Computer Associates
Technical Support

Title: INEXCHSV.EXE Update for Exchange AV Agent and Lotus Notes AV Agent
Product: Inoculan 4.0 &InoculateIT 4.5x (Enterprise, Advance and Workgroup Edition)
Platform: Windows NT
Date: June 14, 1999

The INEXCHSV.EXE program module is responsible for scanning e-mail messages in real-time, for both the Exchange and Lotus Notes AV Agents.

To update the AV Exchange Agent and AV Notes Agent to detect the Win95.ZippedFiles trojan (aka Worm.ExploreZip) this update is required. This update and the latest signature files (4.12f) are required to detect the Win95.ZippedFiles trojan (aka. Worm.ExploreZip) in the Exchange AV Agent and Notes AV Agent Real-time Scanner.

The module INEXCHSV.EXE is installed under one of the following service names depending on the software installed:

InoculateIT: InoculateIT E-mail Server
Inoculan: InocuLAN Exchange AV Server

The patch is available for the following versions of the product:

InoculateIT 4.5x Intel x86
Inoculan 4.x Intel x86
Inoculan 4.x DEC Alpha


Here are the steps to apply....

1) Dowload the apprioate patch from the table below:

Inex_ae.zip

Inoculan 4.0 Alpha English

Inex_af.zip

Inoculan 4.0 Alpha French

Inex_ag.zip

Inoculan 4.0 Alpha German

Inex_aj.zip

Inoculan 4.0 Alpha Japanese

Inex_ak.zip

Inoculan 4.0 Alpha Korean

Inex_ie.zip

Inoculan 4.0 Intel English

Inex_if.zip

Inoculan 4.0 Intel French

Inex_ig.zip

Inoculan 4.0 Intel German

Inex_ij.zip

Inoculan 4.0 Intel Japanese

Inex_ik.zip

Inoculan 4.0 Intel Korean

Inexit_e.zip

InoculateIT 4.5x Intel English


2) Unzip the contents to a temporary directory

3) Stop the InocuLAN Exchange Server service from the control panel

4) Identify the Inoculan / InoculateIT home directory. This can be found at the following registry key for Inoculan HKLM\Software\Cheyenne\Inoculan\CurrentVersion\Path, Home value.

This can be found at the following registry key for InoculateIT HKLM\Software\ComputerAssociates\InoculateIT\CurrentVersion\Path, Home value.

5) Rename INOEXCHSV.EXE in the Inoculan / InoculateIT home directory.

6) Copy the extracted file into the Inoculan home directory

7) Restart the InocuLAN Exchange Server service from the control panel


To download the updated virus signature file 4.21f that will detect and remove the Win95.ZippedFiles (a.k.a. Worm.ExploreZip) virus go to: http://support.cai.com/Download/virussig.html

For more detailed virus information and specialized removal instructions visit: http://www.cai.com/virusinfo/virusalert.htm

Additional information on viruses, worms and trojan horses can be found at:

Computer Associates Virus Information Center:
http://www.cai.com/virusinfo/

Carnegie Mellon Software Engineering Institute (CERT® Coordination Center):
http://www.cert.org/advisories/

 
For site comments, visit our Feedback page
(c) Copyright 1995-1999 Computer Associates International, Inc. All rights reserved.
All materials on this site subject to Legal Notice, including CA Trademarks