In emergencies, one should be able to use antivirus definitions from the Rescue Disk itself. Unfortunately, that isn't the case. ZDNet offers a workaround.
Data security has become a paramount concern for computer users. Given the constant stream of news stories reporting on virus attacks and security exploits, it's imperative that people keep their virus scanning software active and up-to-date. But what happens when the antivirus software doesn't behave as expected? BugNet has tested and verified a situation where Symantec's Norton AntiVirus 2001 (NAV), does not work as expected. BugNet reader, Joseph Taylor discovered that when scanning a system using the NAV Rescue Disks, the documented commands wouldn't allow him to scan the C: drive. Even when he told the program to scan all drives except for the floppies, it still only scanned the NAV floppy. Fortunately, by altering the command line options, Taylor was able to correct the problem.
The problem
Antivirus software usually runs in the background, protecting PCs by examining files as they are opened or by scheduling periodic disk scans. At times, users also need to manually scan their systems if they suspect that a virus has infected it. This can happen if someone disables real-time virus protection or if a new, unknown virus infects the system.
Once a PC is infected, all programs on that PC are suspect, so it's important to boot from a known and uninfected source. NAV provides a way to do this. Rescue Disk is a set of bootable floppies that can be created when NAV is installed. They allow the user to boot the system from floppies that are known to be free of any viruses. The user can then scan the infected hard drive and remove any viruses before they do more damage.
Under normal conditions, NAV's default Rescue Disk option will scan the C: drive using the virus definition files from the hard disk. These files are installed with NAV and are routinely updated using Symantec's LiveUpdate feature. However, if those files are corrupt, out-of-date, or if you need to scan a system that has never had NAV installed on it, then the Rescue Disk can be configured to use the virus definition files from the floppies. It is this configuration option that isn't working as documented. By telling NAV to use the configuration files from the floppy instead of the hard disk, the program gets confused and tries to scan only the floppy--even when it is specifically told to scan the hard disks.
Altered commands
Booting from the NAV Rescue Disk automatically starts a character-based menu system. Selecting "Norton AntiVirus" will create a DOS command that a user can modify if required. Surprisingly, NAV provides little documentation for modifying these commands. Most of the information on the advanced command line options must be gleaned from the Internet or by running the executable from the command line using the "/?" option (in other words, "NAVDX.EXE /?"). The default DOS command will scan and repair the boot records, memory, and the C: drive. The command looks like this:
NAVDX.EXE C: /b+ /m+ /repair
However, if you want NAV to use the configuration and virus definition files from the floppy, Symantec's online documentation recommends the following command:
navdx.exe /cfg:a /a /doallfiles /repair
where the "/cfg:a" option tells NAV to use the virus definition files from the floppy and the "/a" option tells NAV to scan all disks except for the floppies. The problem is that this combination of command line options will only scan the floppy.
After trying a couple different options, Taylor discovered a combination that would instruct NAV to scan C: but use the virus definition files from the floppy. The command looks like this:
navdx.exe c: /cfg:a /doallfiles /repair
Nowhere in the documentation or on the Web does Symantec explain this option. For people familiar with DOS command line options, inserting a "C:" might be the first thing they try. But many Windows computer users have never used MS-DOS.
One other note, during our testing we did discover that this bug does not occur when the command is typed from a genuine command prompt. In other words, if you were to boot from a regular floppy, then insert the NAV program disk, and type "navdx.exe /cfg:a /a /doallfiles /repair" from the MS-DOS prompt, NAV will behave as expected. The problem seems to lie within NAV's Rescue Disk menu program.
This bug was verified on Norton AntiVirus 2001 and SystemWorks 2001. Currently, there is no patch available so this workaround is the only solution for those wanting to scan the C: drive but use the virus definition files from A:
6%
3%
