resident The PC programs that stay in memory while you use the computer for other purposes; they include pop-up utilities, network software, and the great majority of viruses. They use utilities, such as MEM, MAPMEM, PMAP, F-MMAP, and INFOPLUS. Worm Virus Makes copies of itself, but does not need to attach to particular files or sectors. Once a worm is executed, it seeks other systems and copies its code to them. 164 Administrator Guide Appendix H: Acknowledgements This appendix contains third-party licensing information. Copyright information for each component is included. Acknowledgements 165 Apache Tomcat Apache Tomcat Licenses The Apache Software Foundation uses various licenses to distribute software and documentation, to accept regular contributions from individuals and corporations, and to accept larger grants of existing software products. We are also in the process of updating the Apache licenses to reflect changes in the community regarding patents and contributing. These licenses help us achieve our goal of providing reliable and long-lived software products through collaborative open source software development. In all cases, contributors retain full rights to use their original contributions for any other purpose outside of Apache while providing the ASF and its projects the right to distribute and build upon their work within Apache. Licensing of Distributions All software produced by The Apache Software Foundation or any of its projects or subjects is licensed according to the terms of the documents listed below. Apache License, Version 2.0 (current) http://www.apache.org/licenses/LICENSE-2.0 (TXT or HTML) The 2.0 version of the Apache License was approved by the ASF in 2004. The goals of this license revision have been to reduce the number of frequently asked questions, to allow the license to be reusable without modification by any project (including non-ASF projects), to allow the license to be included by reference instead of listed in every file, to clarify the license on submission of contributions, to require a patent license on contributions that necessarily infringe the contributor's own patents, and to move comments regarding Apache and other inherited attribution notices to a location outside the license terms (the NOTICE file). The result is a license that is supposed to be compatible with other open source licenses while remaining true to the original goals of the Apache Group and supportive of collaborative development across both nonprofit and commercial organizations. The Apache Software Foundation is still trying to determine if this version of the Apache License is compatible with the GPL. All packages produced by the ASF are implicitly licensed under the Apache License, Version 2.0, unless otherwise explicitly stated. More developer documentation on how to apply the Apache License to your work can be found in Applying the Apache License, Version 2.0. Apache License, Version 1.1 (historic) 166 Administrator Guide Apache Tomcat http://www.apache.org/licenses/LICENSE-1.1 The 1.1 version of the Apache License was approved by the ASF in 2000. The primary change from the 1.0 license is in the 'advertising clause' (section 3 of the 1.0 license); derived products are no longer required to include attribution in their advertising materials, but only in their documentation. Individual packages licensed under the 1.1 version may use different wording due to varying requirements for attribution or mark identification, but the binding terms were all the same. Apache License, Version 1.0 (historic) http://www.apache.org/licenses/LICENSE-1.0 This is the original Apache License which applies only to older versions of Apache packages (such as version 1.2 of the Web server). Contributor License Agreements The ASF desires that all contributors of ideas, code, or documentation to the Apache projects complete, sign, and submit (via snailmail or fax) a Individual Contributor License Agreement (CLA) [PDF form]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to the ASF and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. A signed CLA is required to be on file before an individual is given commit rights to an ASF project. For a corporation that has assigned employees to work on an Apache project, a Corporate CLA (CCLA) is available for contributing intellectual property via the corporation that may have been assigned as part of an employment agreement. Note that a Corporate CLA does not remove the need for every developer to sign their own CLA as an individual, to cover their contributions that are not owned by the corporation signing the CCLA. Note: If you choose to send this document via fax, rather than via traditional postal mail, then be absolutely sure that you have sent it correctly. Often faxes are received back-to-front, blank, or totally illegible. Software Grants When an individual or corporation decides to donate a body of existing software or documentation to one of the Apache projects, they need to execute a formal Software Grant agreement with the ASF. Typically, this is done after negotiating approval with the ASF Incubator or one of the PMCs, since the ASF will not accept software unless there is a viable community available to support a collaborative project. Acknowledgements 167 CURL CURL COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1996 - 2005, Daniel Stenberg, <[email protected]>. All rights reserved. Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Except as contained in this notice, the name of a copyright holder shall not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written authorization of the copyright holder. 168 Administrator Guide gSOAP gSOAP gSOAP is distributed under: The gSOAP public open source license (which is based on the Mozilla public license 1.1). See the section below further details. GPL (GNU Public License). Some parts of gSOAP are strictly distributed under the GPL (see below). Most parts are distributed under the gSOAP license and GPL. For those parts, you can choose the gSOAP license or GPL based on your needs. The gSOAP public license allows for commercial use of gSOAP. It allows products to be built on top and distributed under any license (including commercial). Products developed with gSOAP should include a notice of copyright and a disclaimer of warranty in the product's documentation (License Exhibit B). Please refer to the README files and/or header information in source code files for the appropriate licensing specific to that part of the souce code. The parts of the code that are strictly distributed under the GPL (i.e. the code that is distributed under GPL only) cannot always be used for commercial purposes. These parts are: The wsdl2h WSDL parser source code and the code generated by it. The examples included in the gSOAP distribution package, including the Web server and UDDI applications. A license for commercial use is available (this license replaces the GPL restrictions). Please refer to the license details at Genivia Inc licensing and support for further details. Genivia Inc Licensing and Support URL http://www.genivia.com/Products/gsoap/GeniviaGSoapLicense.pdf Content GENIVIA, INC., SOURCE CODE LICENSE AGREEMENT FOR COMMERCIAL USE Rationale: This source code license for commercial use shall replace the gSOAP public license and GPL license for Customer's use of the Software, thereby rendering the terms and conditions imposed by the gSOAP public license and GPL license on Customer inactive during the term of this commercial license as set forth in this Agreement. This license covers the entire gSOAP source distribution, including, but not limited to, the runtime library, compiler, WSDL importer, example applications, and documentation. Acknowledgements 169 gSOAP THIS SOURCE CODE LICENSE AGREEMENT ("Agreement") is made and entered into as of the last date executed by the parties below (the "Effective Date") by and between GENIVIA, INC., a Florida corporation having a principal place of business at 3178 Shamrock East, Tallahassee, Florida 32309, USA, ("Genivia"), and ______________________________________, a __________________________________ corporation having a principal place of business at __________________________________ ("Customer"). The parties agree as follows: 1. DEFINITIONS. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by Exhibit A as Original Code. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous Modifications. When Covered Code is released as a series of files, a Modification is: (i) any addition to or deletion from the contents of a file containing Original Code or previous Modifications; (ii) any new file that contains any part of the Original Code, or previous Modifications. "Covered Code" means the Original Code, or Modifications or the combination of the Original Code, and Modifications, in each case including portions thereof. "Software" means the Covered Code and accompanying documentation and support files referenced in section 1 of Exhibit A, including Updates (if any). "Updates" means any patches, bug fixes, upgrades, and new versions of the Software made generally available by Genivia during the term of this Agreement. "Source Code" means computer programming code in human readable form that is not suitable for machine execution without the intervening steps of interpretation or compilation, meaning the preferred form of the Covered Code for making modifications to it, including all modules it contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable Object Code, or source code differential comparisons against the Original Code. The Source Code can be in a compressed or archival form, provided the appropriate decompression or dearchiving software is widely available for no charge. "Executable Object Code" means the computer programming code in any other form than Source Code that is not readily perceivable by humans and suitable for machine execution without the intervening steps of interpretation or compilation. 170 Administrator Guide gSOAP "Authorized Site" means the specific address of Customer’s facility consisting of a single building or multiple buildings on a contiguous campus as specified in Exhibit A. "Project" means a concerted undertaking by an identified Customer development team to design or produce a Target Application. "Run-Time Module" means the Executable Object Code derived from compiling the Software to be incorporated into a Target Application as inseparably embedded code. "Target Application" means an end-user item, such as a software product that is possibly replicated in identical form and offered for sale or licensed to third parties, or a device or system developed by Customer pursuant to a Project that contains a Run-Time Module, or any portion thereof, as specified in Exhibit A and any Updates made during the term of this Agreement. 2. SOURCE CODE LICENSE. Subject to Customer’s compliance with the terms and conditions of this Agreement and payment of any applicable fees, Genivia hereby grants to Customer a non-transferable, nonexclusive, worldwide, royalty-free, paid-up license: (i) to reproduce and use the Software, solely at the Authorized Site in connection with the Project; (ii) to create Modifications and other derivative works of the Software, solely to the extent necessary to support the development of the Target Application; (iii) to compile the Software, including any Modifications and derivative works thereof, into Run-Time Modules; (iv) to reproduce an unlimited number of Run-Time Modules for physical incorporation into the Target Application; and (v) to market and distribute the Target Application. 3. RESTRICTIONS. Customer shall reproduce and include any and all copyright notices and proprietary rights legends, as such notices and legends appear in the original Software, on any copy of the Software, or portion thereof, with the exception of the gSOAP public license and GPL license notices. The Software shall be handled, used and stored, solely at the Authorized Site identified in Exhibit A. The Software may be used from a single machine, a set of machines, or a network file server, but there shall be no access to the Software from any external network not located at the Authorized Site. A function of the Software is to create Run-Time Modules for incorporation into Target Applications. Except as set forth in Section 2 above, no license is granted hereunder to reproduce or distribute the gSOAP soapcpp2 compiler and wsdl2h importer as part of such Target Application. 4. OWNERSHIP. Acknowledgements 171 gSOAP Genivia represents and warrants to Customer that Genivia has all rights in the Software necessary to grant the rights and license granted to Customer in this Agreement. Without limiting the foregoing, Genivia represents and warrants that Genivia acquires an assignment of all intellectual property rights in and to all portions of the Software delivered to Customer under this Agreement, including any Modifications made by GPL or gSOAP Public License licensees. Customer shall not have any obligation to provide, assign, or disclose to Genivia or any other party any Modifications. Notwithstanding the foregoing, Genivia and its licensors shall retain exclusive ownership of all worldwide Intellectual Property Rights in and to the Software. Customer acknowledges that this Agreement does not grant to Customer any Intellectual Property Rights in or to the Software other than the limited rights with respect to the Software as set forth in Section 2. Customer hereby agrees to assign to Genivia all Intellectual Property Rights it may have or obtain in and to the Modifications that Customer makes to the Software. If Customer has or obtains any rights to the foregoing that cannot be assigned to Genivia, Customer unconditionally and irrevocably waives the enforcement of such rights, and if such rights cannot be waived, Customer hereby grants to Genivia an exclusive, irrevocable, perpetual, worldwide, fully paid and royaltyfree license, with rights to sublicense through one or more levels of sublicensees, to reproduce, create derivative works of, distribute, publicly perform, publicly display, make, use, sell and import such Modifications and other intellectual property noted above by all means now known or later developed. All rights in and to the Software not expressly granted to Customer in this Agreement are expressly reserved for Genivia and its licensors. 5. DELIVERY AND PAYMENT. Immediately following the Effective Date, Genivia grants Customer the right to download the Software from the Approved Software Download Site specified in Exhibit A, and install the Software at the Authorized Site and use the Software as set forth in Section 2 subject to the restrictions listed in Section 3. Notwithstanding any terms or other agreements posted on the Approved Software Download Site, this Agreement shall be the sole and exclusive agreement governing Customer's use of the Software. Customer shall pay to Genivia the Software license fee set forth in Exhibit A. License fees will be invoiced with shipment of this License Agreement. Payment of all amounts invoiced shall be due sixty (60) days after receipt of the invoice. 172 Administrator Guide gSOAP All payments and amounts shall be paid without deduction, set-off or counter claim, free and clear of any restrictions or conditions, and without deduction for any taxes, levies, imposts, duties, fees, deductions, withholdings or other governmental charges. If any deduction is required to be made by law, Customer shall pay in the manner and at the same time such additional amounts as will result in receipt by Genivia of such amount as would have been received by Genivia had no such amount been required to be deducted. If Customer is claiming sales or use tax exemption, a certified Tax Exempt Certificate must be attached to this Agreement or applicable purchase order submitted by Customer. 6. TERM AND TERMINATION. This Agreement shall commence upon the Effective Date and is granted in perpetuity, but may be terminated without notice in the following circumstances: if you breach any term of this agreement, unless such breach is curable and is cured by Customer within thirty (30) days after notice of such breach is provided by Genivia; if you become the subject of insolvency proceedings; if you, being a firm or partnership, are dissolved; or if you destroy the Software for any reason. Upon termination, you or your representative shall destroy any remaining copies of the Software or otherwise return or dispose of such material. Termination pursuant to this clause shall not affect any rights or remedies, which Genivia may have otherwise under this license or at law. The following Sections shall survive any termination of this Agreement: Sections 1, 4, 6, and 8. Termination of this Agreement, if any, shall not affect any licenses or other grants of any rights, titles, or interests of Customer in or to any Run-Time Modules or the Target Application. 7. LIMITED WARRANTY. Genivia warrants that the Software, installation scripts, and future Updates will be provided to Customer. Customer assumes full responsibility for: (i) the selection, download, and installation of the Software from the Approved Software Download Site specified in Exhibit A; (ii) the proper use of the Software; (iii) verifying the results obtained from the use of the Software; and (iv) taking appropriate measures to prevent loss of data. Genivia does not warrant that the operation of the Software will meet Customer’s requirements or that Customer will be able to achieve any particular results from use or modification of the Software or that the Software will operate free from error. Acknowledgements 173 gSOAP EXCEPT AS EXPRESSLY SET FORTH IN SECTIONS 7 AND 8 OF THIS AGREEMENT, GENIVIA AND ITS LICENSORS DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND ANY WARRANTY THAT MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR COURSE OF DEALING. WITHOUT LIMITING THE FOREGOING, CUSTOMER ACKNOWLEDGES THAT THE SOFTWARE IS PROVIDED "AS IS" AND THAT GENIVIA DOES NOT WARRANT THE SOFTWARE WILL RUN UNINTERRUPTED OR ERROR FREE. THE ENTIRE RISK AS TO RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY CUSTOMER. UNDER NO CIRCUMSTANCES WILL GENIVIA BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN ANY WAY RELATED TO THE SOFTWARE, EVEN IF GENIVIA HAS BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES, BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL GENIVIA BE LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR SERVICES. CUSTOMER ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. GENIVIA EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY CUSTOMER. FOR PURPOSES OF THIS PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. 8. INFRINGEMENT INDEMNITY. 174 Administrator Guide gSOAP Genivia will defend at its expense any suit brought against Customer and will pay all damages finally awarded in such suit insofar as such suit is based on a claim that the Software as provided to Customer infringes a previously issued patent or copyright, provided that Genivia is notified promptly of such claim and is given full and complete authority (including settlement authority consistent with the other terms and conditions of this Agreement), information and assistance by Customer for such defense. In the event that the Software is held in any such suit to infringe such a right and its use is enjoined, or if in the opinion of Genivia the Software is likely to become the subject of such a claim, Genivia at its own election and expense will either (i) procure for Customer the right to continue using the Software or (ii) modify or replace the Software so that it becomes non-infringing while giving substantially equivalent performance. In the event that (i) or (ii) above are not, in Genivia’s sole determination, obtainable using reasonable commercial efforts, then Genivia may terminate this Agreement and refund amount Customer paid Genivia under this Agreement for the Software which is the subject of such claim. The indemnification obligation shall not apply to infringement actions or claims to the extent that such actions or claims are caused solely by: (i) modifications made to the Software by a party other than Genivia; and (ii) the combination of the Software with items not supplied or approved by Genivia. 9. GENERAL. Neither party shall be liable hereunder by reason of any failure or delay in the performance of its obligations hereunder (except for the payment of money) on account of strikes, shortages, riots, insurrection, fires, flood, storm, explosions, acts of God, war, governmental action, labor conditions, earthquakes, material shortages or any other cause which is beyond the reasonable control of such party. The Software is a "commercial item" as that term is defined at 48 C.F.R. 2.101, consisting of "commercial computer software" and "commercial computer software documentation" as such terms are used in 48 C.F.R. 12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4, Customer will provide the Software to U.S. Government End Users only pursuant to the terms and conditions therein. Customer may not delegate, assign or transfer this Agreement, the license(s) granted or any of Customer’s rights or duties hereunder without Genivia's express prior written consent, except by way of merger or acquisition of the business of Customer, and any attempt to do so shall be void. Genivia may assign this Agreement, and its rights and obligations hereunder, in its sole discretion. All Software and technical information delivered under this Agreement are subject to U.S. export control laws and may be subject to export or import regulations in other countries. Customer agrees to strictly comply with all such laws and regulations. Acknowledgements 175 gSOAP This Agreement is governed by California law, excluding any principle or provision that would call for the application of the law of any jurisdiction other than California. Any action regarding this Agreement shall be brought in a court of competent jurisdiction, federal or state, in the County of Santa Clara, California, and Genivia consents to venue and jurisdiction in and service of process from such court. EXHIBIT A 1. Genivia gSOAP Source Code Products. Original Source Code files suitable for compilation into Run-Time Modules for integration into a Target Application: dom.h dom++.h dom.c dom++.cpp dom.cpp soapdoc2.pdf soapdoc2.html stdsoap2.h stdsoap2.c stdsoap2.cpp stl.h stldeque.h stllist.h stlvector.h stlset.h samples/* (all example files included in the package under 'samples') uddi2/* (all of the UDDI v2 support files included in the package under 'uddi2') WS/* (all of the files included included in the package under 'WS' ) Updates to any of the Original Source Code files listed above and distributed by Genivia are also covered under this Agreement. Original Source Code files of the Software with development functionality not suitable for compilation and integration into Target Applications: src/error2.c src/error2.h src/init2.c src/soapcpp2.c src/soapcpp2.h src/soapcpp2_lex.l src/soapcpp2_yacc.y src/symbol2.c wsdl/dime.h wsdl/gwsdl.h wsdl/http.h 176 Administrator Guide gSOAP wsdl/imports.h wsdl/includes.h wsdl/mime.h wsdl/schema.cpp wsdl/schema.h wsdl/service.cpp wsdl/service.h wsdl/soap.cpp wsdl/soap.h wsdl/typemap.dat wsdl/types.cpp wsdl/types.h wsdl/wsdl.cpp wsdl/wsdl.h wsdl/wsdl2h.cpp The source codes above are part of the software development toolkit. The development toolkit generates source code that is suitable for compilation and integration into the Target Application as set forth by Sections 2 and 3. 2. Approved Software Download Site http://sourceforge.net/projects/gsoap2 3. Description of the Customer's Project and the Intended Functionality of the Target Application. ______________________________________________________________ _________ License Fee: $195.00 USD Authorized Site (address and building identification): ______________________________ IN WITNESS WHEREOF, the parties’ authorized representatives have executed this Agreement and Exhibit as of the Effective Date. GENIVIA By: Robert van Engelen Title: President Date: __________ Acknowledgements 177 gSOAP CUSTOMER __________ By: __________ Title: __________ Date: __________ This form must be completed, signed, and returned by email, mail, or fax to the following address to ensure prompt completion of the order. A copy can be send by email to expedite the execution of the Agreement. Genivia, Inc., Sales Department 3178 Shamrock East Tallahassee, FL32309, USA Email: [email protected] Voice: +1 (850) 264 2676 Fax: +1 (850) 893 1426 Genivia, Inc., Source Code License Agreement Jan 1, 2004, revised June 27, Aug 1, Aug 14, Oct 19, 2004; Mar 31, 2005, May 10, 2005. The gSOAP Public License The gSOAP Public License 1.3 is based on MPL1.1 (Mozilla Public License 1.1). The license allows for commercial use of gSOAP. It also allows products to be built on top and distributed under any license (including commercial). Products developed with gSOAP should include a notice of copyright and a disclaimer of warranty in the product's documentation (License Exhibit B). gSOAP source code modifications that are distributed part of an open source product should be submitted back to us for quality control. Please note that modifications to the gSOAP runtime source codes are not required to build applications so this requirement should not prohibit (commercial) product development in any way. 178 Administrator Guide gSOAP We also encourage suggestions for modifications to be submitted to the gSOAP mailing list for consideration in future releases. TERMS AND CONDITIONS OF USE gSOAP is copyrighted by Robert A. van Engelen, Genivia inc. Copyright (C) 2000-2003 Robert A. van Engelen, Genivia inc. All Rights Reserved. USE RESTRICTIONS You may not: (i) transfer rights to gSOAP or claim authorship; or (ii) remove any product identification, copyright, proprietary notices or labels from gSOAP. MAINTENANCE, SUPPORT AND UPDATES There is no obligation to maintain or support or update the Software in any way, or to provide updates or error corrections. WARRANTY THE AUTHORS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY RIGHTS, AND ANY WARRANTY THAT MAY ARISE BY REASON OF TRADE USAGE, CUSTOM, OR COURSE OF DEALING. WITHOUT LIMITING THE FOREGOING, YOU ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED "AS IS" AND THAT THE AUTHORS DO NOT WARRANT THE SOFTWARE WILL RUN UNINTERRUPTED OR ERROR FREE. Acknowledgements 179 gSOAP LIMITED LIABILITY THE ENTIRE RISK AS TO RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY YOU. UNDER NO CIRCUMSTANCES WILL THE AUTHORS BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER, WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN ANY WAY RELATED TO THE SOFTWARE, EVEN IF THE AUTHORS HAVE BEEN ADVISED ON THE POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN, AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES, BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL THE AUTHORS BE LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR SERVICES. YOU ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. THE AUTHORS EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY YOU. FOR PURPOSES OF THIS PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE. 180 Administrator Guide JRE JRE To download and install the software, follow the steps below. LEGAL NOTICE - READ BEFORE DOWNLOADING OR OTHERWISE USING THIS SOFTWARE. ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS, AND SUPPLEMENTAL RESTRICTIONS SET FORTH BELOW AND THE HP WARRANTY DISCLAIMER ATTACHED.CLICK ON THE "I ACCEPT" BOX BELOW TO INDICATE YOUR ACCEPTANCE OF THESE TERMS. IF YOU DO NOT ACCEPT THESE TERMS FULLY, YOU MAY NOT INSTALL OR OTHERWISE USE THE SOFTWARE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS NOTICE, INSTALLING OR OTHERWISE USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. The following terms govern your use of the Software unless you have a separate written agreement with HP. License grant HP grants you a license to Use one copy of the Software. "Use" means storing, loading, installing, executing or displaying the Software. You may not modify the Software or disable any licensing or control features of the Software. If the Software is licensed for "concurrent use", you may not allow more than the maximum number of authorized users to Use the Software concurrently. Ownership The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership in the Software and is not a sale of any rights in the Software. HP's third party suppliers may protect their rights in the event of any violation of these License Terms. Copies and Adaptations You may only make copies or adaptations of the Software for archival purposes or when copying or adaptation is an essential step in the authorized Use of the Software. You must reproduce all copyright notices in the original Software on all copies or adaptations. You may not copy the Software onto any bulletin board or similar system. No disassembly or decryption Acknowledgements 181 JRE You may not disassemble or decompile the Software unless HP's prior written consent is obtained. In some jurisdictions, HP's consent may not be required for disassembly or decompilation. Upon request, you will provide HP with reasonably detailed information regarding any disassembly or decompilation. You may not decrypt the Software unless decryption is a necessary part of the operation of the Software. Transfer Your license will automatically terminate upon any transfer of the Software. Upon transfer, you must deliver the Software, including any copies and related documentation, to the transferee. The transferee must accept these License Terms as a condition to the transfer. Termination HP may terminate your license upon notice for failure to comply with any of these License Terms. Upon termination, you must immediately destroy the Software, together with all copies, adaptations and merged portions in any form. Export requirements The software you are about to download contains cryptography technology. Some countries regulate the import, use and/or export of certain products with cryptography. HP makes no claims as to the applicability of local country import, use and/or export regulations in relation to the download of this product. If you are located outside the U.S. and Canada you are advised to consult your local country regulations to insure compliance. You may not export or re-export this software or any copy or adaptation in violation of any applicable laws or regulations. Without limiting the generality of the foregoing, hardware, software, technology or services provided under this license agreement may not be exported, reexported, transferred or downloaded to or within (or to a national resident of) countries under U.S. economic embargo including the following countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. This list is subject to change. 182 Administrator Guide JRE Hardware, software, technology or services may not be exported, reexported, transferred or downloaded to persons or entities listed on the U.S. Department of Commerce Denied Persons List, Entity List of proliferation concern or on any U.S. Treasury Department Designated Nationals exclusion list, or to parties directly or indirectly involved in the development or production of nuclear, chemical, biological weapons or in missile technology programs as specified in the U.S. Export Administration Regulations (15 CFR 744). By accepting this license agreement you confirm that you are not located in (or a national resident of) any country under U.S. economic embargo, not identified on any U.S. Department of Commerce Denied Persons List, Entity List or Treasury Department Designated Nationals exclusion list, and not directly or indirectly involved in the development or production of nuclear, chemical, biological weapons or in missile technology programs as specified in the U.S. Export Administration Regulations. U.S. government restricted rights The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item" as defined in FAR2.101(a), or as "Restricted computer software" as defined in FAR 52.227-19 (Jun 1987)(or any equivalent agency regulation or contract clause), whichever is applicable. You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved. Supplemental restrictions You acknowledge the Software is not designed or intended for use in on-line control of aircraft, air traffic, aircraft navigation, or aircraft communications; or in the design, construction, operation or maintenance of any nuclear facility. HP disclaims any express or implied warranty of fitness for such uses. Warranty at Download: HP warranty statement Duration of limited warranty: 90 days HP warrants to you, the end customer, that HP hardware, accessories, and supplies will be free from defects in materials and workmanship after the date of purchase for the period specified above. If HP receives notice of such defects during the warranty period, HP will, at its option, either repair or replace products which prove to be defective. Replacement products may be either new or equivalent in performance to new. Acknowledgements 183 JRE HP warrants to you that HP Software will not fail to execute its programming instructions after the date of purchase, for the period specified above, due to defects in materials and workmanship when properly installed and used. If HP receives notice of such defects during the warranty period, HP will replace Software which does not execute its programming instructions due to such defects. HP does not warrant that the operation of HP products will be uninterrupted or error free. If HP is unable, within a reasonable time, to repair or replace any product to a condition warranted, you will be entitled to a refund of the purchase price upon prompt return of the product. Alternatively, in the case of HP Software, you will be entitled to a refund of the purchase price upon prompt delivery to HP of written notice from you confirming destruction of the HP Software, together with all copies, adaptations, and merged portions in any form. HP products may contain remanufactured parts equivalent to new in performance or may have been subject to incidental use. Warranty does not apply to defects resulting from: a. Improper or inadequate maintenance or calibration; b. Software, interfacing, parts or supplies not supplied by HP, c. Unauthorized modification or misuse; d. Operation outside of the published environmental specifications for the product, or e. Improper site preparation or maintenance. TO THE EXTENT ALLOWED BY LOCAL LAW, THE ABOVE WARRANTIES ARE EXCLUSIVE AND NO OTHER WARRANTY OR CONDITION, WHETHER WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED AND HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, AND FITNESS FOR A PARTICULAR PURPOSE. Some countries, states, or provinces do not allow limitations on the duration of an implied warranty, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights and you might also have other rights that vary from country to country, state to state, or province to province. 184 Administrator Guide JRE TO THE EXTENT ALLOWED BY LOCAL LAW, THE REMEDIES IN THIS WARRANTY STATEMENT ARE YOUR SOLE AND EXCLUSIVE REMEDIES. EXCEPT AS INDICATED ABOVE, IN NO EVENT WILL HP OR ITS SUPPLIERS BE LIABLE FOR LOSS OF DATA OR FOR DIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL (INCLUDING LOST PROFIT OR DATA), OR OTHER DAMAGE, WHETHER BASED IN CONTRACT, TORT, OR OTHERWISE. Some countries, states, or provinces do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation may not apply to you. License Installed with Software: HP-UX Runtime Environment, for the Java(tm) 2 Platform ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS AND SUPPLEMENTAL RESTRICTIONS SET FORTH BELOW AND THE WARRANTY DISCLAIMER ATTACHED. IF YOU DO NOT ACCEPT THESE TERMS FULLY, YOU MAY NOT INSTALL OR OTHERWISE USE THE SOFTWARE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS NOTICE, INSTALLING OR OTHERWISE USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. HP SOFTWARE LICENSE TERMS The following terms govern your use of the Software unless you have a separate written agreement with HP. HP has the right to change these terms and conditions at any time, with or without notice. License Grant HP grants you a license to Use one copy of the Software. "Use" means storing, loading, installing, executing or displaying the Software. You may not modify the Software or disable any licensing or control features of the Software. If the Software is licensed for "concurrent use", you may not allow more than the maximum number of authorized users to Use the Software concurrently. Ownership The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership in the Software and is not a sale of any rights in the Software. HP's third party suppliers may protect their rights in the event of any violation of these License Terms. Copies and Adaptations You may only make copies or adaptations of the Software for archival purposes or when copying or adaptation is an essential step in the authorized Use of the Software. You must reproduce all copyright notices in the original Software on all copies or adaptations. You may not copy the Software onto any bulletin board or similar system. Acknowledgements 185 JRE No Disassembly or Decryption You may not disassemble or decompile the Software unless HP's prior written consent is obtained. In some jurisdictions, HP's consent may not be required for disassembly or decompilation. Upon request, you will provide HP with reasonably detailed information regarding any disassembly or decompilation. You may not decrypt the Software unless decryption is a necessary part of the operation of the Software. Transfer Your license will automatically terminate upon any transfer of the Software. Upon transfer, you must deliver the Software, including any copies and related documentation, to the transferee. The transferee must accept these License Terms as a condition to the transfer. Termination HP may terminate your license upon notice for failure to comply with any of these License Terms. Upon termination, you must immediately destroy the Software, together with all copies, adaptations and merged portions in any form. Export Requirements You may not export or re-export the Software or any copy or adaptation in violation of any applicable laws or regulations. This software or any copy or adaptation may not be exported, reexported or transferred to or within countries under U.S. economic embargo including the following countries: Afghanistan (Taliban-controlled areas), Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan and Syria. This list is subject to change. This software or any copy or adaptation may not be exported, reexported or transferred to persons or entities listed on the U.S. Department of Commerce Denied Parties List or on any U.S. Treasury Department Designated Nationals exclusion list, or to any party directly or indirectly involved in the development or production of nuclear, chemical, biological weapons or related missile technology programs as specified in the U.S. Export Administration Regulations (15 CFR 730). U.S. Government Restricted Rights 186 Administrator Guide JRE The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item" as defined in FAR2.101(a), or as "Restricted computer software" as defined in FAR 52.227-19 (Jun 1987)(or any equivalent agency regulation or contract clause), whichever is applicable. You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved. SUPPLEMENTAL RESTRICTIONS You acknowledge the Software is not designed or intended for use in on-line control of aircraft, air traffic, aircraft navigation, or aircraft communications; or in the design, construction, operation or maintenance of any nuclear facility. HP disclaims any express or implied warranty of fitness for such uses. ADDITIONAL SUPPLEMENTAL RESTRICTIONS FOR HP-UX RUNTIME ENVIRONMENT, FOR THE JAVA(TM) 2 PLATFORM * License to Distribute HP-UX Runtime Environment, for the Java(tm) 2 Platform. You are granted a royalty-free right to reproduce and distribute the HP-UX Runtime Environment, for Java provided that you distribute the HP-UX Runtime Environment, for the Java 2 Platform complete and unmodified, only as a part of, and for the sole purpose of running your Java compatible applet or application ("Program") into which the HP-UX Runtime Environment, for the Java 2 Platform is incorporated. * Java Platform Interface. Licensee may not modify the Java Platform Interface ("JPI", identified as classes contained within the "java" package or any subpackages of the "java" package), by creating additional classes within the JPI or otherwise causing the addition to or modification of the classes in the JPI. In the event that Licensee creates any Java-related API and distributes such API to others for applet or application development, Licensee must promptly publish broadly, an accurate specification for such API for free use by all developers of Java-based software. * You may make the HP-UX Runtime Environment, for the Java 2 Platform accessible to application programs developed by you provided that the programs allow such access only through the Invocation Interface specified and provided that you shall not expose or document other interfaces that permit access to such HP-UX Runtime Environment, for the Java 2 Platform. You shall not be restricted hereunder from exposing or documenting interfaces to software components that use or access the HP-UX Runtime Environment, for the Java 2 Platform. Acknowledgements 187 JRE HP WARRANTY STATEMENT DURATION OF LIMITED WARRANTY: 90 DAYS HP warrants to you, the end customer, that HP hardware, accessories, and supplies will be free from defects in materials and workmanship after the date of purchase for the period specified above. If HP receives notice of such defects during the warranty period, HP will, at its option, either repair or replace products which prove to be defective. Replacement products may be either new or equivalent in performance to new. HP warrants to you that HP Software will not fail to execute its programming instructions after the date of purchase, for the period specified above, due to defects in materials and workmanship when properly installed and used. If HP receives notice of such defects during the warranty period, HP will replace Software which does not execute its programming instructions due to such defects. HP does not warrant that the operation of HP products will be uninterrupted or error free. If HP is unable, within a reasonable time, to repair or replace any product to a condition warranted, you will be entitled to a refund of the purchase price upon prompt return of the product. Alternatively, in the case of HP Software, you will be entitled to a refund of the purchase price upon prompt delivery to HP of written notice from you confirming destruction of the HP Software, together with all copies, adaptations, and merged portions in any form. HP products may contain remanufactured parts equivalent to new in performance or may have been subject to incidental use. Warranty does not apply to defects resulting from: (a) improper or inadequate maintenance or calibration; (b) software,interfacing, parts or supplies not supplied by HP, (c) unauthorized modification or misuse; (d) operation outside of the published environmental specifications for the product, (e) improper site preparation or maintenance, or (f) the presence of code from HP suppliers embedded in or bundled with any HP product. 188 Administrator Guide JRE TO THE EXTENT ALLOWED BY LOCAL LAW, THE ABOVE WARRANTIES ARE EXCLUSIVE AND NO OTHER WARRANTY OR CONDITION, WHETHER WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED AND HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, AND FITNESS FOR A PARTICULAR PURPOSE. Some countries, states, or provinces do not allow limitations on the duration of an implied warranty, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights and you might also have other rights that vary from country to country, state to state, or province to province. TO THE EXTENT ALLOWED BY LOCAL LAW, THE REMEDIES IN THIS WARRANTY STATEMENT ARE YOUR SOLE AND EXCLUSIVE REMEDIES. EXCEPT AS INDICATED ABOVE, IN NO EVENT WILL HP OR ITS SUPPLIERS BE LIABLE FOR LOSS OF DATA OR FOR DIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL (INCLUDING LOST PROFIT OR DATA), OR OTHER DAMAGE, WHETHER BASED IN CONTRACT, TORT, OR OTHERWISE. Some countries, states, or provinces do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation may not apply to you. Acknowledgements 189 HP JRE 1.4.2.08 HP JRE 1.4.2.08 License RTE version 1.4.2.08 PA-RISC ATTENTION: ATTENTION: USE OF THE SOFTWARE IS SUBJECT TO THE HP SOFTWARE LICENSE TERMS AND SUPPLEMENTAL RESTRICTIONS SET FORTH BELOW, THIRD PARTY SOFTWARE LICENSE TERMS FOUND IN THE THIRDPARTYLICENSEREADME.TXT FILE AND THE WARRANTY DISCLAIMER ATTACHED. IF YOU DO NOT ACCEPT THESE TERMS FULLY, YOU MAY NOT INSTALL OR OTHERWISE USE THE SOFTWARE. NOTWITHSTANDING ANYTHING TO THE CONTRARY IN THIS NOTICE, INSTALLING OR OTHERWISE USING THE SOFTWARE INDICATES YOUR ACCEPTANCE OF THESE LICENSE TERMS. HP software license terms The following terms govern your use of the Software unless you have a separate written agreement with HP. HP has the right to change these terms and conditions at any time, with or without notice. License grant HP grants you a license to Use one copy of the Software. "Use" means storing, loading, installing, executing or displaying the Software. You may not modify the Software or disable any licensing or control features of the Software. If the Software is licensed for "concurrent use", you may not allow more than the maximum number of authorized users to Use the Software concurrently. Ownership The Software is owned and copyrighted by HP or its third party suppliers. Your license confers no title or ownership in the Software and is not a sale of any rights in the Software. HP's third party suppliers may protect their rights in the event of any violation of these License Terms. Third Party Code Some third-party code embedded or bundled with the Software is licensed to you under different terms and conditions as set forth in the THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions of any third party license identified in the THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and limitation of liability provisions in this license shall apply to all code distributed as part of or bundled with the Software. Source Code 190 Administrator Guide HP JRE 1.4.2.08 Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this license. Source code may not be redistributed unless expressly provided for in these License Terms. Copies and Adaptations You may only make copies or adaptations of the Software for archival purposes or when copying or adaptation is an essential step in the authorized Use of the Software. You must reproduce all copyright notices in the original Software on all copies or adaptations. You may not copy the Software onto any bulletin board or similar system. No disassembly or decryption You may not disassemble or decompile the Software unless HP's prior written consent is obtained. In some jurisdictions, HP's consent may not be required for disassembly or decompilation. Upon request, you will provide HP with reasonably detailed information regarding any disassembly or decompilation. You may not decrypt the Software unless decryption is a necessary part of the operation of the Software. Transfer Your license will automatically terminate upon any transfer of the Software. Upon transfer, you must deliver the Software, including any copies and related documentation, to the transferee. The transferee must accept these License Terms as a condition to the transfer. Termination HP may terminate your license upon notice for failure to comply with any of these License Terms. Upon termination, you must immediately destroy the Software, together with all copies, adaptations and merged portions in any form. Export requirements The software you are about to download contains cryptography technology. Some countries regulate the import, use and/or export of certain products with cryptography. HP makes no claims as to the applicability of local country import, use and/or export regulations in relation to the download of this product. If you are located outside the U.S. and Canada you are advised to consult your local country regulations to insure compliance. You may not export or re-export this software or any copy or adaptation in violation of any applicable laws or regulations. Acknowledgements 191 HP JRE 1.4.2.08 Without limiting the generality of the foregoing, hardware, software, technology or services provided under this license agreement may not be exported, reexported, transferred or downloaded to or within (or to a national resident of) countries under U.S. economic embargo including the following countries: Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. This list is subject to change. Hardware, software, technology or services may not be exported, reexported, transferred or downloaded to persons or entities listed on the U.S. Department of Commerce Denied Persons List, Entity List of proliferation concern or on any U.S. Treasury Department Designated Nationals exclusion list, or to parties directly or indirectly involved in the development or production of nuclear, chemical, biological weapons or in missile technology programs as specified in the U.S. Export Administration Regulations (15 CFR 744). By accepting this license agreement you confirm that you are not located in (or a national resident of) any country under U.S. economic embargo, not identified on any U.S. Department of Commerce Denied Persons List, Entity List or Treasury Department Designated Nationals exclusion list, and not directly or indirectly involved in the development or production of nuclear, chemical, biological weapons or in missile technology programs as specified in the U.S. Export Administration Regulations. U.S. government restricted rights The Software and any accompanying documentation have been developed entirely at private expense. They are delivered and licensed as "commercial computer software" as defined in DFARS 252.227-7013 (Oct 1988), DFARS 252.211-7015 (May 1991) or DFARS 252.227-7014 (Jun 1995), as a "commercial item" as defined in FAR2.101(a), or as "Restricted computer software" as defined in FAR 52.227-19 (Jun 1987)(or any equivalent agency regulation or contract clause), whichever is applicable. You have only those rights provided for such Software and any accompanying documentation by the applicable FAR or DFARS clause or the HP standard software agreement for the product involved. The owner is Hewlett-Packard Company, 3000 Hanover Street, Palo Alto, California 94304. Supplemental restrictions You acknowledge the Software is not designed or intended for use in on-line control of aircraft, air traffic, aircraft navigation, or aircraft communications; or in the design, construction, operation or maintenance of any nuclear facility. HP disclaims any express or implied warranty of fitness for such uses. ADDITIONAL SUPPLEMENTAL RESTRICTIONS FOR HP-UX RUNTIME ENVIRONMENT, FOR THE JAVA™ 2 PLATFORM 192 Administrator Guide HP JRE 1.4.2.08 License to Distribute HP-UX Runtime Environment, for the Java™ 2 Platform. You are granted a royalty-free right to reproduce and distribute the HP-UX Runtime Environment, for Java provided that you distribute the HP-UX Runtime Environment, for the Java 2 Platform complete and unmodified, only as a part of, and for the sole purpose of running your Java compatible applet or application ("Program") into which the HP-UX Runtime Environment, for the Java 2 Platform is incorporated. Java Platform Interface. Licensee may not modify the Java Platform Interface ("JPI", identified as classes contained within the "java" package or any subpackages of the "java" package), by creating additional classes within the JPI or otherwise causing the addition to or modification of the classes in the JPI. In the event that Licensee creates any Java-related API and distributes such API to others for applet or application development, Licensee must promptly publish broadly, an accurate specification for such API for free use by all developers of Java-based software. You may make the HP-UX Runtime Environment, for the Java 2 Platform accessible to application programs developed by you provided that the programs allow such access only through the Invocation Interface specified and provided that you shall not expose or document other interfaces that permit access to such HP-UX Runtime Environment, for the Java 2 Platform. You shall not be restricted hereunder from exposing or documenting interfaces to software components that use or access the HPUX Runtime Environment, for the Java 2 Platform. ________________________________________ HP warranty statement Duration of limited warranty: 90 days HP warrants to you, the end customer, that HP hardware, accessories, and supplies will be free from defects in materials and workmanship after the date of purchase for the period specified above. If HP receives notice of such defects during the warranty period, HP will, at its option, either repair or replace products which prove to be defective. Replacement products may be either new or equivalent in performance to new. HP warrants to you that HP Software will not fail to execute its programming instructions after the date of purchase, for the period specified above, due to defects in materials and workmanship when properly installed and used. If HP receives notice of such defects during the warranty period, HP will replace Software which does not execute its programming instructions due to such defects. Acknowledgements 193 HP JRE 1.4.2.08 HP does not warrant that the operation of HP products will be uninterrupted or error free. If HP is unable, within a reasonable time, to repair or replace any product to a condition warranted, you will be entitled to a refund of the purchase price upon prompt return of the product. Alternatively, in the case of HP Software, you will be entitled to a refund of the purchase price upon prompt delivery to HP of written notice from you confirming destruction of the HP Software, together with all copies, adaptations, and merged portions in any form. HP products may contain remanufactured parts equivalent to new in performance or may have been subject to incidental use. Warranty does not apply to defects resulting from: a. Improper or inadequate maintenance or calibration; b. Software, interfacing, parts or supplies not supplied by HP, c. Unauthorized modification or misuse; d. Operation outside of the published environmental specifications for the product, or e. Improper site preparation or maintenance. TO THE EXTENT ALLOWED BY LOCAL LAW, THE ABOVE WARRANTIES ARE EXCLUSIVE AND NO OTHER WARRANTY OR CONDITION, WHETHER WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED AND HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, AND FITNESS FOR A PARTICULAR PURPOSE. Some countries, states, or provinces do not allow limitations on the duration of an implied warranty, so the above limitation or exclusion may not apply to you. This warranty gives you specific legal rights and you might also have other rights that vary from country to country, state to state, or province to province. TO THE EXTENT ALLOWED BY LOCAL LAW, THE REMEDIES IN THIS WARRANTY STATEMENT ARE YOUR SOLE AND EXCLUSIVE REMEDIES. EXCEPT AS INDICATED ABOVE, IN NO EVENT WILL HP OR ITS SUPPLIERS BE LIABLE FOR LOSS OF DATA OR FOR DIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL (INCLUDING LOST PROFIT OR DATA), OR OTHER DAMAGE, WHETHER BASED IN CONTRACT, TORT, OR OTHERWISE. Some countries, states, or provinces do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation may not apply to you. 194 Administrator Guide IBM Developer Kit for Linux IBM Developer Kit for Linux IBM Developer Kit for Linux, Java 2 Technology Edition Acknowledgements 195 IBM Developer Kit for Linux International License Agreement for Non-Warranted Programs Part 1 - General Terms BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THE PROGRAM YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL ENTITY TO THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS, - DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, OR USE THE PROGRAM; AND - PROMPTLY RETURN THE PROGRAM AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM YOU ACQUIRED IT TO OBTAIN A REFUND OF THE AMOUNT YOU PAID. IF YOU DOWNLOADED THE PROGRAM, CONTACT THE PARTY FROM WHOM YOU ACQUIRED IT. "IBM" is International Business Machines Corporation or one of its subsidiaries. "License Information" ("LI") is a document that provides information specific to a Program. The Program's LI is available at http://www.ibm.com/software/sla/ . The LI may also be found in a file in the Program's directory, by the use of a system command, or as a booklet which accompanies the Program. "Program" is the following, including the original and all whole or partial copies: 1) machine-readable instructions and data, 2) components, 3) audiovisual content (such as images, text, recordings, or pictures), 4) related licensed materials, and 5) license use documents or keys, and documentation. A "Proof of Entitlement" ("PoE") is evidence of Your authorization to use a Program at a specified level. That level may be measured, for example, by the number of processors or users. The PoE is also evidence of Your eligibility for future upgrade prices, if any, and potential special or promotional opportunities. If IBM does not provide You with a PoE, then IBM may accept the original paid sales receipt or other sales record from the party (either IBM or its reseller) from whom You acquired the Program, provided that it specifies the name of the Program and the usage level acquired. "You" and "Your" refer either to an individual person or to a single legal entity. This Agreement includes Part 1 - General Terms, Part 2 - Country-unique Terms (if any), License Information, and Proof of Entitlement and is the complete agreement between You and IBM regarding the use of the Program. It replaces any prior oral or written communications between You and IBM concerning Your use of the Program. The terms of Part 2 and License Information may replace or modify those of Part 1. To the extent there is a conflict between the terms of this Agreement and those of the IBM International Passport Advantage Agreement, the terms of the latter 196 Administrator Guide IBM Developer Kit for Linux agreement prevail. 1. Entitlement License The Program is owned by IBM or an IBM supplier, and is copyrighted and licensed, not sold. IBM grants You a nonexclusive license to use the Program when You lawfully acquire it. You may 1) use the Program up to the level of use specified in the PoE and 2) make and install copies, including a backup copy, to support such use. The terms of this license apply to each copy You make. You will reproduce all copyright notices and all other legends of ownership on each copy, or partial copy, of the Program. If You acquire the Program as a program upgrade, after You install the upgrade You may not use the Program from which You upgraded or transfer it to another party. You will ensure that anyone who uses the Program (accessed either locally or remotely) does so only for Your authorized use and complies with the terms of this Agreement. You may not 1) use, copy, modify, or distribute the Program except as provided in this Agreement; 2) reverse assemble, reverse compile, or otherwise translate the Program except as specifically permitted by law without the possibility of contractual waiver; or 3) sublicense, rent, or lease the Program. IBM may terminate Your license if You fail to comply with the terms of this Agreement. If IBM does so, You must destroy all copies of the Program and its PoE. Money-back Guarantee If for any reason You are dissatisfied with the Program and You are the original licensee, You may obtain a refund of the amount You paid for it, if within 30 days of Your invoice date You return the Program and its PoE to the party from whom You obtained it. If You downloaded the Program, You may contact the party from whom You acquired it for instructions on how to obtain the refund. Program Transfer You may transfer a Program and all of Your license rights and obligations to another party only if that party agrees to the terms of this Agreement. When Acknowledgements 197 IBM Developer Kit for Linux You transfer the Program, You must also transfer a copy of this Agreement, including the Program's PoE. After the transfer, You may not use the Program. 2. Charges The amount payable for a Program license is a one-time charge. One-time charges are based on the level of use acquired which is specified in the PoE. IBM does not give credits or refunds for charges already due or paid, except as specified elsewhere in this Agreement. If You wish to increase the level of use, notify IBM or the party from whom You acquired it and pay any applicable charges. If any authority imposes a duty, tax, levy or fee, excluding those based on IBM's net income, upon the Program, then You agree to pay the amount specified or supply exemption documentation. You are responsible for any personal property taxes for the Program from the date that You acquire it. 3. No Warranty SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE EXCLUDED, IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, REGARDING THE PROGRAM OR TECHNICAL SUPPORT, IF ANY. The exclusion also applies to any of IBM's Program developers and suppliers. Manufacturers, suppliers, or publishers of non-IBM Programs may provide their own warranties. IBM does not provide technical support, unless IBM specifies otherwise. 4. Limitation of Liability Circumstances may arise where, because of a default on IBM's part or other liability, You are entitled to recover damages from IBM. In each such instance, regardless of the basis on which You may be entitled to claim damages from IBM, (including fundamental breach, negligence, misrepresentation, or other contract or tort claim), IBM is liable for no more than 1) damages for bodily injury (including death) and damage to real property and tangible personal property and 2) the amount of any other actual direct damages up to the charges for the Program that is the subject of the claim. This limitation of liability also applies to IBM's Program developers and suppliers. It is the maximum for which they and IBM are collectively responsible. 198 Administrator Guide IBM Developer Kit for Linux UNDER NO CIRCUMSTANCES IS IBM, ITS PROGRAM DEVELOPERS OR SUPPLIERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: 1. LOSS OF, OR DAMAGE TO, DATA; 2. SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; OR 3. LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY NOT APPLY TO YOU. 5. General 1. Nothing in this Agreement affects any statutory rights of consumers that cannot be waived or limited by contract. 2. In the event that any provision of this Agreement is held to be invalid or unenforceable, the remaining provisions of this Agreement remain in full force and effect. 3. You agree to comply with all applicable export and import laws and regulations. 4. You agree to allow IBM to store and use Your contact information, including names, phone numbers, and e-mail addresses, anywhere they do business. Such information will be processed and used in connection with our business relationship, and may be provided to contractors, Business Partners, and assignees of IBM for uses consistent with their collective business activities, including communicating with You (for example, for processing orders, for promotions, and for market research). 5. Neither You nor IBM will bring a legal action under this Agreement more than two years after the cause of action arose unless otherwise provided by local law without the possibility of contractual waiver or limitation. 6. Neither You nor IBM is responsible for failure to fulfill any obligations due to causes beyond its control. 7. This Agreement will not create any right or cause of action for any third party, nor will IBM be responsible for any third party claims against You except, as permitted by the Limitation of Liability section above, for bodily injury (including death) or damage to real or tangible personal property for which IBM is legally liable. Acknowledgements 199 IBM Developer Kit for Linux 6. Governing Law, Jurisdiction, and Arbitration Governing Law Both You and IBM consent to the application of the laws of the country in which You acquired the Program license to govern, interpret, and enforce all of Your and IBM's rights, duties, and obligations arising from, or relating in any manner to, the subject matter of this Agreement, without regard to conflict of law principles. The United Nations Convention on Contracts for the International Sale of Goods does not apply. Jurisdiction All of our rights, duties, and obligations are subject to the courts of the country in which You acquired the Program license. Part 2 - Country-unique Terms AMERICAS ARGENTINA: Governing Law, Jurisdiction, and Arbitration (Section 6): The following exception is added to this section: Any litigation arising from this Agreement will be settled exclusively by the Ordinary Commercial Court of the city of Buenos Aires. BRAZIL: Governing Law, Jurisdiction, and Arbitration (Section 6): The following exception is added to this section: Any litigation arising from this Agreement will be settled exclusively by the court of Rio de Janeiro, RJ. CANADA: General (Section 5): The following replaces item 7: 7. This Agreement will not create any right or cause of action for any third party, nor will IBM be responsible for any third party claims against You except as permitted by the Limitation of Liability section above for bodily injury (including death) or physical harm to real or tangible personal property caused by IBM's negligence for which IBM is legally liable." Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws in the Province of Ontario" 200 Administrator Guide IBM Developer Kit for Linux PERU: Limitation of Liability (Section 4): The following is added at the end of this section: In accordance with Article 1328 of the Peruvian Civil Code, the limitations and exclusions specified in this section will not apply to damages caused by IBM's willful misconduct ("dolo") or gross negligence ("culpa inexcusable"). UNITED STATES OF AMERICA: General (Section 5): The following is added to this section: U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by the GSA ADP Schedule Contract with the IBM Corporation. Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws of the State of New York, United States of America ASIA PACIFIC AUSTRALIA: No Warranty (Section 3): The following is added: Although IBM specifies that there are no warranties, You may have certain rights under the Trade Practices Act 1974 or other legislation and are only limited to the extent permitted by the applicable legislation. Limitation of Liability (Section 4): The following is added: Where IBM is in breach of a condition or warranty implied by the Trade Practices Act 1974, IBM's liability is limited to the repair or replacement of the goods, or the supply of equivalent goods. Where that condition or warranty relates to right to sell, quiet possession or clear title, or the goods are of a kind ordinarily acquired for personal, domestic or household use or consumption, then none of the limitations in this paragraph apply. Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws of the State or Territory in which You acquired the Program license CAMBODIA, LAOS, and VIETNAM: Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws of the State of New York, United States of America The following is added to this section: Acknowledgements 201 IBM Developer Kit for Linux Arbitration Disputes arising out of or in connection with this Agreement shall be finally settled by arbitration which shall be held in Singapore in accordance with the Arbitration Rules of Singapore International Arbitration Center ("SIAC Rules") then in effect. The arbitration award shall be final and binding for the parties without appeal and shall be in writing and set forth the findings of fact and the conclusions of law. The number of arbitrators shall be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties shall appoint a third arbitrator who shall act as chairman of the proceedings. Vacancies in the post of chairman shall be filled by the president of the SIAC. Other vacancies shall be filled by the respective nominating party. Proceedings shall continue from the stage they were at when the vacancy occurred. If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator shall be the sole arbitrator, provided that the arbitrator was validly and properly appointed. All proceedings shall be conducted, including all documents presented in such proceedings, in the English language. The English language version of this Agreement prevails over any other language version. HONG KONG S.A.R. and MACAU S.A.R. of China: Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws of Hong Kong Special Administrative Region of China INDIA: Limitation of Liability (Section 4): The following replaces the terms of items 1 and 2 of the first paragraph: 1) liability for bodily injury (including death) or damage to real property and tangible personal property will be limited to that caused by IBM's negligence; and 2) as to any other actual damage arising in any situation involving nonperformance by IBM pursuant to, or in any way related to the subject of this Agreement, IBM's liability will be limited to the charge paid by You for the individual Program that is the subject of the claim. General (Section 5): The following replaces the terms of item 5: If no suit or other legal action is brought, within three years after the cause of action arose, in respect of any claim that either party may have against the other, the rights of the concerned party in respect of such claim will be forfeited and the other party will stand released from its obligations in respect 202 Administrator Guide IBM Developer Kit for Linux of such claim. Governing Law, Jurisdiction, and Arbitration (Section 6): The following is added to this section: Arbitration Disputes arising out of or in connection with this Agreement shall be finally settled by arbitration which shall be held in Bangalore, India in accordance with the laws of India then in effect. The arbitration award shall be final and binding for the parties without appeal and shall be in writing and set forth the findings of fact and the conclusions of law. The number of arbitrators shall be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties shall appoint a third arbitrator who shall act as chairman of the proceedings. Vacancies in the post of chairman shall be filled by the president of the Bar Council of India. Other vacancies shall be filled by the respective nominating party. Proceedings shall continue from the stage they were at when the vacancy occurred. If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator shall be the sole arbitrator, provided that the arbitrator was validly and properly appointed. All proceedings shall be conducted, including all documents presented in such proceedings, in the English language. The English language version of this Agreement prevails over any other language version. JAPAN: General (Section 5): The following is inserted after item 5: Any doubts concerning this Agreement will be initially resolved between us in good faith and in accordance with the principle of mutual trust. MALAYSIA: Limitation of Liability (Section 4): The word "SPECIAL" in item 2 of the third paragraph is deleted: NEW ZEALAND: No Warranty (Section 3): The following is added: Although IBM specifies that there are no warranties, You may have certain rights under the Consumer Guarantees Act 1993 or other legislation which cannot be excluded or limited. The Consumer Guarantees Act 1993 will not apply in respect of any goods which IBM provides, if You require the goods for the purposes of a business as defined in that Act. Limitation of Liability (Section 4): The following is added: Where Programs are not acquired for the purposes of a business as defined in Acknowledgements 203 IBM Developer Kit for Linux the Consumer Guarantees Act 1993, the limitations in this Section are subject to the limitations in that Act. PEOPLE'S REPUBLIC OF CHINA: Charges (Section 2): The following is added: All banking charges incurred in the People's Republic of China will be borne by You and those incurred outside the People's Republic of China will be borne by IBM. Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws of the country in which You acquired the Program license" in the Governing Law subsection is replaced by the following: the laws of the State of New York, United States of America (except when local law requires otherwise) PHILIPPINES: Limitation of Liability (Section 4): The following replaces the terms of item 2 of the third paragraph: 2. special (including nominal and exemplary damages), moral, incidental, or indirect damages or for any economic consequential damages; or Governing Law, Jurisdiction, and Arbitration (Section 6): The following is added to this section: Arbitration Disputes arising out of or in connection with this Agreement shall be finally settled by arbitration which shall be held in Metro Manila, Philippines in accordance with the laws of the Philippines then in effect. The arbitration award shall be final and binding for the parties without appeal and shall be in writing and set forth the findings of fact and the conclusions of law. The number of arbitrators shall be three, with each side to the dispute being entitled to appoint one arbitrator. The two arbitrators appointed by the parties shall appoint a third arbitrator who shall act as chairman of the proceedings. Vacancies in the post of chairman shall be filled by the president of the Philippine Dispute Resolution Center, Inc. Other vacancies shall be filled by the respective nominating party. Proceedings shall continue from the stage they were at when the vacancy occurred. If one of the parties refuses or otherwise fails to appoint an arbitrator within 30 days of the date the other party appoints its, the first appointed arbitrator shall be the sole arbitrator, provided that the arbitrator was validly and properly appointed. All proceedings shall be conducted, including all documents presented in such proceedings, in the English language. The English language version of this Agreement prevails over any other language version. 204 Administrator Guide IBM Developer Kit for Linux SINGAPORE: Limitation of Liability (Section 4): The words "SPECIAL" and "ECONOMIC" are deleted from item 2 of the third paragraph. General (Section 5): The following replaces the terms of item 7: Subject to the rights provided to IBM's suppliers and Program developers as provided in Section 4 above (Limitation of Liability), a person who is not a party to this Agreement shall have no right under the Contracts (Right of Third Parties) Act to enforce any of its terms. EUROPE, MIDDLE EAST, AFRICA (EMEA) No Warranty (Section 3): In the European Union, the following is added at the beginning of this section: In the European Union, consumers have legal rights under applicable national legislation governing the sale of consumer goods. Such rights are not affected by the provisions of this Section 3. Limitation of Liability (Section 4): In Austria, Denmark, Finland, Greece, Italy, Netherlands, Norway, Portugal, Spain, Sweden and Switzerland, the following replaces the terms of this section in its entirety: Except as otherwise provided by mandatory law: 1. IBM's liability for any damages and losses that may arise as a consequence of the fulfillment of its obligations under or in connection with this agreement or due to any other cause related to this agreement is limited to the compensation of only those damages and losses proved and actually arising as an immediate and direct consequence of the non-fulfillment of such obligations (if IBM is at fault) or of such cause, for a maximum amount equal to the charges You paid for the Program. The above limitation shall not apply to damages for bodily injuries (including death) and damages to real property and tangible personal property for which IBM is legally liable. 2. UNDER NO CIRCUMSTANCES IS IBM, OR ANY OF ITS PROGRAM DEVELOPERS, LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; 3) LOST PROFITS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF THE EVENT THAT GENERATED THE DAMAGES; OR 4) LOSS OF BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. 3. The limitation and exclusion of liability herein agreed applies not only to the activities performed by IBM but also to the activities performed by its suppliers and Program developers, and represents the maximum amount for which IBM Acknowledgements 205 IBM Developer Kit for Linux as well as its suppliers and Program developers, are collectively responsible. Limitation of Liability (Section 4): In France and Belgium, the following replaces the terms of this section in its entirety: Except as otherwise provided by mandatory law: 1. IBM's liability for any damages and losses that may arise as a consequence of the fulfillment of its obligations under or in connection with this agreement is limited to the compensation of only those damages and losses proved and actually arising as an immediate and direct consequence of the non-fulfillment of such obligations (if IBM is at fault), for a maximum amount equal to the charges You paid for the Program that has caused the damages. The above limitation shall not apply to damages for bodily injuries (including death) and damages to real property and tangible personal property for which IBM is legally liable. 2. UNDER NO CIRCUMSTANCES IS IBM, OR ANY OF ITS PROGRAM DEVELOPERS, LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL OR INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; 3) LOST PROFITS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF THE EVENT THAT GENERATED THE DAMAGES; OR 4) LOSS OF BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED SAVINGS. 3. The limitation and exclusion of liability herein agreed applies not only to the activities performed by IBM but also to the activities performed by its suppliers and Program developers, and represents the maximum amount for which IBM as well as its suppliers and Program developers, are collectively responsible. Governing Law, Jurisdiction, and Arbitration (Section 6) Governing Law The phrase "the laws of the country in which You acquired the Program license" is replaced by: 1) "the laws of Austria" in Albania, Armenia, Azerbeijan, Belarus, BosniaHerzegovina, Bulgaria, Croatia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, FYR Macedonia, Moldavia, Poland, Romania, Russia, Slovakia, Slovenia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and FR Yugoslavia; 2) "the laws of France" in Algeria, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis & Futuna; 3) "the laws of Finland" in Estonia, Latvia, and Lithuania; 206 Administrator Guide IBM Developer Kit for Linux 4) "the laws of England" in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe; and 5) "the laws of South Africa" in South Africa, Namibia, Lesotho and Swaziland. Jurisdiction The following exceptions are added to this section: 1) In Austria the choice of jurisdiction for all disputes arising out of this Agreement and relating thereto, including its existence, will be the competent court of law in Vienna, Austria (Inner-City); 2) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, West Bank/Gaza, Yemen, Zambia, and Zimbabwe all disputes arising out of this Agreement or related to its execution, including summary proceedings, will be submitted to the exclusive jurisdiction of the English courts; 3) in Belgium and Luxembourg, all disputes arising out of this Agreement or related to its interpretation or its execution, the law, and the courts of the capital city, of the country of Your registered office and/or commercial site location only are competent; 4) in France, Algeria, Benin, Burkina Faso, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis & Futuna all disputes arising out of this Agreement or related to its violation or execution, including summary proceedings, will be settled exclusively by the Commercial Court of Paris; 5) in Russia, all disputes arising out of or in relation to the interpretation, the violation, the termination, the nullity of the execution of this Agreement shall be settled by Arbitration Court of Moscow; 6) in South Africa, Namibia, Lesotho and Swaziland, both of us agree to submit all disputes relating to this Agreement to the jurisdiction of the High Court in Johannesburg; 7) in Turkey all disputes arising out of or in connection with this Agreement shall be resolved by the Istanbul Central (Sultanahmet) Courts and Execution Directorates of Istanbul, the Republic of Turkey; 8) in each of the following specified countries, any legal claim arising out of this Agreement will be brought before, and settled exclusively by, the competent court of a) Athens for Greece, b) Tel Aviv-Jaffa for Israel, c) Milan for Italy, d) Lisbon for Portugal, and e) Madrid for Spain; and 9) in the United Kingdom, both of us agree to submit all disputes relating to this Agreement to the jurisdiction of the English courts. Acknowledgements 207 IBM Developer Kit for Linux Arbitration In Albania, Armenia, Azerbeijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, FYR Macedonia, Moldavia, Poland, Romania, Russia, Slovakia, Slovenia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and FR Yugoslavia all disputes arising out of this Agreement or related to its violation, termination or nullity will be finally settled under the Rules of Arbitration and Conciliation of the International Arbitral Center of the Federal Economic Chamber in Vienna (Vienna Rules) by three arbitrators appointed in accordance with these rules. The arbitration will be held in Vienna, Austria, and the official language of the proceedings will be English. The decision of the arbitrators will be final and binding upon both parties. Therefore, pursuant to paragraph 598 (2) of the Austrian Code of Civil Procedure, the parties expressly waive the application of paragraph 595 (1) figure 7 of the Code. IBM may, however, institute proceedings in a competent court in the country of installation. In Estonia, Latvia and Lithuania all disputes arising in connection with this Agreement will be finally settled in arbitration that will be held in Helsinki, Finland in accordance with the arbitration laws of Finland then in effect. Each party will appoint one arbitrator. The arbitrators will then jointly appoint the chairman. If arbitrators cannot agree on the chairman, then the Central Chamber of Commerce in Helsinki will appoint the chairman. AUSTRIA: No Warranty (Section 3): The terms of this section are completely replaced by the following: The following limited warranty applies if You have paid a charge to obtain the Program: The warranty period is twelve months from the date of delivery. The limitation period for consumers in action for breach of warranty is the statutory period as a minimum. The warranty for an IBM Program covers the functionality of the Program for its normal use and the Program's conformity to its specifications. IBM warrants that when the Program is used in the specified operating environment it will conform to its specifications. IBM does not warrant uninterrupted or error-free operation of the Program or that IBM will correct all Program defects. You are responsible for the results obtained from the use of the Program. The warranty applies only to the unmodified portion of the Program. If the Program does not function as warranted during the warranty period and the problem cannot be resolved with information available. You may return the Program to the party from whom You acquired it and receive a refund in the 208 Administrator Guide IBM Developer Kit for Linux amount You paid. If You downloaded the Program, You may contact the party from whom You acquired it to obtain the refund. This is our sole obligation to You, except as otherwise required by applicable statutory law. General (Section 5): The following is added to item 4: For purposes of this clause, contact information will also include information about You as a legal entity, for example revenue data and other transactional information. GERMANY: No Warranty (Section 3): The same changes apply as those in No Warranty (Section 3) under Austria above. Limitation of Liability (Section 4): The following paragraph is added to this Section: The limitations and exclusions specified in this Section will not apply to damages caused by IBM intentionally or by gross negligence. General (Section 5): The following replaces the terms of item 5: Any claims resulting from this Agreement are subject to a statute of limitation of three years, except as stated in Section 3 (No Warranty) of this Agreement. HUNGARY: Limitation of Liability (Section 4): The following is added at the end of this section: The limitation and exclusion specified herein shall not apply to liability for a breach of contract damaging life, physical well-being, or health that has been caused intentionally, by gross negligence, or by a criminal act. The parties accept the limitations of liability as valid provisions and state that the Section 314.(2) of the Hungarian Civil Code applies as the acquisition price as well as other advantages arising out of the present Agreement balance this limitation of liability. IRELAND: No Warranty (Section 3): The following is added to this section: Except as expressly provided in these terms and conditions, or section 12 of the Sale of Goods Act 1893 (as amended by the Sale of Goods and Supply of Services Act 1980 ("the 1980 Act")), all conditions and warranties (express or implied, statutory or otherwise) are hereby excluded including, without limitation, any warranties implied by the Sale of Goods Act 1893 as amended by the 1980 Act (including, for the avoidance of doubt, section 39 of the 1980 Act). Limitation of Liability (Section 4): The following replaces the terms of this Acknowledgements 209 IBM Developer Kit for Linux section in its entirety: For the purposes of this section, a "Default" means any act, statement, omission, or negligence on the part of IBM in connection with, or in relation to, the subject matter of an Agreement in respect of which IBM is legally liable to You whether in contract or tort. A number of Defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one Default occurring on the date of occurrence of the last such Default. Circumstances may arise where, because of a Default, You are entitled to recover damages from IBM. This section sets out the extent of IBM's liability and Your sole remedy. 1. IBM will accept unlimited liability for (a) death or personal injury caused by the negligence of IBM, and (b) subject always to the Items for Which IBM is Not Liable below, for physical damage to Your tangible property resulting from the negligence of IBM. 2. Except as provided in item 1 above, IBM's entire liability for actual damages for any one Default will not in any event exceed the greater of 1) EUR 125,000, or 2) 125% of the amount You paid for the Program directly relating to the Default. These limits also apply to any of IBM's suppliers and Program developers. They state the maximum for which IBM and such suppliers and Program developers are collectively responsible. Items for Which IBM is Not Liable Save with respect to any liability referred to in item 1 above, under no circumstances is IBM or any of its suppliers or Program developers liable for any of the following, even if IBM or they were informed of the possibility of such losses: 1. loss of, or damage to, data; 2. special, indirect, or consequential loss; or 3. loss of profits, business, revenue, goodwill, or anticipated savings. ITALY: General (Section 5): The following is added to this section: IBM and Customer (hereinafter, individually, "Party") shall comply with all the obligations of the applicable provisions of law and/or regulation on personal data protection. Each of the Parties will indemnify and keep the other Party harmless from any damage, claim, cost or expense incurred by the latter, directly and or indirectly, as a consequence of an infringement of the other Party of the mentioned provisions of law and/or regulations. SLOVAKIA: Limitation of Liability (Section 4): The following is added to the end of the last paragraph: 210 Administrator Guide IBM Developer Kit for Linux The limitations apply to the extent they are not prohibited under §§ 373-386 of the Slovak Commercial Code. General (Section 5): The terms of item 5 are replaced with the following: THE PARTIES AGREE THAT, AS DEFINED BY APPLICABLE LOCAL LAW, ANY LEGAL OR OTHER ACTION RELATED TO A BREACH OF THIS AGREEMENT MUST BE COMMENCED NO LATER THAN FOUR YEARS FROM THE DATE ON WHICH THE CAUSE OF ACTION AROSE. SWITZERLAND: General (Section 5): The following is added to item 4: For purposes of this clause, contact information will also include information about You as a legal entity, for example revenue data and other transactional information. UNITED KINGDOM: No Warranty (Section 3): The following replaces the first sentence in the first paragraph of this section: SUBJECT TO ANY STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED, IBM MAKES NO WARRANTY OR CONDITION EITHER EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) THE IMPLIED WARRANTIES OF SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT, REGARDING THE PROGRAM. Limitation of Liability (Section 4): The following replaces the terms of this section in its entirety: For the purposes of this section, a "Default" means any act, statement, omission, or negligence on the part of IBM in connection with, or in relation to, the subject matter of an Agreement in respect of which IBM is legally liable to You, whether in contract or tort. A number of Defaults which together result in, or contribute to, substantially the same loss or damage will be treated as one Default. Circumstances may arise where, because of a Default, You are entitled to recover damages from IBM. This section sets out the extent of IBM's liability and Your sole remedy. 1. IBM will accept unlimited liability for: a. death or personal injury caused by the negligence of IBM; b. any breach of its obligations implied by Section 12 of the Sale of Goods Act 1979 or Section 2 of the Supply of Goods and Services Act 1982, or any statutory modification or re-enactment of either such Section; and c. subject always to the Items for Which IBM is Not Liable below, for physical Acknowledgements 211 IBM Developer Kit for Linux damage to Your tangible property resulting from the negligence of IBM. 2. IBM's entire liability for actual damages for any one Default will not in any event, except as provided in item 1 above, exceed the greater of 1) £75,000, or 2) 125% of the amount You paid for the Program directly relating to the Default. These limits also apply to IBM's suppliers and Program developers. They state the maximum for which IBM and such suppliers and Program developers are collectively responsible. Items for Which IBM is Not Liable Save with respect to any liability referred to in item 1 above, under no circumstances is IBM or any of its suppliers or Program developers liable for any of the following, even if IBM or they were informed of the possibility of such losses: 1. loss of, or damage to, data; 2. special, indirect, or consequential loss; or 3. loss of profits, business, revenue, goodwill, or anticipated savings. Z125-5589-03 (11/2002) LICENSE INFORMATION The Programs listed below are licensed under the following terms and conditions in addition to those of the International License Agreement for NonWarranted Programs. Program Name: IBM(R) 31-bit Runtime Environment for Linux(R) on zSeries(TM), Java(TM) 2 Technology Edition, Version 1.4 Program Number: 5648-C98 Authorization for Use on Home/Portable Computer: 1 EXPLANATIONS OF TERMS: Authorization for Use on Home/Portable Computer: "1" means that the Program may be stored on the primary machine and another machine, provided that the Program is not in active use on both machines at the same time. "2" means that You may not copy and use this Program on another computer without paying additional license fees. Specified Operating Environment The Program's specifications and specified operating environment information may be found in documentation accompanying the Program, if available, such as a read-me file, or other information published by IBM, such as an 212 Administrator Guide IBM Developer Kit for Linux announcement letter. Program-unique Terms 1. GENERAL To the extent of any conflict between the terms of the International License Agreement for Non-Warranted Programs and this License Information, the terms of this License Information shall prevail. WHERE THE PROGRAM HAS BEEN PROVIDED TO YOU SEPARATELY BY IBM, IT IS PROVIDED AT NO CHARGE. The Program consists of binary code that executes on the operating system(s) specified in Readme files that accompany the Program. 3. TRADEMARKS AND COPYRIGHT: YOUR RESPONSIBILITIES a) You shall not modify, delete, suppress, or obscure any copyright, trademark or other legal notice (whether from IBM or any third party) which may be displayed by or included within the Program. b) Java and all Java-based Trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. c) You recognize IBM's and Sun Microsystems, Inc.'s ownership and title to their respective trademarks and of any goodwill attaching thereto, including goodwill resulting from use. You will not use or attempt to register any trademark which is confusingly similar to such IBM or Sun trademarks. 3. PROOF OF ENTITLEMENT This License Agreement constitutes your Proof of Entitlement. D/N: L-ADAN-5YWF2Z P/N: L-ADAN-5YWF2Z Acknowledgements 213 Jakarta Jakarta Licenses The Apache Software Foundation uses various licenses to distribute software and documentation, to accept regular contributions from individuals and corporations, and to accept larger grants of existing software products. We are also in the process of updating the Apache licenses to reflect changes in the community regarding patents and contributing. These licenses help us achieve our goal of providing reliable and long-lived software products through collaborative open source software development. In all cases, contributors retain full rights to use their original contributions for any other purpose outside of Apache while providing the ASF and its projects the right to distribute and build upon their work within Apache. Licensing of Distributions All software produced by The Apache Software Foundation or any of its projects or subjects is licensed according to the terms of the documents listed below. Apache License, Version 2.0 (current) http://www.apache.org/licenses/LICENSE-2.0 (TXT or HTML) The 2.0 version of the Apache License was approved by the ASF in 2004. The goals of this license revision have been to reduce the number of frequently asked questions, to allow the license to be reusable without modification by any project (including non-ASF projects), to allow the license to be included by reference instead of listed in every file, to clarify the license on submission of contributions, to require a patent license on contributions that necessarily infringe the contributor's own patents, and to move comments regarding Apache and other inherited attribution notices to a location outside the license terms (the NOTICE file). The result is a license that is supposed to be compatible with other open source licenses while remaining true to the original goals of the Apache Group and supportive of collaborative development across both nonprofit and commercial organizations. The Apache Software Foundation is still trying to determine if this version of the Apache License is compatible with the GPL. All packages produced by the ASF are implicitly licensed under the Apache License, Version 2.0, unless otherwise explicitly stated. More developer documentation on how to apply the Apache License to your work can be found in Applying the Apache License, Version 2.0. Apache License, Version 1.1 (historic) 214 Administrator Guide Jakarta http://www.apache.org/licenses/LICENSE-1.1 The 1.1 version of the Apache License was approved by the ASF in 2000. The primary change from the 1.0 license is in the 'advertising clause' (section 3 of the 1.0 license); derived products are no longer required to include attribution in their advertising materials, but only in their documentation. Individual packages licensed under the 1.1 version may use different wording due to varying requirements for attribution or mark identification, but the binding terms were all the same. Apache License, Version 1.0 (historic) http://www.apache.org/licenses/LICENSE-1.0 This is the original Apache License which applies only to older versions of Apache packages (such as version 1.2 of the Web server). Contributor License Agreements The ASF desires that all contributors of ideas, code, or documentation to the Apache projects complete, sign, and submit (via snailmail or fax) a Individual Contributor License Agreement (CLA) [PDF form]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to the ASF and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. A signed CLA is required to be on file before an individual is given commit rights to an ASF project. For a corporation that has assigned employees to work on an Apache project, a Corporate CLA (CCLA) is available for contributing intellectual property via the corporation that may have been assigned as part of an employment agreement. Note that a Corporate CLA does not remove the need for every developer to sign their own CLA as an individual, to cover their contributions that are not owned by the corporation signing the CCLA. Note: If you choose to send this document via fax, rather than via traditional postal mail, then be absolutely sure that you have sent it correctly. Often faxes are received back-to-front, blank, or totally illegible. Software Grants When an individual or corporation decides to donate a body of existing software or documentation to one of the Apache projects, they need to execute a formal Software Grant agreement with the ASF. Typically, this is done after negotiating approval with the ASF Incubator or one of the PMCs, since the ASF will not accept software unless there is a viable community available to support a collaborative project. Acknowledgements 215 Open SSL Open SSL LICENSE ISSUES ============== The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact [email protected]. OpenSSL License --------------/* ================================================ ==================== * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * * 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: * "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)" * 216 Administrator Guide Open SSL * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. * * 5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project. * * 6. Redistributions of any form whatsoever must retain the following acknowledgment: * "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)" * * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * ================================================ ==================== * * This product includes cryptographic software written by Eric Young ([email protected]). This product includes software written by Tim Hudson ([email protected]). * */ Original SSLeay License Acknowledgements 217 Open SSL ----------------------/* Copyright (C) 1995-1998 Eric Young ([email protected]) * All rights reserved. * * This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL. * * This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, * lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]). * * Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. * If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. * This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. * * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software must display the following acknowledgement: 218 Administrator Guide Open SSL * "This product includes cryptographic software written by Eric Young ([email protected])" * The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-). * 4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: * "This product includes software written by Tim Hudson ([email protected])" * * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence * [including the GNU Public Licence.] */ Acknowledgements 219 PCRE PCRE PCRE LICENCE -----------PCRE is a library of functions to support regular expressions whose syntax and semantics are as close as possible to those of the Perl 5 language. Release 5 of PCRE is distributed under the terms of the "BSD" licence, as specified below. The documentation for PCRE, supplied in the "doc" directory, is distributed under the same terms as the software itself. Written by: Philip Hazel <[email protected]> University of Cambridge Computing Service, Cambridge, England. Phone: +44 1223 334714. Copyright (c) 1997-2004 University of Cambridge All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the University of Cambridge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 220 Administrator Guide PCRE THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. End Acknowledgements 221 Struts Struts Licenses The Apache Software Foundation uses various licenses to distribute software and documentation, to accept regular contributions from individuals and corporations, and to accept larger grants of existing software products. We are also in the process of updating the Apache licenses to reflect changes in the community regarding patents and contributing. These licenses help us achieve our goal of providing reliable and long-lived software products through collaborative open source software development. In all cases, contributors retain full rights to use their original contributions for any other purpose outside of Apache while providing the ASF and its projects the right to distribute and build upon their work within Apache. Licensing of Distributions All software produced by The Apache Software Foundation or any of its projects or subjects is licensed according to the terms of the documents listed below. Apache License, Version 2.0 (current) http://www.apache.org/licenses/LICENSE-2.0 (TXT or HTML) The 2.0 version of the Apache License was approved by the ASF in 2004. The goals of this license revision have been to reduce the number of frequently asked questions, to allow the license to be reusable without modification by any project (including non-ASF projects), to allow the license to be included by reference instead of listed in every file, to clarify the license on submission of contributions, to require a patent license on contributions that necessarily infringe the contributor's own patents, and to move comments regarding Apache and other inherited attribution notices to a location outside the license terms (the NOTICE file). The result is a license that is supposed to be compatible with other open source licenses while remaining true to the original goals of the Apache Group and supportive of collaborative development across both nonprofit and commercial organizations. The Apache Software Foundation is still trying to determine if this version of the Apache License is compatible with the GPL. All packages produced by the ASF are implicitly licensed under the Apache License, Version 2.0, unless otherwise explicitly stated. More developer documentation on how to apply the Apache License to your work can be found in Applying the Apache License, Version 2.0. Apache License, Version 1.1 (historic) 222 Administrator Guide Struts http://www.apache.org/licenses/LICENSE-1.1 The 1.1 version of the Apache License was approved by the ASF in 2000. The primary change from the 1.0 license is in the 'advertising clause' (section 3 of the 1.0 license); derived products are no longer required to include attribution in their advertising materials, but only in their documentation. Individual packages licensed under the 1.1 version may use different wording due to varying requirements for attribution or mark identification, but the binding terms were all the same. Apache License, Version 1.0 (historic) http://www.apache.org/licenses/LICENSE-1.0 This is the original Apache License which applies only to older versions of Apache packages (such as version 1.2 of the Web server). Contributor License Agreements The ASF desires that all contributors of ideas, code, or documentation to the Apache projects complete, sign, and submit (via snailmail or fax) a Individual Contributor License Agreement (CLA) [PDF form]. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to the ASF and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. A signed CLA is required to be on file before an individual is given commit rights to an ASF project. For a corporation that has assigned employees to work on an Apache project, a Corporate CLA (CCLA) is available for contributing intellectual property via the corporation that may have been assigned as part of an employment agreement. Note that a Corporate CLA does not remove the need for every developer to sign their own CLA as an individual, to cover their contributions that are not owned by the corporation signing the CCLA. Note: If you choose to send this document via fax, rather than via traditional postal mail, then be absolutely sure that you have sent it correctly. Often faxes are received back-to-front, blank, or totally illegible. Software Grants When an individual or corporation decides to donate a body of existing software or documentation to one of the Apache projects, they need to execute a formal Software Grant agreement with the ASF. Typically, this is done after negotiating approval with the ASF Incubator or one of the PMCs, since the ASF will not accept software unless there is a viable community available to support a collaborative project. Acknowledgements 223 Sun JDK Sun JDK Sun Microsystems, Inc. Binary Code License Agreement for the JAVATM 2 SOFTWARE DEVELOPMENT KIT (J2SDK), STANDARD EDITION, VERSION 1.4.2_X SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT. INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON AT THE BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE. 1.DEFINITIONS. "Software" means the identified above in binary form, any other machine readable materials (including, but not limited to, libraries, source files, header files, and data files), any updates or error corrections provided by Sun, and any user manuals, programming guides and other documentation provided to you by Sun under this Agreement. "Programs" mean Java applets and applications intended to run on the Java 2 Platform, Standard Edition (J2SETM platform) platform on Java-enabled general purpose desktop computers and servers. 2.LICENSE TO USE. Subject to the terms and conditions of this Agreement, including, but not limited to the Java Technology Restrictions of the Supplemental License Terms, Sun grants you a non-exclusive, nontransferable, limited license without license fees to reproduce and use internally Software complete and unmodified for the sole purpose of running Programs. Additional licenses for developers and/or publishers are granted in the Supplemental License Terms. 224 Administrator Guide Sun JDK 3.RESTRICTIONS. Software is confidential and copyrighted. Title to Software and all associated intellectual property rights is retained by Sun and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. You acknowledge that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Sun Microsystems, Inc. disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms. 4.LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90) days from the date of purchase, as evidenced by a copy of the receipt, the media on which Software is furnished (if any) will be free of defects in materials and workmanship under normal use. Except for the foregoing, Software is provided "AS IS". Your exclusive remedy and Sun's entire liability under this limited warranty will be at Sun's option to replace Software media or refund the fee paid for Software. Any implied warranties on the Software are limited to 90 days. Some states do not allow limitations on duration of an implied warranty, so the above may not apply to you. This limited warranty gives you specific legal rights. You may have others, which vary from state to state. 5.DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. 6.LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid by you for Software under this Agreement. The foregoing limitations will apply even if the above stated warranty fails of its essential purpose. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be applicable to you. Acknowledgements 225 Sun JDK 7.SOFTWARE UPDATES FROM SUN. You acknowledge that at your request or consent optional features of the Software may download, install, and execute applets, applications, software extensions, and updated versions of the Software from Sun ("Software Updates"), which may require you to accept updated terms and conditions for installation. If additional terms and conditions are not presented on installation, the Software Updates will be considered part of the Software and subject to the terms and conditions of the Agreement. 8.SOFTWARE FROM SOURCES OTHER THAN SUN. You acknowledge that, by your use of optional features of the Software and/or by requesting services that require use of the optional features of the Software, the Software may automatically download, install, and execute software applications from sources other than Sun ("Other Software"). Sun makes no representations of a relationship of any kind to licensors of Other Software. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE OTHER SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be applicable to you. 9.TERMINATION. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software. This Agreement will terminate immediately without notice from Sun if you fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon Termination, you must destroy all copies of Software. 10.EXPORT REGULATIONS. All Software and technical data delivered under this Agreement are subject to US export control laws and may be subject to export or import regulations in other countries. You agree to comply strictly with all such laws and regulations and acknowledge that you have the responsibility to obtain such licenses to export, re-export, or import as may be required after delivery to you. 11.TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks inures to Sun's benefit. 226 Administrator Guide Sun JDK 12.U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government's rights in Software and accompanying documentation will be only as set forth in this Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and 12.212 (for non-DOD acquisitions). 13.GOVERNING LAW. Any action related to this Agreement will be governed by California law and controlling U.S. federal law. No choice of law rules of any jurisdiction will apply. 14.SEVERABILITY. If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted, unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate. 15.INTEGRATION. This Agreement is the entire agreement between you and Sun relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be binding, unless in writing and signed by an authorized representative of each party. SUPPLEMENTAL LICENSE TERMS These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement. Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement . These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software. A.Software Internal Use and Development License Grant. Subject to the terms and conditions of this Agreement, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a nonexclusive, non-transferable, limited license without fees to reproduce internally and use internally the Software complete and unmodified (unless otherwise specified in the applicable README file) for the purpose of designing, developing, and testing your Programs. Acknowledgements 227 Sun JDK B.License to Distribute Software. Subject to the terms and conditions of this Agreement, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified (unless otherwise specified in the applicable README file) and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software (unless otherwise specified in the applicable README file), (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. C.License to Distribute Redistributables. Subject to the terms and conditions of this Agreement, including but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, nontransferable, limited license without fees to reproduce and distribute those files specifically identified as redistributable in the Software "README" file ("Redistributables") provided that: (i) you distribute the Redistributables complete and unmodified (unless otherwise specified in the applicable README file), and only bundled as part of Programs, (ii) you do not distribute additional software intended to supersede any component(s) of the Redistributables (unless otherwise specified in the applicable README file), (iii) you do not remove or alter any proprietary legends or notices contained in or on the Redistributables, (iv) you only distribute the Redistributables pursuant to a license agreement that protects Sun's interests consistent with the terms contained in the Agreement, (v) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. 228 Administrator Guide Sun JDK D.Java Technology Restrictions. You may not modify the Java Platform Interface ("JPI", identified as classes contained within the "java" package or any subpackages of the "java" package), by creating additional classes within the JPI or otherwise causing the addition to or modification of the classes in the JPI. In the event that you create an additional class and associated API(s) which (i) extends the functionality of the Java platform, and (ii) is exposed to third party software developers for the purpose of developing additional software which invokes such additional API, you must promptly publish broadly an accurate specification for such API for free use by all developers. You may not create, or authorize your licensees to create, additional classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or similar convention as specified by Sun in any naming convention designation. Acknowledgements 229 Sun JDK E.Distribution by Publishers. This section pertains to your distribution of the Software with your printed book or magazine (as those terms are commonly used in the industry) relating to Java technology ("Publication"). Subject to and conditioned upon your compliance with the restrictions and obligations contained in the Agreement, in addition to the license granted in Paragraph 1 above, Sun hereby grants to you a non-exclusive, nontransferable limited right to reproduce complete and unmodified copies of the Software on electronic media (the "Media") for the sole purpose of inclusion and distribution with your Publication(s), subject to the following terms: (i) You may not distribute the Software on a stand-alone basis; it must be distributed with your Publication(s); (ii) You are responsible for downloading the Software from the applicable Sun web site; (iii) You must refer to the Software as JavaTM 2 Software Development Kit, Standard Edition, Version 1.4.2; (iv) The Software must be reproduced in its entirety and without any modification whatsoever (including, without limitation, the Binary Code License and Supplemental License Terms accompanying the Software and proprietary rights notices contained in the Software); (v) The Media label shall include the following information: Copyright 2003, Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. Sun, Sun Microsystems, the Sun logo, Solaris, Java, the Java Coffee Cup logo, J2SE , and all trademarks and logos based on Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. This information must be placed on the Media label in such a manner as to only apply to the Sun Software; (vi) You must clearly identify the Software as Sun's product on the Media holder or Media label, and you may not state or imply that Sun is responsible for any third-party software contained on the Media; (vii) You may not include any third party software on the Media which is intended to be a replacement or substitute for the Software; (viii) You shall indemnify Sun for all damages arising from your failure to comply with the requirements of this Agreement. In addition, you shall defend, at your expense, any and all claims brought against Sun by third parties, and shall pay all damages awarded by a court of competent jurisdiction, or such settlement amount negotiated by you, arising out of or in connection with your use, reproduction or distribution of the Software and/or the Publication. Your obligation to provide indemnification under this section shall arise provided that Sun: (i) provides you prompt notice of the claim; (ii) gives you sole control of the defense and settlement of the claim; (iii) provides you, at your expense, with all available information, assistance and authority to defend; and (iv) has not compromised or settled such claim without your prior written consent; and (ix) You shall provide Sun with a written notice for each Publication; such notice shall include the following information: (1) title of Publication, (2) author(s), (3) date of Publication, and (4) ISBN or ISSN numbers. Such notice shall be sent to Sun Microsystems, Inc., 4150 Network Circle, M/S USCA12-110, Santa Clara, California 95054, U.S.A , Attention: Contracts Administration. F.Source Code. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this Agreement. Source code may not be redistributed unless expressly provided for in this Agreement. 230 Administrator Guide Sun JDK G.Third Party Code. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions of any third party opensource/freeware license identified in the THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and limitation of liability provisions in paragraphs 5 and 6 of the Binary Code License Agreement shall apply to all Software in this distribution. For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. (LFI#141496/Form ID#011801) Acknowledgements 231 Sun JDK Third Party Licenses Related to JDK A) The following software may be included in this product: CS CodeViewer v1.0; Use of any of this software is governed by the terms of the license below: Copyright 1999 by CoolServlets.com. Any errors or suggested improvements to this class can be reported as instructed on CoolServlets.com. We hope you enjoy this program... your comments will encourage further development! This software is distributed under the terms of the BSD License. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither name of CoolServlets.com nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY COOLSERVLETS.COM AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." B) The following software may be included in this product: DES and 3xDES ; Use of any of this software is governed by the terms of the license below: "Copyright 2000 by Jef Poskanzer <[email protected]>. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 232 Administrator Guide Sun JDK 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." C) The following software may be included in this product: Crimson v1.1.1 ; Use of any of this software is governed by the terms of the license below: /* * The Apache Software License, Version 1.1 * Copyright (c) 1999-2000 The Apache Software Foundation. All rights reserved. * * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: * "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." Acknowledgements 233 Sun JDK * Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. * 4. The names "Crimson" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. * 5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * ================================================ ==================== * This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation and was originally based on software copyright (c) 1999, International Business Machines, Inc., http://www.ibm.com. For more information on the Apache Software Foundation, please see <http://www.apache.org/>. */ D) The following software may be included in this product: Xalan J2; Use of any of this software is governed by the terms of the license below: /* * The Apache Software License, Version 1.1 * Copyright (c) 1999-2000 The Apache Software Foundation. All rights reserved. * 234 Administrator Guide Sun JDK * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: * 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * 3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: * "This product includes software developed by the Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear. * 4. The names "Xalan" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected]. * 5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation. * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * ================================================ ==================== Acknowledgements 235 Sun JDK * This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation and was originally based on software copyright (c) 1999, International Business Machines, Inc., http://www.ibm.com. For more information on the Apache Software Foundation, please see <http://www.apache.org/>. */ E) The following software may be included in this product: NSIS 1.0j; Use of any of this software is governed by the terms of the license below: Copyright (C) 1999-2000 Nullsoft, Inc. This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Justin Frankel [email protected]" F) Some Portions licensed from IBM are available at: http://oss.software.ibm.com/icu4j/ G) Portions Copyright Eastman Kodak Company 1992 H) Lucida is a registered trademark or trademakr of Bigelow & Holmes in the U.S. and other countries. I) Portions licensed from Taligent, Inc. 236 Administrator Guide Sun JRE 1.5 Sun JRE 1.5 Sun Microsystems, Inc. Binary Code License Agreement for the JAVA 2 PLATFORM STANDARD EDITION RUNTIME ENVIRONMENT 5.0 SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT"). PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT. INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON AT THE BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT CONTINUE. 1. DEFINITIONS. "Software" means the identified above in binary form, any other machine readable materials (including, but not limited to, libraries, source files, header files, and data files), any updates or error corrections provided by Sun, and any user manuals, programming guides and other documentation provided to you by Sun under this Agreement. "Programs" mean Java applets and applications intended to run on the Java 2 Platform Standard Edition (J2SE platform) platform on Java-enabled general purpose desktop computers and servers. 2. LICENSE TO USE. Subject to the terms and conditions of this Agreement, including, but not limited to the Java Technology Restrictions of the Supplemental License Terms, Sun grants you a non-exclusive, nontransferable, limited license without license fees to reproduce and use internally Software complete and unmodified for the sole purpose of running Programs. Additional licenses for developers and/or publishers are granted in the Supplemental License Terms. 3. RESTRICTIONS. Software is confidential and copyrighted. Title to Software and all associated intellectual property rights is retained by Sun and/or its licensors. Unless enforcement is prohibited by applicable law, you may not modify, decompile, or reverse engineer Software. You acknowledge that Licensed Software is not designed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Sun Microsystems, Inc. disclaims any express or implied warranty of fitness for such uses. No right, title or interest in or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement. Additional restrictions for developers and/or publishers licenses are set forth in the Supplemental License Terms. Acknowledgements 237 Sun JRE 1.5 4. LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90) days from the date of purchase, as evidenced by a copy of the receipt, the media on which Software is furnished (if any) will be free of defects in materials and workmanship under normal use. Except for the foregoing, Software is provided "AS IS". Your exclusive remedy and Sun's entire liability under this limited warranty will be at Sun's option to replace Software media or refund the fee paid for Software. Any implied warranties on the Software are limited to 90 days. Some states do not allow limitations on duration of an implied warranty, so the above may not apply to you. This limited warranty gives you specific legal rights. You may have others, which vary from state to state. 5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. 6. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid by you for Software under this Agreement. The foregoing limitations will apply even if the above stated warranty fails of its essential purpose. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be applicable to you. 7. TERMINATION. This Agreement is effective until terminated. You may terminate this Agreement at any time by destroying all copies of Software. This Agreement will terminate immediately without notice from Sun if you fail to comply with any provision of this Agreement. Either party may terminate this Agreement immediately should any Software become, or in either party's opinion be likely to become, the subject of a claim of infringement of any intellectual property right. Upon Termination, you must destroy all copies of Software. 8. EXPORT REGULATIONS. All Software and technical data will be governed by California law and controlling U.S. federal law. No choice of law rules of any jurisdiction will apply. 238 Administrator Guide Sun JRE 1.5 9. TRADEMARKS AND LOGOS. You acknowledge and agree as between you and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related trademarks, service marks, logos and other brand designations ("Sun Marks"), and you agree to comply with the Sun Trademark and Logo Usage Requirements currently located at http://www.sun.com/policies/trademarks. Any use you make of the Sun Marks inures to Sun's benefit. 10. U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government's rights in Software and accompanying documentation will be only as set forth in this Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and 12.212 (for non-DOD acquisitions). 11. GOVERNING LAW. Any action related to this Agreement will be governed by California law and controlling U.S. federal law. No choice of law rules of any jurisdiction will apply. 12. SEVERABILITY. If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted, unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate. 13. INTEGRATION. This Agreement is the entire agreement between you and Sun relating to its subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be binding, unless in writing and signed by an authorized representative of each party. SUPPLEMENTAL LICENSE TERMS These Supplemental License Terms add to or modify the terms of the Binary Code License Agreement. Capitalized terms not defined in these Supplemental Terms shall have the same meanings ascribed to them in the Binary Code License Agreement . These Supplemental Terms shall supersede any inconsistent or conflicting terms in the Binary Code License Agreement, or in any license contained within the Software. Acknowledgements 239 Sun JRE 1.5 A. Software Internal Use and Development License Grant. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software "README" file, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce internally and use internally the Software complete and unmodified for the purpose of designing, developing, and testing your Programs. B. License to Distribute Software. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software README file, including, but not limited to the Java Technology Restrictions of these Supplemental Terms, Sun grants you a non-exclusive, non-transferable, limited license without fees to reproduce and distribute the Software, provided that (i) you distribute the Software complete and unmodified and only bundled as part of, and for the sole purpose of running, your Programs, (ii) the Programs add significant and primary functionality to the Software, (iii) you do not distribute additional software intended to replace any component(s) of the Software, (iv) you do not remove or alter any proprietary legends or notices contained in the Software, (v) you only distribute the Software subject to a license agreement that protects Sun's interests consistent with the terms contained in this Agreement, and (vi) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that arises or results from the use or distribution of any and all Programs and/or Software. C. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create, modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or similar convention as specified by Sun in any naming convention designation. D. Source Code. Software may contain source code that, unless expressly licensed for other purposes, is provided solely for reference purposes pursuant to the terms of this Agreement. Source code may not be redistributed unless expressly provided for in this Agreement. E. Third Party Code. Additional copyright notices and license terms applicable to portions of the Software are set forth in the THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions of any third party opensource/freeware license identified in the THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and limitation of liability provisions in paragraphs 5 and 6 of the Binary Code License Agreement shall apply to all Software in this distribution. For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. (LFI#141623/Form ID#011801) 240 Administrator Guide Sun JRE Sun JRE Copyright 1994-2005 Sun Microsystems, Inc. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: Redistribution of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistribution in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of Sun Microsystems, Inc. or the names of contributors may be used to endorse or promote products derived from this software without specific prior written permission. This software is provided "AS IS," without a warranty of any kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. You acknowledge that this software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear facility. Acknowledgements 241 XERCES XERCES The Apache Software License, Version 2.0 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). 242 Administrator Guide XERCES "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: Acknowledgements 243 XERCES (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 244 Administrator Guide XERCES 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. Acknowledgements 245 XERCES You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. 246 Administrator Guide XMLSEC XMLSEC The Apache Software License, Version 2.0 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). Acknowledgements 247 XMLSEC "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: 248 Administrator Guide XMLSEC (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. Acknowledgements 249 XMLSEC 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright [yyyy] [name of copyright owner] Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. 250 Administrator Guide zlib You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. zlib /* zlib.h -- interface of the 'zlib' general purpose compression library version 1.2.2, October 3rd, 2004 Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any damages arising from the use of this software. Permission is granted to anyone to use this software for any purpose, including commercial applications, and to alter it and redistribute it freely, subject to the following restrictions: 1. The origin of this software must not be misrepresented; you must not claim that you wrote the original software. If you use this software in a product, an acknowledgment in the product documentation would be appreciated but is not required. 2. Altered source versions must be plainly marked as such, and must not be misrepresented as being the original software. 3. This notice may not be removed or altered from any source distribution. Jean-loup Gailly [email protected] Mark Adler [email protected] The data format used by the zlib library is described by RFCs (Request for Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format) Acknowledgements 251 Index A D access permissions admin server • 76 administrator view • 75 acknowledgements • 165 admin server • See user accounts, See guest account, See discovering machines, See defined, See administrator accounts, See access rights administrator rights at installation • 77 Alert basic components • 93 broadcast option • 99 configuring • 98 email option • 101 eTrust Audit option • 101 pager option • 101 policy • 94 sample TNG scenarios • 100 SMTP option • 102 SNMP option • 102 trouble ticket option • 102 Unicenter TNG option • 99 Alert Manager • 96, 98 alert policy • 94 default organization defined • 32 discovery for machines outside local subnet • 33 how it works • 31 distribution of configuration changes • 41 download signatures list how it works • 62 B G branches management • 37 guest account on admin server • 79 C characteristics of viruses • 159 collecting system metrics • 73 command line scanner • 105 components of eTrust Antivirus • 10 computer infection symptoms • 158 configuration communication ports • 99 of Alert • 98 of machines in security network • 20 proxy • 41 settings • 43 content updates getting • 15 E editing Alert port configurations • 99 effects of computer viruses • 159 email option (Alert) • 101 email policies • 57 eTrust Audit option (Alert) • 101 eTrust Threat Management Console access • 75 configuration settings • 43 e-mail policies • 57 Organization tree • 37 viewing logs • 67 window • 20 ETRUSTAV console • 147 I ICF files granting administrator rights at installation time • 77 inherited user rights • 80 INOC6.ICF administrator rights at installation • 77 Inocmd32 • 105 InoSetAlert script • 103 InoSetApproved script • 32, 77 integrating with Unicenter NSM • 131 interpreting pager messages • 101 J Java plug-in • 24 Index 253 L local alert manager • 103 local scanner service manager • 71 logs collecting system metrics • 73 scheduled job policy • 67 using with ODBC • 73 M managing daemons • 71 NetApp filers • 142 NetApp scanners • 137 N network drives • 54 O ODBC (using with logs) • 73 organization tree • 37 branch management • 37 computer management • 69 OS X menu bar • 50 P pager recipients testing • 102 PERFMON • 74 Performance Monitor • 74 policies alert forwarding • 94 email • 57 enforcement of • 43 legacy signature distribution • 55 locking settings • 44 precedence • 44 scheduled jobs • 52 scheduled scanner • 52 send for analysis • 56 port configuration • 99 product components • 10 proxy server configuration • 41 considerations • 42 override option • 42 R realtime monitor 254 Administrator Guide on UNIX • 46 snooze option • 50 system tray options • 50 recipient pager testing • 102 remote management eTrust Threat Management Console • 20 reports reports tab • 83 rights administrator • 77 running Alert Manager • 98 S scan settings using the command line scanner Inocmd32 • 105 scanning network drives • 54 scheduled jobs viewing logs for multiple machines • 67 security administrator view • 75 authorized administrator accounts • 78 service manager • 71 snooze option • 50 specified user rights • 80 subnets discovering • 31 suggestions for staying infection-free • 15 symptoms of a computer infection • 158 system metrics information • 73 T Threat Management Server access rights • 76 administrator accounts • 78 defined • 10 discovering machines • 31 guest account • 79 user accounts • 79 trouble ticket option • 102 types of viruses • 157 U Unicenter Network and Systems Management (integration with) • 131 Unicenter TNG (using with Alert) • 99 UNIX access permissions • 76 alert notification • 103 approved server • 32, 77 CAIENF • 46 InoSetApproved • 32, 77 managing daemons • 71 notification facility • 103 realtime monitor • 46 root user • 76 root user installation • 77 subnets • 32 user rights characteristics • 80 V viruses characteristics of • 159 effects of • 159 signature updates for • 15 symptoms of • 158 types of • 157 W windows administrator view • 20 Windows system tray • 50 WorldView • 134 Index 255