Etrust Antivirus Administrator Guide

eTrust Antivirus
Administrator Guide
r8.1
This documentation and any related computer software help programs (hereinafter referred to as the
“Documentation”) is for the end user’s informational purposes only and is subject to change or withdrawal by CA at
any time.
This Documentation may not be copied, transferred, reproduced, disclosed, modified or duplicated, in whole or in
part, without the prior written consent of CA. This Documentation is confidential and proprietary information of CA
and protected by the copyright laws of the United States and international treaties.
Notwithstanding the foregoing, licensed users may print a reasonable number of copies of the Documentation for
their own internal use, and may make one copy of the related software as reasonably required for back-up and
disaster recovery purposes, provided that all CA copyright notices and legends are affixed to each reproduced copy.
Only authorized employees, consultants, or agents of the user who are bound by the provisions of the license for
the product are permitted to have access to such copies.
The right to print copies of the Documentation and to make a copy of the related software is limited to the period
during which the applicable license for the product remains in full force and effect. Should the license terminate for
any reason, it shall be the user’s responsibility to certify in writing to CA that all copies and partial copies of the
Documentation have been returned to CA or destroyed.
EXCEPT AS OTHERWISE STATED IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT PERMITTED BY
APPLICABLE LAW, CA PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY KIND, INCLUDING
WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
OR NONINFRINGEMENT. IN NO EVENT WILL CA BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY
LOSS OR DAMAGE, DIRECT OR INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT
LIMITATION, LOST PROFITS, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA, EVEN IF CA IS EXPRESSLY
ADVISED OF SUCH LOSS OR DAMAGE.
The use of any product referenced in the Documentation is governed by the end user’s applicable license
agreement.
The manufacturer of this Documentation is CA.
Provided with “Restricted Rights.” Use, duplication or disclosure by the United States Government is subject to the
restrictions set forth in FAR Sections 12.212, 52.227-14, and 52.227-19(c)(1) - (2) and DFARS Section 252.227-
7014(b)(3), as applicable, or their successors.
All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Copyright © 2006 CA. All rights reserved.

CA Product References
This document references the following CA products:
CA™ OpenLDAP
eTrust® Access Control
eTrust® Agent for Cisco Network Admission Control (NAC)
eTrust® Antivirus
eTrust® Audit
eTrust® PestPatrol Anti-Spyware Corporate Edition (CE)
eTrust® Policy Compliance
eTrust® Security Command Center
eTrust® Vulnerability Manager
Unicenter® Network and Systems Management
Contact Technical Support

For online technical assistance and a complete list of locations, primary service
hours, and telephone numbers, contact Technical Support at
http://ca.com/support.
Contents
Chapter 1: Using the Threat Management Console 9

Open the Console from a Browser ............................................................. 10
Open the Console from the ITM Server Machine ................................................ 11
Navigating the Console ....................................................................... 11
Accessing CA Security Advisor ................................................................. 12
Getting Help ................................................................................. 13
Chapter 2: Understanding the Dashboard 15

Using the Dashboard Tab ..................................................................... 15
Top 10 Detections ............................................................................ 15
Product Information .......................................................................... 16
License Information ........................................................................... 16
Restarting the ITM Server ..................................................................... 16
Chapter 3: Working With the Organization Tree 17

Organization Tree ............................................................................ 17
Managing Branches ....................................................................... 17
Adding a Computer to a Branch ............................................................ 18
Using the Organization Tab .................................................................... 18
Creating Branches ........................................................................ 19
Viewing Client Information ................................................................ 20
Working with Branch Properties ............................................................ 20
Using Policy Proxy Servers ................................................................ 21
Chapter 4: Discovering Subnets 23

Using the Discovery Tab ...................................................................... 24
Specifying Subnet Information ................................................................ 25
Specifying Discovery Configuration ............................................................ 25
Viewing Discovered Computers ................................................................ 26
Locating a Computer on a Subnet.............................................................. 26
Adding a Computer to a Branch................................................................ 26
Modifying Subnets ............................................................................ 26
Deleting Subnets ............................................................................. 27
Contents v
Chapter 5: Managing Policies 29
Policy Enforcement ........................................................................... 29
Policy Locking ................................................................................ 30
Policy Precedence............................................................................. 30
eTrust Antivirus Policy Types .................................................................. 31
Realtime Policy ........................................................................... 32
Scheduled Jobs Policy ..................................................................... 34
Legacy Signature Distribution Policy........................................................ 36
Send for Analysis Policy ................................................................... 37
Email Policies ............................................................................. 38
Common Policy Types ......................................................................... 41
Alert Subtabs ............................................................................. 42
Phone Home Policy........................................................................ 43
Content Update Policy ..................................................................... 44
Using the Policy Management Tab ............................................................. 45
Creating Policies .......................................................................... 46
Assigning Policies ......................................................................... 46
Viewing Assigned Policies .................................................................. 46
Viewing Scheduled Job Policy Logs ......................................................... 47
Chapter 6: Working with Clients 49

Managing Individual Computers ............................................................... 49
Using the Clients Tab ......................................................................... 50
Assigning a Computer to a Branch ......................................................... 50
Assigning Policies to a Computer ........................................................... 50
Managing Services ........................................................................ 51
Viewing Logs ............................................................................. 52
Purging Logs ............................................................................. 54
Chapter 7: Managing User Access 55

Controlling Access to the Threat Management Console .......................................... 55
User Access to the Threat Management Console ................................................ 56
Granting Administrator Rights at Installation Time .......................................... 57
Guest Accounts ........................................................................... 57
Types of Access .............................................................................. 58
User Rights Characteristics ................................................................ 59
Access Example for Different Accounts ..................................................... 59
Using the User Management Tab .............................................................. 60
vi Administrator Guide
Chapter 8: Generating and Viewing Reports 61
Reports ...................................................................................... 61
Discovery Statistics Reports ............................................................... 62
Managed Machine Reports ................................................................. 63
Scheduled Job Reports .................................................................... 64
Top 10 Reports ........................................................................... 64
Mail Option Reports ....................................................................... 65
Categorized Reports .......................................................................... 66
Generate Reports ............................................................................. 67
Using the Reports Tab ........................................................................ 68
Chapter 9: Managing Licenses 69

Using the Licensing Tab ....................................................................... 70
Checking Product Usage ...................................................................... 71
Chapter 10: Using the Alert Manager 73

Alert Manager ................................................................................ 74
Running the Alert Manager .................................................................... 74
Local Alert Manager for Linux, Solaris, and Mac OS X Systems ................................... 75
Sending Alerts to Unicenter and eTrust Security Command Center ............................... 76
Appendix A: Using the Command Line Scanner Inocmd32 77

Scanner Options for Inocmd32 ................................................................ 78
Appendix B: Integrating with Unicenter NSM 83

Preparing for Unicenter NSM Integration ....................................................... 83
Using TRIX to Import to the Repository..................................................... 84
Using InoUpTNG to Populate the View ...................................................... 84
Managing Antivirus Options in WorldView ...................................................... 85
Integrating with WorldView ................................................................ 86
Remote Scan View ............................................................................ 87
Appendix C: Managing NetApp 89

Managing the Scanner ........................................................................ 89
Add Another Filer to a Scanner ............................................................ 90
View Scanner Statistics.................................................................... 92
Managing Custom Move and Copy Directories ............................................... 92
View the Virus Detection Log .............................................................. 94
Contents vii
Manage the Scanner Remotely ............................................................. 94
Managing the Filer ............................................................................ 94
Enable and Disable Virus Scanning ......................................................... 94
Specify File Extensions to Scan Using vscan ................................................ 95
Specifying Shares to Scan Using CIFS ...................................................... 96
Appendix D: Using the ETRUSTAV Console Program on Netware 99

Using the ETRUSTAV Menu .................................................................... 99
Main Menu Options....................................................................... 100
Configure Realtime....................................................................... 101
Configure Local Scanner .................................................................. 107
Advanced Options........................................................................ 112
Appendix E: Messages and Codes 115

Messages ................................................................................... 115
Appendix F: Acknowledgements 119

Apache Tomcat .............................................................................. 120
CURL ....................................................................................... 122
gSOAP ...................................................................................... 123
IBM Developer Kit for Linux .................................................................. 135
ICU ......................................................................................... 154
Jakarta ..................................................................................... 155
Open SSL ................................................................................... 157
PCRE ....................................................................................... 161
Struts....................................................................................... 163
Sun JDK .................................................................................... 165
Third Party Licenses Related to JDK ....................................................... 173
Sun JRE 1.5 ................................................................................. 178
Sun JRE ..................................................................................... 182
XERCES ..................................................................................... 183
XMLSEC ..................................................................................... 188
zlib ......................................................................................... 192
Index 193
viii Administrator Guide

Chapter 1: Using the Threat
Management Console
The Threat Management Console lets you remotely manage computers running
the eTrust ITM Agent on your network from a central location. With its web-
based interface you can open the console from any computer, or on the
computer hosting the ITM Server. As an authorized administrator, you can use
the console to:
Discover computers running the eTrust ITM Agent
Create, enforce, and distribute threat management policies
Download and distribute product and signature updates
Configure distribution proxies to increase network efficiency
Grant other users permissions to use the console
View logs of remote computers and scheduled scan jobs
Generate, schedule and view reports
Manage licensing
For information on web browser and console settings, see Chapter 3,

"Configuring the ITM Server," in the eTrust Antivirus Implementation Guide.
This section contains the following topics:

Open the Console from a Browser (see page 10)
Open the Console from the ITM Server Machine (see page 11)
Navigating the Console (see page 11)
Accessing CA Security Advisor (see page 12)
Getting Help (see page 13)
Using the Threat Management Console 9

Open the Console from a Browser
Open the Console from a Browser

You can open the Threat Management Console on the computer hosting the
ITM Server or from a remote computer using a web browser. This procedure
describes how to use a web browser to open the Threat Management Console.
To open the Threat Management Console using a web browser
1. Open a web browser.
2. Enter the following URL in the address bar, and click Go:
https://[servername]:6688/AdminGUI/
The server name is the name or the IP address of the computer hosting
the ITM Server. To use an unencrypted HTTP connection, use port 6689
instead. We do not recommend this method.
Note: The first time you open the Threat Management Console, you may
see a Security Alert Dialog. Click View Certificate, then click Install
Certificate and follow the wizard to avoid seeing this dialog in the future.
The Login dialog appears.
3. Enter your user name and password. If a domain is required to log in,
enter the domain name, a back-slash (\), and then the user name.
4. Click Log in.
Note: If the login attempt fails and returns a Windows error code, use the
net helpmsg error_code command to display information about the login
failure.
The Threat Management Console appears and displays the Dashboard tab.
10 Administrator Guide
Open the Console from the ITM Server Machine
Open the Console from the ITM Server Machine

You can open the Threat Management Console on the computer hosting the
ITM Server or from a remote computer using a web browser. This procedure
explains how to open the console while logged into the computer hosting the
ITM Server.
To open the console from machine hosting the ITM Server
1. From the computer hosting the ITM Server:
(Windows) Click Start, Programs, CA, eTrust, eTrustITM, Console.
(Mac OS X) Choose /Applications/CA/eTrustITM, and then double click

eTrust ITM Console.
(Linux, Solaris) Follow the procedure for opening the console using a web
browser.
Note: The first time you open the Threat Management Console, you may
see a Security Alert Dialog. Click View Certificate, then click Install
Certificate and follow the wizard to avoid seeing this dialog in the future.
The Login dialog appears.
2. Enter your user name and password. If a domain is required to log in,
enter the domain name, a back-slash (\), and then the user name.
3. Click Log in.
Note: If the login attempt fails and returns a Windows error code, use the
net helpmsg error_code command to display information about the login
failure.
The Threat Management Console appears and displays the Dashboard tab.
Navigating the Console

The following table describes the purpose of each major tab in the Threat
Management Console:
Tab Features and Options
Dashboard Provides at-a-glance product status, license

information, and Top 10 detections network-wide. From
here, you can also manage the ITM Server.
Discovery Lets you discover computers running eTrust Threat

Management products on your network.
Policy Management Provides access to all options and settings for creating,
managing, and assigning threat management policies.

Accessing CA Security Advisor
Tab Features and Options
Organization Lets you organize computers into logical containers, or

branches, in an Organization tree. You can then assign
policies to the various branches of the tree.
Client Provides access to properties, policies, and logs for a

specific client computer. You can assign, modify, and
remove policies; modify branch assignments, start or
stop client services, and view and manage client logs.
User Management Lets you grant users access to the Threat Management
Console and assign the permissions.
Report Displays a wide variety of reports and graphs for eTrust

Threat Management products. Lets you schedule how
frequently reports are generated.
Licensing Provides detailed license information for your network,

and allows you to enter license key and registration
information.
Accessing CA Security Advisor

Clicking the Security Advisor link at the top of the console displays the CA
Security Advisor website. This website provides up to the minute information
on current and emerging security threats and is maintained by a network of
CA rapid response centers from around the world. It delivers:
The most comprehensive validated spyware, virus and vulnerability
database in the industry
Clean-up utilities, detection signature files, and remediation instructions
Documentation on implementing complete threat protection and Security
Management Solutions
Check this website frequently to find out about new and emerging threats.
Getting Help
Getting Help
Click the help button at any time to get complete descriptions of the options
for the currently active tab or subtab. All help topics contain links to related
information that will assist you in performing tasks on a tab or subtab.
The help button, displayed below, is located in the upper right corner of the
console:

Chapter 2: Understanding the
Dashboard
Using the Dashboard Tab (see page 15)

Top 10 Detections (see page 15)
Product Information (see page 16)
License Information (see page 16)
Restarting the ITM Server (see page 16)
Using the Dashboard Tab

The Dashboard tab provides quick access to important information about your
eTrust Threat Management products. You can view the following information
from the dashboard:
Over-all health of your network via the Top 10 detection list
Current license status
Note: You can view detailed license information on the Licensing tab.
Product and ITM Server information
View eTrust Threat Management products administrator contact
information
In addition you can use the dashboard to perform the following tasks:
Restart the ITM Server
Edit eTrust Threat Management products administrator contact information
Top 10 Detections
The ITM Server collects and collates the logs of computers that are running the
eTrust ITM Agent and displays the Top 10 detection information on the
Dashboard tab. This provides a quick review of the most common detections
on your network. For detailed information on these detections, and other
detailed reports, use the Reports tab.
You must configure Alert Forwarding from the client machines to the ITM
Server to populate the Top 10 lists. For step-by-step instructions, see
"Populate the Top 10 Lists" in the Threat Management Console online help.
Understanding the Dashboard 15

Product Information
Product Information
The Product Information area displays the operating system version of the
system hosting the ITM Server, the eTrust Threat Management products
version information, the date and time of the last discovery, and the date and
time the ITM Server started running.
You can restart the ITM Server at any time by clicking the Restart button.
License Information
The License Information area shows the current state of licensing. Click the
Licensing tab for more information.
Restarting the ITM Server

The ITM Server tracks all instances of eTrust Threat Management products
running on your network. You can view the status of the ITM Server in the
Product Information area, which displays the date and time the server was last
started.
To restart the ITM Server, click the Dashboard tab, then click the Restart
button located in the Product Information area.
Chapter 3: Working With the
Organization Tree
Organization Tree (see page 17)

Using the Organization Tab (see page 18)
Organization Tree
The Organization tree is a hierarchical representation of your network. You use
the tree to apply policies to groups of computers that require the same
protection settings.
Using the Organization tab, you create an Organization tree with containers,
called branches. These branches are typically organized to mirror the physical
locations of computers on your network. The organization of the tree is
completely flexible and is often organized to segment computers into
categories by department, function, type of user, or any other arrangement
that suits your business needs.
After creating your Organization tree, you then create and assign policies to
the tree and its branches. If a policy is placed at the top of the tree, then all of
the computers inherit the policy. As policies are placed on various branches of
the tree, only the machines within that branch inherit those policies.
Note: A computer can only be a member of one branch at a time.
Managing Branches
The features of the Organization tab provide you with complete flexibility in
managing the branches and sub-branches of your Organization tree. From this
tab you can view a list of computers in each branch, create new branches,
rename branches, and delete branches. In addition, you can assign and
remove policies from specific branches, view a list of users that have
permissions to manage a branch, and assign policy proxy computers to a
branch. A policy proxy computer shares the load of distributing policies to the
computers in a branch or sub-branch, so that policy can be rapidly distributed
throughout the network, and the ITM Server is not responsible for the delivery
of policy to each individual computer.
Working With the Organization Tree 17

Using the Organization Tab
Adding a Computer to a Branch
Use the Organization Details subtab, located at the bottom of the Discovery
tab, to add a computer to a branch in your Organization tree. Once you click
the Assign button you will be prompted to enter a username and password.
The username and password you enter must have operating system
administrative privileges on the client computer that you want to add to the
branch.
Note: You can also use the Client tab to add a computer to a branch. For more
information, see Working with Clients (see page 49).

Use the Organization tab to perform the following tasks:
Create branches and sub-branches
View the computers contained in a branch
View, assign and remove policies and scheduled jobs to or from branches
and sub-branches
View the users who have permissions for managing a branch or sub-
branch
Configure policy proxy servers and assign them to branches
The Organization tab provides the Clients and Properties subtabs, which you
use to perform these tasks.
Creating Branches
Use the Add button on the Organization tab to create the branches and sub-
branches you will use to organize the computers on your network into logical
groupings for policy management purposes. Your organization tree can contain
as many branches and sub-branches as necessary. Once defined, you can
easily add computers to each branch and sub-branch.
The following example Organization tree has a branch called Accounting.

Under that branch, there are sub-branches of every office that has an
accounting department, such as Office A, Office B, and Office C. Under each
sub-branch representing an office, you could then arrange the computers from
each of the accounting departments.
You can also use this tab to rename a branch by clicking Edit, refresh the
Organization tree by clicking Refresh, and delete branches or sub-branches by
clicking Delete.

Viewing Client Information
Using the Client subtab you can view a list of computers that reside in the
selected branch. The subtab displays the following information for each
computer:
Name of client computer
Version of the eTrust Antivirus application and engine
Version of signature files
The subtab provides at-a-glance information for each computer. However, for
detailed information you can click the computer name and view the detailed
information that appears in the pop-up dialog for that computer.
Note: To perform management tasks on a particular computer, you can use

the Client tab. For more information, see Working with Clients (see page 49).
Working with Branch Properties
The Properties tab lets you assign or remove policies and schedule scan jobs,
view the Threat Management Console users that are permitted to manage the
branch, and add or remove policy proxy servers. With a branch of the
Organization tree selected, you can perform any of these tasks by selecting
the appropriate item from the drop-down list. Detailed procedures for
performing these tasks are provided in the Threat Management Console online
help.
Note: If you have multiple ITM Servers on your network, the Organization tree
under each ITM Server must be managed separately. To preserve policy
management integrity, you cannot apply a policy from one ITM Server to a
computer that is managed by another ITM Server.
Using Policy Proxy Servers
From the Properties subtab you can designate one or more policy proxy
servers. The policy proxy server improves network efficiency by sharing the
workload of policy distribution with the ITM Server.
When the ITM Server distributes policies, it goes down the list of computers in
the Organization tree. When it finds a policy proxy server it enlists the help of
that computer to distribute policies. Since the proxy distributes the policies to
the other computers in its branch, the ITM Server can skip the rest of the
computers in that branch and find the next proxy server. It then passes the
policies to that proxy, and so on through the network.
For example, if a branch has ten computers, and one computer is designated
as the proxy server, the ITM Server sends the information once—to that one
proxy server. The proxy then passes the information to the nine remaining
computers in its branch. This minimizes the number of times that the ITM
Server has to send the commands, thereby improving the performance of the
ITM Server and the network in general, and reducing the amount of time
necessary to distribute policies throughout the network.
Note: The role of the policy proxy server is distinct from the role of the
signature redistribution server. The policy proxy server is used to distribute
policy settings throughout the network. The signature redistribution server
makes the signature update files available to other computers. Further, the
policy proxy server should not be confused with an Internet proxy server.
To assign a proxy server from the Properties subtab, select Proxy from the
drop-down list and complete the Please Select Proxy dialog.
Using Proxy Servers in Sub-Branches
The policy proxy server distributes updates on behalf of the ITM Server to the
computers in its branch and any subordinate sub-branches. However, if the
sub-branch contains its own policy proxy server, the first proxy server detects
this and enlists the help of the subordinate proxy server to distribute updates
to computers in its sub-branch and any other subordinate sub-branches.
Proxy Override Option
The override option specifies what should happen if a policy proxy server for a
given branch is currently unavailable and there are policies that must be
distributed. By setting the override option, the proxy server located above the
disabled proxy in the Organization tree assumes the responsibility of
distributing the updates to the computers ordinarily served by the proxy that
is unavailable. If you do not specify this option and the policy proxy server is
unavailable, the policy updates are not distributed to the computers normally
served by that proxy server, until it becomes available again.

Proxy Server Considerations
When determining if a computer should be a policy proxy server, consider the

following items:
You can designate any number of computers as proxy servers.
You can designate any computer in a branch or sub-branch as a proxy
server, except for computers running Windows 95 or Windows 98.
Chapter 4: Discovering Subnets
Using the Discovery Tab (see page 24)

Specifying Subnet Information (see page 25)
Specifying Discovery Configuration (see page 25)
Viewing Discovered Computers (see page 26)
Locating a Computer on a Subnet (see page 26)
Adding a Computer to a Branch (see page 26)
Modifying Subnets (see page 26)
Deleting Subnets (see page 27)
Discovering Subnets 23
Using the Discovery Tab
Using the Discovery Tab

Use the Discovery tab to perform the following subnet management tasks:
Add (discover) a new subnet. The discovery process queries the subnet for
clients running eTrust ITM Agent.
Modify the configuration options of an existing subnet
Delete one or more subnets
Perform an immediate refresh of a subnet using the Discover Now option
View product and organizational information for each computer on a
subnet
When you first click the Discovery tab, no subnets are listed in the Networks
area, unless you are using the Threat Management Console on the computer
that hosts the ITM Server. If so, the subnet of the ITM Server is automatically
displayed.
The Discovery tab provides several subtabs and buttons for performing subnet
management tasks. For example, the Subnet Information and Discovery
Configuration subtabs let you specify new subnets and modify the options of
previously discovered subnets.
Once a subnet is discovered, the product-specific and organization subtabs,

located at the bottom of the page, are populated with information about the
discovered client computers. Once populated, you can use the Organization
subtab to add or remove a computer to or from a branch in your Organization
tree.
Note: You do not need special access permissions, such as an operating

system account, to discover a subnet. However, to place a discovered
computer into a branch in the Organization tree, you must have operating
system administrative authority over that computer.
Specifying Subnet Information
Specifying Subnet Information

Use the Subnet Information subtab to specify a subnet you want to discover.
This tab allows you to enter a descriptive name for the subnet. If you do not
enter a name, the default description is the IP address followed by the port
number used for discovery. You then specify an IP address of a computer on
the subnet, and the subnet mask.
The IP address that you specify depends on the type of discovery, or polling
method you specify on the Discovery Configuration subtab. If you choose the
Free Election or Sweep Poll method, you can enter the IP address of any
computer on the subnet. If you choose the Biased Election or Specified
Election method, you must specify the IP address of the computer that you
want to respond to the ITM Server. The computer must be running an eTrust
Threat Management product.
You may choose to verify the IP address using the Test button. You may also
choose to change the default Organization for the discovered computers, by
specifying a new organization in the Organization area of the subtab.
Note: If another ITM Server has already discovered the specified subnet, the
IP Address of the conflicting ITM Server is displayed. You should contact the
administrator of this ITM Server to avoid the possibility of conflicting policies
for this subnet.
Note: You can create multiple instances of a subnet.
Specifying Discovery Configuration

Use the Discovery Configuration subtab to configure the policy settings for the
subnet, the frequency the discovery is repeated, and the polling method used
to perform the discovery.
Once you have discovered a subnet, you do not need to specify these options
again. The Repeat Every option automatically retrieves your subnet definition
information and uses it to re-discover the subnet and refresh client
information.
Viewing Discovered Computers
Viewing Discovered Computers

After the computers are discovered, select the instance of the subnet in the
Networks group on the Discovery tab. The list of discovered computers
appears on the product-specific and organization subtabs, located at the
bottom of the page. These tabs display detailed information about the eTrust
Antivirus running on the computer. You can use the Organization Details tab to
assign a computer to branch in your Organization tree.
Locating a Computer on a Subnet

Once you have discovered one or more subnets, you can quickly locate a
computer on any of the discovered subnets. In the Networks area of the
Discovery tab, enter the computer name in the textbox and click the Find node
in subnets button. When the computer is found, the Antivirus Details,
PestPatrol Details, and Organization Details subtabs, located at the bottom of
the page, display detailed information about the computer.
Adding a Computer to a Branch

Use the Organization Details subtab, located at the bottom of the Discovery
tab, to add a computer to a branch in your Organization tree. Once you click
the Assign button you will be prompted to enter a username and password.
The username and password you enter must have operating system
administrative privileges on the client computer that you want to add to the
branch.
Note: You can also use the Client tab to add a computer to a branch. For more
information, see Working with Clients (see page 49).
Modifying Subnets
The Discovery tab allows you modify a single subnet, or a modify all
discovered subnets. To modify a single subnet, you select the subnet in the
Networks area. When you select the subnet, the specified options for that
subnet appear in the subtabs to the right. Edit the options as needed, and click
the Apply button to save the modifications. To modify all previously discovered
subnets, click Edit All, modify the options as needed, and click the Apply
button to save the modifications.
Deleting Subnets
Deleting Subnets
You can also use the Delete and Delete All buttons on the Discovery tab to
delete a single subnet or to delete all subnets. The Threat Management
Console prompts you to verify the deletion. Use these buttons carefully, as you
cannot undo the deletion of a subnet. If you accidentally delete a subnet, you
must re-enter the subnet definition and configuration information to discover
the subnet again.
Chapter 5: Managing Policies
Policy Enforcement (see page 29)

Policy Locking (see page 30)
Policy Precedence (see page 30)
eTrust Antivirus Policy Types (see page 31)
Common Policy Types (see page 41)
Using the Policy Management Tab (see page 45)
Policy Enforcement
A policy contains the settings that you want to apply to multiple computers to
safeguard them against malicious programs or code. As an authorized
administrator, you can create and enforce policy settings and assign them to
branches in your Organization tree to ensure that all computers are equally
protected.
Policies that you apply to a branch always take precedence over settings that
an end user may have applied to his or her computer locally. If a user changes
an assigned policy setting, the ITM Server detects the change and
automatically returns the settings to those defined by the administrator,
thereby enforcing the policy.
When the ITM Server discovers a new subnet, or refreshes its database of
existing subnets, it receives information on all policies for each client, along
with the product version, signature information, and operating system
information, such as the computer name, IP address, OS version and MAC
address. The ITM Server updates its database and examines the information.
If it finds that a policy setting on the client computer does not match the
policy setting assigned to the branch the computer resides in, it flags the
discrepancy and resets the policy.
Note: You can prevent end-users from changing policy settings on their local
computers by locking the policy. The following section describes policy locking.
Managing Policies 29
Policy Locking
Policy Locking
When you create or modify a policy, you can choose the Lock Settings option
on the Policy subtab. This setting prevents end users from changing policy
settings on their local computers. During the discovery process, the ITM
Server pushes the locked policy to the computers that reside in within the
branch.
If you do not use the Lock Settings option, the ITM Server will continue to
distribute policies to the computers in the branch where the policy is assigned;
however, the end user can change those policy settings on their local
computer. Should the end user changes the settings, the ITM Server will
automatically reset the policy settings during the next subnet discovery or
refresh; however, there will be period of time when the client computer's
policies are not the same as those defined for it in the Threat Management
database.
Note: The ITM Server refreshes its database based on the interval that you
specify in the Repeat Every option on the Discovery Configuration subtab.
Policy Precedence
A policy's precedence can be either inherited or specified.
Inherited
An inherited policy is one that is inherited from a higher level branch in

your Organization tree. For example, if you apply a policy to a particular
branch, that policy applies to all sub-branches and client computers that
reside beneath that branch of the tree. The sub-branches and client
computers inherit the policy from the higher-level branch.
Specified
A specified policy is one that is applied to a specified branch, sub-branch

or computer. This type of policy overrides the inherited policy from the
branch above it.
When the ITM Server performs a discovery, it looks at the lowest level branch
in your Organization tree (a branch that does not have another branch
beneath it). It then checks the policies that are applied to that branch. If a
policy is applied to the branch, it is kept, and not changed by a policy that
would otherwise be inherited from the branch above it. The discovery process
then continues up the Organization tree to the next branch level. If no policy is
applied at the next branch level, the ITM Server uses the policy applied at the
branch level above, and so on.
eTrust Antivirus Policy Types

Use the Policy Management tab to create and manage the following eTrust
Antivirus policies:
Realtime
Scans a file before they it is accessed to ensure the file is not infected.
Scheduled Jobs
Determines when and how scheduled scans occur.
Legacy Signature Distribution
Enables the distribution of content updates to prior versions of eTrust

Antivirus using a r8 ITM Server or redistribution server.
Send for Analysis
Specifies detailed contact information that is included whenever you

submit a virus to CA for further analysis.
Lotus Notes Email Policies
Manages eTrust Antivirus policies on your Lotus Notes e-mail server.
Note: Email polices are only for computers running Windows.
MS Exchange Email Policies
Manages eTrust Antivirus policies on your Microsoft Exchange e-mail

server.
Note: Email polices are only for computers running Windows.
The following sections contain additional information for each policy type. For
policy procedures, see the Threat Management Console online help.
Realtime Policy
Realtime Protection automatically scans a file each time you access, execute,
or modify it. You can specify when the scan occurs on the file as follows.
Outgoing files only
Scans a file when it is opened, or executed. For example, when you

double-click a file to open it.
Outgoing and incoming files
Scans outgoing files and files that you close and store on your computer.
For example, an incoming file might be one that you copy from another
computer or save from an e-mail attachment. Since the scan is performed
after the file is written to disk, the incoming scan is a queued process and
will not prevent a malicious file from being saved to disk, but will
report/cure the infection after the fact.
Note: Archived files are only scanned as incoming files. For example, if
you use Winzip to open an archived file, the contents of the zip file will not
be scanned. However, if you create a new archive file or save an archive
file on your computer, Realtime Protection scans the contents of the
archive.
If a malicious file is located on your disk, it is harmless until you execute or

run the file. Therefore, you can ensure the safety of your computer by
monitoring outgoing files and enabling a Cure option. This prevents the file
from being run or executed, and has a low performance impact, as archived
files are not scanned.
If an infection is found on your computer, and the infection treatment action is

unsuccessful, you are denied access to the file, which prevents the infection
from being spread.
Additional Realtime settings include:

Monitor for known and unknown viruses
Specify how thorough the scan should be
Manage any infected files
Block access to certain groups of files (based on file extension) or all files
(Windows only) Quarantine and suspend access by users who attempt to
copy infected files to a server
(Windows and Mac OS X only) Display a window when an infection is found
with the name of the infected file and the name of the infection.
We recommend performing a scheduled scan job periodically to ensure the

sanity of the entire file system to supplement Realtime Protection.
On NetWare systems, if an infection is found, a message is displayed on either

the Console Screen or the Logger Screen, depending on the version of
Netware. If the infected file was accessed from a client computer, a window is
displayed on that client with the name of the infected file and the name of the
infection.
Note: Remember, the settings you choose for the Realtime Monitor settings
apply only to the realtime scan.
Realtime Policy Subtabs
You create Realtime policies by selecting Realtime from the Type drop-down
list on the Policy Management tab. When you select this option, several
subtabs appear on the right side of the Policy Management page. The following
subtabs allow you to specify the scan options for this policy:
Policy
Specifies a descriptive name for the policy and lets you lock the policy.
Scan
Lets you specify the scanning options for Realtime Protection, such as the
scanning direction, the thoroughness of the scan, and the action to
perform if an infection is detected.
Selection
Lets you specify the scanning engine to use during the scan, the file
extensions to scan, and whether to scan compressed files.
Filters
Lets you specify the processes and directories to exclude from scanning
and block all access to specified files.
Advanced
Manages settings for protected areas and advanced protection options for
different types of drive devices. For example, on Windows systems, you
can specify protected drive types for monitoring, while on Linux and
Solaris, these options would not be applicable, as all drive types are
always protected.
Quarantine
Available on Windows systems only. Suspends users from accessing a

server if they attempt to copy an infected file to the server, thereby
isolating the user and preventing the spread of the infection.
For complete option descriptions for each of these tabs, see the Threat
Management Console online help.
Scheduled Jobs Policy
You can create Scheduled Jobs policies to perform regularly scheduled

scanning on multiple computers. You should perform scheduled scans on a
regular basis, typically during off-peak usage times. The use of scheduled
scans is especially encouraged for those users with defined exclusions in the
Realtime policy.
Note: A Scheduled Jobs policy cannot scan mapped drives.
When setting schedule scan options, the CPU utilization correlates to CPU
resource availability. For example, you might select Low for scans scheduled to
take place during normal work hours when CPU resources are likely required
for other work related tasks and should not be consumed by scanning
activities. For scans scheduled during evenings and weekends, when resource
requirements are normally lower, the Normal or High CPU setting would be
more appropriate. This option applies to Windows only.
Note: The same options are available in the eTrust Threat Management Agent
interface.
Scheduled Jobs Subtabs
You create Scheduled Job policies by selecting Scheduled Jobs from the Type
drop-down list on the Policy Management tab. When you select this option,
several subtabs appear on the right side of the Policy Management page. The
following subtabs allow you to specify the scan options for this policy:
Policy
Specifies a descriptive name for the policy.
Scan
Lets you specify the scanning options for the scheduled scan, such as the
scanning direction, the thoroughness of the scan, and the action to
perform on detected infections.
Selection
Lets you specify the file extensions to scan, and whether to scan
compressed files or files migrated to external storage.
Schedule
Specify the time, date, and interval for the scan. On Windows systems,
lets you specify the CPU usage level.
Directories
Lets you specify directories to scan.
Exclude Directories
Lets you specify directories to exclude from the scheduled scan.
Logs
Lets you view the summary information and detailed logs for scheduled
scans.
Legacy Signature Distribution Policy
Create Legacy Signature Distribution policies to distribute product and

signature updates to computers running legacy versions of CA antivirus
software. The supported Legacy version is r7.1.501.
You can choose to download update signatures immediately, on a specific day,

or on a regularly repeated basis. In addition, you can specify the download
source and configure redistribution servers. A redistribution server makes the
signature updates available to other legacy computers.
The Legacy Signature Distribution policy provides the following subtabs:
Policy
Schedule
Enable scheduled updates and specifies the date, time, and frequency of
the updates. Also lets you start an immediate download of updates.
Incoming
Lets you perform incremental updates, when appropriate, and add,

modify, or delete download sources.
Outgoing
Specifies a computer as a Redistribution Server and manages the

signatures to download for redistribution.
Send for Analysis Policy
The Send for Analysis policy enables you to specify detailed contact
information to be included with the information sent from your company
whenever a virus is submitted to CA for further analysis. After you create a
Send for Analysis policy, you may want to place it on the Organization tree
root folder, as it is typically the same for all computers.
You may also choose to change the default location for submitting an infected
file to specify an internal address in your organization. For example, multiple
infections of the same type can strike a large organization. By sending every
problem file to an internal administrator, you can monitor the occurrence of
infections and if you have already received a solution from CA, there may be
no need to pass the infected file any further.
Note: This policy type does not apply to NetWare.
The Send for Analysis policy provides the following subtabs:
Policy
Virus Analysis Contact Information
Specified your company's contact information.
Email Policies
Email policies specify how eTrust Antivirus protects your Lotus Notes or
Microsoft Exchange email server. These policies apply to Windows only.
The Notes Option integrates with eTrust Antivirus to scan for infections in
documents and email file attachments. Infected Lotus Notes attachments can
be automatically detected. This option also notifies the users through the host
messaging system whenever an infection is found.
Before you install the Notes Option, review the Readme file to verify that you
have the required software and hardware. You must also ensure that your
Lotus Notes Domino account has its user rights configured properly.
The Exchange Option integrates with eTrust Antivirus to scan for infections in
documents attached to email messages and folders. Use this option, to
automatically cure infected Microsoft Exchange attachments. The Exchange
Option scans all mail passing through the server.
The Exchange Option runs on the server where the Microsoft Exchange Server
resides. It can detect, cure, or block infected email attachments and prevent
them from spreading throughout your enterprise.
Before you install the Exchange Option, review the Readme file to verify that
you have the required software and hardware. You must also ensure that your
Microsoft Exchange account has its user rights configured properly and meet
the Exchange Full Administrator requirement.
Lotus Notes Email Policy Subtabs
You create Lotus Notes email policies by selecting Lotus Notes Email Policies
from the Type drop-down list on the Policy Management tab. When you select
this option, several subtabs appear on the right side of the Policy Management
page. The following subtabs allow you to specify the scan options for this
policy:
Policy
Scan
Lets you specify the scan engine, scanning direction, the thoroughness of
the scan, and the action to perform on detected infections.
Selection
Specifies files to include or exclude from scanning, and whether to scan

compressed files.
Notification
Lets you send an email notification when a detection occurs.
Microsoft Exchange Email Policy Subtabs
You create Microsoft Exchange email policies by selecting Microsoft Exchange

Email Policies from the Type drop-down list on the Policy Management tab.
When you select this option, several subtabs appear on the right side of the
Policy Management page. The following subtabs allow you to specify the scan
options for this policy:
Policy
Scan
Lets you specify the scan engine, scanning direction, the thoroughness of
the scan, and the action to perform on detected infections.
Selection
Specifies files to include or exclude from scanning, and whether to scan

compressed files.
Notification
Lets you send an email notification when a detection occurs.
Options
Specifies special scanning options and a timeout value for scanning your
Microsoft Exchange server.
Misc
Specifies log options, timeout value, and background scanning options.
Common Policy Types
Common Policy Types

Use the Policy Management tab to create and manage the following policies
that are common to eTrust Antivirus and eTrust PestPatrol:
Alert Forwarding
Creates customized alerts for multiple computers, reduces message traffic,

and minimizes the dissemination of notifications that are not critical.
Content Update
Specifies how and when you want to download program updates and
signature files.
Phone Home
Enables client computers to send their information to a specific ITM

Server, enabling that server to automatically update its database with
current information about the client.
The following sections contain additional information for each policy. For policy
procedures, see the Threat Management Console online help.
Common Policy Types
Alert Subtabs
The Alert Forwarding policy allows you to create customized Alerts for multiple
computers. Alert policies can help cut down on message traffic and minimize
the dissemination of notifications that are not critical. Alert policies may differ
for client computers and servers, depending on your organization's needs.
Note: Alert Forwarding is not available on Linux, Solaris, or Mac OS X. On

these platforms, alerts can be sent to a user-defined shell script for further
processing.
The Alert Forwarding policy provides the following subtabs:
Policy
Alert
Specifies where to send notification information and how frequently to

send it.
Alert Filter
Lets you manage notification severity levels, customize sets of notification

messages to be reported for different service components, and determine
the types of messages should be passed to the Alert Manager.
Common Policy Types
Phone Home Policy
The Phone Home feature enables a client computer to report information to a

specified ITM Server. It provides reverse discovery or "self-introduction"
functionality. This method of reverse discovery allows you to manage client
computers when the normal discovery process does not work for certain types
of machines, such as remote machines that cannot be discovered through the
Specified election option, and machines using a VPN.
You can configure a Phone Home policy from the Threat Management Console
or specify the settings in the installation control file, inoc6.icf. The Phone
Home settings tell the client which ITM Server to report into, as well as the
reporting frequency.
Each time the client phones home, the ITM Server identifies the client and
updates its database with the client information, such as the host name and
the polling and broadcasting port numbers. It also checks the client's policies
and licensing. If any policy settings have been changed on the client computer
so that they conflict with the policies defined on the ITM Server, the values are
automatically reset on the client computer.
To use this feature, you do not need to know in which subnet a client resides.
If the subnet for a client does not already exist on the server, upon phoning
home, it is automatically added.
The Phone Home Policy provides the following subtabs:
Policy
Schedule
Specifies when and how often a computer will phone home to a specified
ITM Server. You can set up the client computer to report to the server on a
regular basis.
Additional
Specifies communication settings.
Common Policy Types
Content Update Policy
The Threat Management Console lets you create a content update policy that
automatically downloads both product updates and signature files. The
download method for gathering the updates is HTTP.
Note: If your license expires you will be unable to download updated signature
files.
The Content Updates policy provides the following tabs:
Policy
Update Scheduler
Schedules the date, time, interval, and frequency updates occur.
Components
Lets you choose the product components and signatures you want to
update.
Download Settings
Specifies the source from which to collect the updates.
Redistribution Components
Enables a computer on your network to act as a redistribution server for

updates. This reduces network traffic by allowing other computers on your
network to collect their updates directly from the redistribution server and
can significantly reduce the amount of time that would otherwise be
required to update computers throughout the enterprise.
Note: Before a computer can act as a redistribution server, you must first
install the Redistribution Server option from the product media onto that
computer.
Legacy Components
Enables computers running legacy versions of eTrust Antivirus to collect

their updates from a redistribution server running eTrust Antivirus r8.
Redistribution Server
Specifies the port and delay time to use when making the components
available to other computers.
Using the Policy Management Tab
Using Download Updates Now on a Redistribution Server
When you invoke Download Now, each redistribution server must already have
the latest updates. In addition, the holding time must be set to a value that
makes the updates available in a timely manner.
You can organize machines that act as redistribution servers into a single
branch, which allows you to apply policies and settings to the redistribution
servers as a group. Using this approach, you can ensure that all redistribution
servers have the latest updates before client machines contact them for the
updates.
If your redistribution servers are not located in a single branch, we

recommend that you first issue the Download Updates Now command on the
redistribution server at the highest level in the Organization tree. Verify the
that the server has the latest content updates by checking http://[machine
name]:42511/updates. If the updates are available, then go to the next level
of redistribution servers in your Organization tree and repeat the same steps.
Repeat the procedure until you reach all client machines.

Use the Policy Management tab to perform the following tasks:
Create, modify, and delete policies
Assign or remove policies to or from a branch
The Policy Management tab provides the following subtabs:
Policy
Policy type subtabs
Specifies the policy settings for each type of policy. The subtabs displayed
change based on the type of policy you want to create.
Creating Policies
The policy options you specify from the Threat Management Console can be
applied to any computers in the branches of your Organization tree. In
addition, you can control whether the end user can change the options.
To access these policy options, select eTrust Antivirus from as the Application
drop-down list, and then the option you want from the Type drop-down list.
Subtabs appear on the right side of the tab for each policy type.
After you specify policy settings, the policy instance appears in the Policies list
area. When you select the policy instance, the settings for that policy appear
in the subtab on the right side of the tab. With the settings displayed, you
have the option to edit the settings.
For information about policy options, see the online help.
Assigning Policies
After you create a policy instance, you can apply the policy to a branch in the
Organization tree. To assign policy, select it from the Policies list area and click
Assign in the Assigned To area. In the Assign Branch dialog, select a branch
and click the right arrow. Repeat this process to assign the policy to more than
one branch. When all the branches appear in the right column of the Assign
branch dialog, click Assign Branches.
When you apply a policy to a branch, the policy applies to all the sub-branches
in that branch, and to all the computers in the branch.
Note: You can also assign policies using the Organization tab.
Viewing Assigned Policies
To see where a policy instance is applied, highlight the policy name in the
Policies list area. The branches to which this policy is applied will appear in the
Assign To area. You can remove a policy from a branch by selecting the branch
name in the Assigned To list, and clicking Remove.
If the policy is applied at the branch level, the branch name is listed. If the
policy is applied to a sub-branch, but not to the parent branch, the path of the
sub-branch is listed, in the form of branch/sub-branch.
Viewing Scheduled Job Policy Logs
When you select Scheduled Jobs from the policy type drop-down list, the Log
subtab appears in the lower portion of the Policy Management tab. Using this
subtab, you can view log result statistics for scheduled jobs.
For each scheduled job dispatch time, a log entry will be created for every
time the job ran. The log entry shows summary statistics on the number of
computers on which the job was run, along with success and error count
statistics. To get more detailed information for what transpired on a given
computer, click the log for each computer on which the job was run. Statistics
for scans on each computer include the total number of files scanned, the total
number of infections found, and the number of files cured.
Chapter 6: Working with Clients
Managing Individual Computers (see page 49)

Using the Clients Tab (see page 50)
Managing Individual Computers

In many large enterprises there may be a need for a specific computer to
require a special set of policies that are different from the policies used to
manage other computers. Using the Client tab you can specify the special
policies that should be applied to an individual computer. Policies applied to a
specific computer using this method temporarily override any policies that you
apply to the branch in which the computer resides. However, the next time the
ITM Server discovers the computer, it will reset the policies back to those
applied to the parent branch.
If you have the need to define a permanent, special policy for a given
computer (one that the ITM Server will not reset), you can use the following
process to maintain policy control over that computer:
Create a special branch or sub-branch in the Organization
Place the computer(s) into the branch or sub-branch
Create the special policy
Assign the policy to the branch or sub-branch
The Client tab also lets you view the properties and logs for a specific
computer, and allows you to start, restart, or stop services.
Working with Clients 49

Using the Clients Tab

Use the Clients tab to perform the following tasks on a specific computer:
View client properties
Assign a computer to a branch
View scanning, distribution, and general events logs
View, assign, and modify policies
Start, restart, and stop eTrust Antivirus services
Purge logs
The Client tab provides the following tabs:
Properties
Lets you view information about a specific computer, assign policies to the
computer, and start, stop, or restart services.
Logs
Lets you view the logs of a specific computer.
Assigning a Computer to a Branch
You can use the Client tab to assign a computer to a branch by clicking Assign,
which is located on the Properties subtab. When you click Assign, the
Organization dialog appears and allows you to drill down to the branch or sub-
branch of the tree where you want to add the computer.
Assigning Policies to a Computer
Use the Properties subtab to apply policies to a specific computer. With the
computer displayed on the Properties subtab, click the Assign button for the
policy type you want to assign. A dialog appears listing all of the current
policies for that type. You can select a policy from the list and click OK. For
more information, see Managing Individual Computers (see page 49).
Managing Services
The Services Control area on the Properties subtab provides a convenient way
to access the eTrust ITM services running on the client computer. It is similar
to the Windows NT Services feature and can be used for managing background
processes on the Windows 9x operating system or for managing daemons
under Linux, Solaris, and Mac OS X.
After finding a computer on the Client tab, click the Properties subtab to view,
start, and stop services.
The following services can be managed from the Services Control area:
eTrust ITM Job Service
Schedules background tasks such as scan jobs and content update

downloads. On Windows, this agent is InoTask.exe.
eTrust ITM Realtime Service
Provides realtime, on-access scanning. On Windows, this agent is

InoRT.exe.
eTrust iGateway Service
Provides the host service for the eTrust Threat Management Agent.
eTrust ITM RPC Service
Listens for the administrative server's discovery and policy requests. On

Windows, this agent is InoRPC.exe.
eTrust ITM Server Service
Discovers clients and enforces policy throughout the network.
Note: This service only appears if the eTrust Integrated Threat

Management server component is installed on this computer.
eTrust ITM Web Access Service
Handles communication between the Java GUI layer and the native
function interfaces. On Windows, this agent is InoWeb.exe.
Note: This service only appears if the eTrust Integrated Threat

Management server component is installed on this computer.
Note: On Linux, Solaris, and Mac OS X, the agent names do not use the .EXE
extension.

Viewing Logs
Use the Logs subtab to view the logs for a specific computer. You can locate
the computer whose logs you want to view by entering the name of the
computer in the Node Name field and clicking Find. Once the client is found,
click the Logs subtab and select the type of log you want to view from the
drop-down list. You can view the following types of logs:
eTrust Antivirus - Shell Scanner
Contains scanning logs initiated through the Windows only Shell Scanner
dialog. The Shell Scanner is available from the Scan for Viruses option of
the right-click pop-up menu in Windows Explorer.
eTrust Antivirus - Realtime Scanner
Displays Realtime Protection scanning logs for the client computer.

Realtime Protection scanning information is appended to the existing log,
so there is only one log entry for each day.
eTrust Antivirus - Scan Jobs
Shows a list of logs that contain the results of the scan jobs that have run
on the local computer. This includes both scan initiated locally and
scheduled scans pushed by the Threat Management Console. For each job,
there is a scan log that contains the results for each time that the job has
run, listed by the date and time. If a job only runs one time, you have one
result log. If the job runs periodically, there is a unique result log for each
scan job.
General Events
Displays logging information of general events for each day. You can also
see operating system error codes here. This category displays the
following types of messages:
Critical Message
This is the highest level message. It requires immediate attention once

logged. This message could mean there is a serious threat was
detected, or there is a problem with the service, such as an error
loading an engine.
Warning Message
This second priority message provides non-critical warning

information.
Informational Message
This type of message provides information on events such as a service

starting or stopping.
Distribution Events
Displays actions that occur during the content update and distribution
process. This includes details about connecting to a distribution source,
starting and stopping a download, and information about whether the
content has been downloaded successfully.
Logs Stored in Standard Database Format
All log information is stored in a DB directory, in a file format that is accessible

by standard database tools that support the ODBC (Open DataBase
Connectivity) standards. This log file is named by the month, day, year, and
time of day that it is created and has an extension of .DBF (.dbf on Linux,
Solaris, and Mac OS X systems).
Collecting System Metrics Information
On Windows systems, the system metrics features let you collect information
about antivirus activity to analyze the impact of this activity across your
enterprise. The collection methods and features are as follows:
Command line utility for login scripts or schedulers
Monitoring realtime statistics with the Performance Monitor
Purging collected records
All log information is stored in a file format that can be accessed by standard
database tools, using the ODBC (Open Database Connectivity) standards.

Performance Monitor
Through the standard Windows NT, Windows 2000, and Windows Server 2003
Performance Monitor application, PERFMON, you can monitor realtime antivirus
activity.
The Performance Monitor, using counters, can monitor the following realtime
information:
Boot Virus Infections
Cure Errors
Cured Boot Virus Infections
Cured Files
Deleted Files
Found Virus
Infected Files
Moved Files
Renamed Files
Scan Error
Scanned computer
Scanned Files
Scanned Files in Archives
For more information about monitoring activity, see the appropriate Windows
Performance Monitor documentation.
Purging Logs
For each client computer, you can choose to save all logs or, delete all logs
older than the specified number of days. You can access these options from
the Client tab. You must first locate the client machine by entering its name in
the Node Name field and clicking the Find button. Then you can scroll down to
the Purge Log Options area, and specify the appropriate options.
Chapter 7: Managing User Access
Controlling Access to the Threat Management Console (see page 55)

User Access to the Threat Management Console (see page 56)
Types of Access (see page 58)
Using the User Management Tab (see page 60)
Controlling Access to the Threat Management Console

You can control user access the Threat Management Console from the User
Management tab. From here, you can view the current users, known as
authorized administrators, that have access to the Threat Management
Console. You can also add or remove authorized administrators, and add, edit,
or remove a user's permissions. The Threat Management Console provides a
wide range of permissions, from read-only access, to full control over your
subnets, Organization tree, and policy assignment and management.
Note: While these authorized administrators have special rights within the
Threat Management Console, they do not acquire any special rights to the
operating system or other applications.
When adding a user and granting permissions to use the Threat Management
Console, you can use any valid operating system account on the computer
hosting the ITM Server. These accounts will retain their existing operating
system permissions.
Managing User Access 55

User Access to the Threat Management Console

Before a user can access the Threat Management Console, an authorized
administrator must first add a user account and set access permissions on the
User Management tab. The assigned permissions determine the user's ability
to change policy settings and perform other management tasks.
The following types of accounts have access to the Threat Management

Console:
Operating system administrator
The operating system administrator or root account on the computer

where the ITM Server resides has full access to the Threat Management
Console. For Windows, this is the Administrator account. For Linux,
Solaris, and OS X systems, this is an administrator account with root
privileges.
The operating system administrator account can grant access permissions

to other users that have valid operating system accounts on the computer
where the ITM Server resides, or to existing accounts elsewhere on the
network. Users that are given these rights are referred to as authorized
administrators.
Installer account
The account that installs the ITM Server also has full access to the Threat
Management Console. This is the root user in Linux and Solaris systems,
and a user with administrative privilege on Mac OS X.
If the account used to install the ITM Server is different from the operating
system administrator account, you will see the installer account appear in
the list of user accounts on the User Management tab.
Note: Linux and Solaris systems do not use a separate account to install
eTrust ITM. The root user installs the product
Authorized administrator
An account that is granted access and permissions to the Threat
Management Console by another account with full access, such as the
operating system administrator. Authorized administrator accounts do not
have any special permission on the operating system where the ITM
Server resides. However, they can be granted different levels of
permissions within the Threat Management Console; from full access to all
features of the Threat Management Console, to read-only access. You can
set permission levels based upon the needs of your enterprise. .
Note: An authorized administrator's permissions on the Threat

Management Console are independent of the operating system
permissions and privileges.
When a user attempts to log onto the ITM Server, the server examines its own
internal security table to determine if the user is valid and what permissions
he or she has.
Granting Administrator Rights at Installation Time
An ITM Server administrator is automatically given administrative privileges on

a client computer if the IP address of the ITM Server is specified to the client
computer when the Threat Agents are installed. This can be accomplished by
customizing the inoc6.icf configuration file. This creates a trusted relationship
that lets an administrator put computers in branches without requiring
separate login and password information for each computer. In a large
network you may want to grant administrator rights over many computers to
the administrator of the ITM Server.
On NetWare, you can set an approved ITM Server using ETRUSTAV. In

addition, the NetWare installation uses the INOC6.ICF settings, which can be
preset to use an approved ITM Server, as under Windows.
Guest Accounts
You can create a guest account on the ITM Server for other users to sign onto
the ITM Server and use the Threat Management Console. For example, on
Windows NT or Windows 2000, you can copy the Guest account and rename it
ITMAdmin on the computer where the ITM Server resides. Then use the User
Management tab to set access permissions to grant Full Control to this new
account. Users who then log onto the ITM Server with this account are granted
full control of the Threat Management Console and its features, but have very
limited access to the Windows operating system on which the ITM Server is
running.
Note: The account you use as a model for a guest account will retain any
operating system permissions that it already has.
This method of using a guest account lets you provide access to the Threat
Management Console as needed, without the need to create a separate
account for each remote administrator who wants to access the ITM Server.
You may also create different types of generic accounts with different levels of
access, and make them available to administrators as needed.

Types of Access
Types of Access
Access rights apply to the Organization tree, policy, and subnet management.
The following table lists the types of access and the associated permissions:
Type of Access Permissions
None User has no access.
Read User has read access to the Organization and Discovery

tabs.
Access to view an object in the list and its associated

properties, but no access to make changes or move a
computer to a different category.
Change User has change access to the Organization and the

Discovery tabs.
Access to see an object and its properties in the list, access

to make changes to the policy settings applied to a branch,
and ability to move a computer to a different branch.
Delete User has access rights to delete the selected item.
Includes Change Permissions. Cannot add users.
Full Control User has full control.
Can add users and grant access for managing access

permissions to other accounts.
Note: Permissions are cumulative. For example, a user with Change

permissions also has Read permissions. A user with Delete permissions also
has Change and Read permissions, and so on.
Types of Access
User Rights Characteristics
After access rights are applied for a user, these rights have the following
characteristics:
User
Identifies the user with access to the selected branch, including the
domain the user is in.
Rights
Indicates the access rights that the user has for that branch.
Reason
User rights can be inherited or specified:
Inherited indicates that the user rights applied to the branch have
been inherited from user rights applied at a higher level in the
hierarchy, such as the root of the Organization tree.
Specified indicates that the user rights applied to the branch have
been applied to this particular level of the hierarchy, such as the root
of the Organization tree.
Access Example for Different Accounts
The following table shows how different access rights can be assigned to
different accounts:
Authorized
Branch Administrator User 1 User 2
Organization tree Full Control Change Read

(root object)
Accounting Full Control Change Read
Sales Full Control Change Read
Travel Full Control Change Read
All the accounts in the example have access to the Organization tree. The
authorized administrator has full control. This account can manage all the
branches in the tree and can set policy for all the computers in the branches.
User 1 has change access, and User 2 only has read access. These rights
would apply to the policy and subnet management, as well.

Using the User Management Tab
Using the User Management Tab

Use the User Management tab to perform the following tasks:
View current users and their permissions
Add users and permissions
Remove users and permissions
Modify user permissions
The User Management tab lists current users in the Current Users area, and
provides options for adding new users in the Add user area. In addition, you
can delete existing users from the Current Users area by selecting a user and
clicking Delete. To modify an existing user, select the checkbox next to the
user's name, and click Edit.
Note: You can also view user permissions on the Organization tab by selecting
Permissions from the drop-down list.
Chapter 8: Generating and Viewing
Reports
Reports (see page 61)

Categorized Reports (see page 66)
Generate Reports (see page 67)
Using the Reports Tab (see page 68)
Reports
The Reports tab provides access to a wide variety of reports. From this tab you
can generate and view reports for discovery statistics, managed machines,
scheduled jobs, Top 10 threats, categorized reports, and mail option reports.
Many reports provide color graphs, augmented by summary and detailed
information, as well. You can also view domain reports for computers in your
network that are grouped into domains that were discovered by the ITM
Server, whether they are running eTrust Threat Management products or not.
The ITM Server generates the reports based on the information collected from
each client computer. You determine the start date for the reports, and how
often they are generated by using the Report Scheduler options located on the
Report tab.
Generating and Viewing Reports 61

Reports
Discovery Statistics Reports
The Discovery Statistics reports provide statistical information from the ITM
Server for all discovered computers, as well as those that have expired.
Expired computers are those that missed being discovered beyond the number
specified in Max Missed Discoveries option on the Discovery tab. You can view
these reports by clicking the Machine Information Report folder, which
contains the following reports:
Deployment
Displays a list of all eTrust Threat Management products currently

installed, grouped by operating system. If a Windows XP computer has
both eTrust Antivirus and eTrust PestPatrol installed, the report increments
both Antivirus and PestPatrol numbers by 1 for that operating system. If
the computer has only eTrust Antivirus, only Antivirus is incremented by 1
for that operating system.
Load Per Server
Displays the load on the downloads sources assigned for content update
download in the top three preferences. The report shows the number of
computers that have each server listed as a primary or a secondary
distribution source.
Load Per Policy
Displays the distribution load on a per policy basis. The report shows the
number of computers that have each policy listed.
Signatures
Displays the number of computers that have the virus and pest scanning
engines installed. It includes the engine name, number of computers with
the engine installed, as well as the counts for each signature or DAT file
version detected in the subnets.
Signature Exception
Displays the current version of the signature or DAT file versions for this
ITM Server, and using this information as a benchmark, shows up to three
out-dated signature versions detected for each engine on discovered
computers. Note that the most recent, not the oldest, outdated version is
shown.
Signature Exception Details
Displays the details of all computers with any of the three outdated
signature versions detected in the Signature Exception report. The
computer's name, IP address, and MAC address is shown, as well as the
ITM Server and branch to which the computer belongs.
Reports
Managed Machine Reports
The Managed Machines reports display information machines that are

managed and unmanaged by the ITM Server running on Windows. Computers
that have eTrust Threat Management products installed and are being
managed by this ITM Server are considered managed machines. Computers
that do not match this criteria are considered unmanaged machines. The ITM
Server must have a discovery definition for the subnet where a computer
resides in order to manage it. The reports are generated by enumerating and
comparing all domains in a network to the discovered computers in the ITM
Server database. A match indicates a managed machine; otherwise, the
machine is unmanaged.
Domain Summary
Displays every domain detected, and the number of managed and

unmanaged machines for each domain.
Protected Machines Total
Displays information about the computers that have eTrust Threat

Management products installed, with details including domain name, IP
address, branch name, and product version.
Unprotected Machines Total
Displays information about the computers that do not have eTrust Threat
Management products installed, with details including associated computer
name and domain name.
Microsoft Windows Network
Displays managed and unmanaged machines, by domain name.

Reports
Scheduled Job Reports
The Scheduled Job reports displays summary information about the scheduled
virus and pest scanning jobs. The report contains the following information:
Machine Name
Name of the computer the job is pushed to by the ITM Server.
Report Time
The time that the scan job reports back to the ITM Server as completed.
Error
The number of errors encountered by the scan job.
Files Scanned
The number of files scanned by the scan job.
Files Cured
The number of files cured by the scan job.
Top 10 Reports
The Top 10 reports display the most widely detected threats on your network,
grouped into various time-frames. The time frame is calculated based on the
local time zone where ITM Server is located.
You can also view this information by computers and users. The following
reports are available:
Top 10 Virus Report
Displays a top-ten virus summary and a list of all viruses detected grouped
into time-frames.
Top 10 Pests Report
Displays a top-ten pest summary and a list of all pests detected on

Windows machines, grouped into time-frames.
Top 10 Machines Report
Displays discovered computers most often infected by viruses and pests,

grouped into time-frames.
Top 10 Users Report
Displays user most often infected by viruses and pests, grouped into time-
frames.
Reports
Mail Option Reports
The following reports are available for Lotus Notes and MS Exchange mail
servers on Windows machines:
Per Virus Reports
Displays every virus detected on your email servers.
Per Machine Reports
Displays detailed information for every email server that has reported
viruses in emails.
Per User Reports
Shows detailed information for every email user that has reported a virus
or pest.

Categorized Reports
Categorized Reports
These reports are broken down into categories by subnet, branch, user,
computer, and by the action taken on the threat. The following reports are
available:
Per Virus Reports / Per Pest Report
Virus report displays detailed information for each virus detected. Pest
report displays detailed information for each pest detected on Windows
machines. You can get specific information about a particular virus or pest
by clicking the virus or pest name.
These two reports provide the following subdivisions:
By Subnet
Displays detailed information about the detected virus or pest using

the subnet category.
By Branch

the branch category.
By User

the user category.
By Computer

the computer.
By Action

the action category.
Per Pest Category Report

Displays detailed information about detected pests by pest category.
Note: When you view pest reports, such as the Per Pest Report, the
number of pest detections may appear as an alarmingly high number. This
is because a pest is typically made up of many different items (several
files, several key registries, etc.) and the total number of detected items
for each pest is reflected in the report.
Per Machine Reports
Displays summary information for each virus or pest found, categorized by

computer name.
Per User Reports
Displays summary information for each virus or pest found, categorized by

user name.
Generate Reports
Generate Reports
To view reports on the Reports tab you must forward alert notifications from
client computers to the ITM Server. The following steps describe the
configuration process for collecting this data and generating reports:
1. Configure the subnet definitions for your network.
2. Add the discovered client computers to the branches in your Organization

tree.
3. Create an Alert Forwarding policies for all client computers using the Policy
Management tab:
a. On the Alert tab, click Forward to client name and enter the name of
the ITM Server.
Note: If you implemented eTrust ITM in a multi-tiered hierarchy, you

can forward the alerts to a policy proxy server first, which in turn
forwards them to the ITM Server.
b. On the Alert Filter tab select Custom Notification and select the
Malware Detection Report.
This generates reports per discovered threat.
c. Select additional service modules for the specific alerts you want
reported.
d. Click Apply to save the policy.
e. Assign the policy to all branches of the Organization tree, except for
the ITM Server. You will configure a separate policy the server.
4. Create an Alert Forwarding policy for the ITM Server that forwards alerts
to itself:
a. On the Alert tab, click Forward to client name and enter the name of
the ITM Server.
b. On the Alert Filter tab select Custom Notification and select the
Malware Detection Report.
This generates reports per discovered threat.
c. Select additional service modules for the specific alerts you want
reported.
d. Click Apply to save the policy.
e. Assign the policy to the ITM Server.
5. Click the Reports tab and Report Scheduler to schedule the generation of
report.
Note: You can use the eAVreprt.exe utility located in the eTrustITM
directory to refresh report data and generate reports prior to the next
regularly scheduled report.

Using the Reports Tab
Using the Reports Tab

Use the options available on the Reports tab to do the following:
View reports, summaries, and graphs
Schedule the date, time, and frequency of report generation
When you first access the Report tab, you see the Application and Domain
Report Frequency options on the right side of the page. You can use these
options to schedule the generation and frequency of your reports.
The Reports tree that appears on the left side of this window helps you to
quickly browse through the available reports to select the report you want to
view. When you select a report, it appears on the right side of the page. Use
the Details and Graph subtabs at the top of the page to go from the report
data to the report graph. If you want to return to the Application and Domain
Report Frequency options, simply click the Report Scheduler link at the top of
the Reports tree.
Note: If you are unable to view report graphs, check the active content
setting in your web browser. For more information, see Enable Active Content
in Internet Explorer.
Chapter 9: Managing Licenses
For information on how licensing concepts and implementation, see the
Licensing section in Chapter 1, "Planning Your Implementation, in the eTrust
Antivirus Implementation Guide.
Using the Licensing Tab (see page 70)

Checking Product Usage (see page 71)
Managing Licenses 69
Using the Licensing Tab
Using the Licensing Tab

Use the Licensing tab to perform the following tasks:
Activate a new key
Import an existing license to a different computer
Enter or modify registration information
View current license information and usage
Set up a license proxy server
When you install the ITM Server, the install wizard prompts you for your
license and registration information. If you did not enter the information
during installation, then a 30-day evaluation copy of the software was installed
on your system. When you access the Licensing tab, the License Status will
say "Unregistered, in trial period" and display the number of days left in the
trial period. All other fields will remain empty until you enter your company's
license information.
To enter your information after installation, use the Activate a Key button. This
allows you to enter your 25-character license key and your company
registration information. If you are installing the eTrust ITM Suite, you must
enter a key for both eTrust Antivirus and eTrust PestPatrol. Before entering
this information, verify that you have an active Internet connection, as the
information will be uploaded to CA.
If you need to move your license to another computer, use the Import License
File button, which lets you browse to and select the license file. The default
location of the license file is {Installation
Directory\CA\SharedComponents\SubscriptionLicense\license.xml. The eTrust
Threat Management Agent interface also provides the Import License File
option, so that mobile clients that have the software installed can import the
license information from the ITM Server directly.
Note: You do not need to enter the license key for each client computer.
Instead, the license status will be automatically deployed to client machines
during client installation.
For detailed information on licensing, see the Licensing section in Chapter 1 of

the eTrust PestPatrol Implementation Guide.
Checking Product Usage
Checking Product Usage

The Product Usage area of the Licensing tab displays a graph that shows the
number of purchased licenses and their current status. The number along the
left of the graph indicates the total number of purchased licenses. The colored
bars indicate the following:
Green indicates licenses are valid for 30 days or more before there is a
licensing shortage.
Yellow indicates there are less than 30 days before there is a licensing
shortage.
Red indicates there are not enough licenses to protect all computers on
your network.
You can use this graph to check product and license usage. You can also get
summary information about licensing on the Dashboard tab.
Managing Licenses 71
Chapter 10: Using the Alert Manager
This chapter describes the use of the Alert Manager component. Alert runs on
Windows NT, Windows XP, Windows 2000, and Windows 2003 systems. This
chapter also describes the use of the Local Alert Manager settings on Linux,
Solaris, and Mac OS X systems.
Alert Manager (see page 74)

Running the Alert Manager (see page 74)
Local Alert Manager for Linux, Solaris, and Mac OS X Systems (see page 75)
Sending Alerts to Unicenter and eTrust Security Command Center (see page
76)
Using the Alert Manager 73

Alert Manager
Alert Manager
The Alert Manager is a centralized management component that sends alerts
generated by the client computers and servers running eTrust Threat
Management products to other destinations. The Alert Manager receives alerts
based on the Alert Forwarding policies that you deploy. The following graphics
shows the Alert Manager interface:
Running the Alert Manager

You can use the Alert Manager to select a remote computer to manage alert
messages. Before you start Alert, you must establish a Service Account
connection and select a remote computer.
Local Alert Manager for Linux, Solaris, and Mac OS X Systems
Local Alert Manager for Linux, Solaris, and Mac OS X

Systems
Under Linux, Solaris, and Mac OS X, you may use the Local Alert Manager
setting to send notification information to a shell script that you write yourself.
The script then takes any action you indicate, such as sending an email to a
specified address when eTrust Antivirus detects a virus.
Use the script InoSetAlert to specify the name of the script (using an
absolute path) that you want to run when an alert is generated. You must also
use absolute paths when referencing any files in the script itself, unless the
code is explicit about changing to a particular directory.
For example, the following command causes /home/myfiles/myscript to be

used as the alert script:
InoSetAlert /home/myfiles/myscript
The script must be executable. If it is not, use the chmod command to change
the file mode. For example:
chmod +x /home/myfiles/myscript
The following command turns the feature off:
InoSetAlert -delete
Under Mac OS X, you can also indicate an alert script to be run in the eTrust
Antivirus Preference Options panel that can be run from System Preferences
panel.
eTrust Antivirus sends specific information, which it receives as standard script

arguments such as $1, $2, and so on, to the script. These arguments, in
order, are:
1. Time of the event (as a string, such as "10:15:20 AM 22-Jan-2001").
2. Code number for the event. For example, the code number for a virus
detection by Realtime Protection is 26.
3. The severity of the event: 1=Information, 2=Warning, 3=Error.
4. The name of the node on which the event occurred.
5. The text of the message generated by eTrust Antivirus.
Using the Alert Manager 75

Sending Alerts to Unicenter and eTrust Security Command Center
Sending Alerts to Unicenter and eTrust Security Command

Center
You can also integrate the Alert Manager with Unicenter, eTrust Security
Command Center, and/or eTrust Audit. Unicenter provides enterprise network
management, offering a centralized console and automated actions that can
be performed in response to the event being detected. Activating the Alert
integration to eTrust Security Command Center or eTrust Audit enables the
alerts to be sent to the eTrust Audit collectors. Once received by eTrust Audit,
the eTrust Audit facilities can be used to further filter and relate these
messages with other events, initiating specific actions, including the sending of
other alerts.
Additional integration can be achieved with eTrust Audit and eTrust Security
Command Center using the Product Integration Kits (PIKs), which are included
with eTrust Security Command Center. For more information about integrating
with eTrust Audit or eTrust Security Command Center, see the appropriate
product’s documentation.
Appendix A: Using the Command Line
Scanner Inocmd32
Command line scanners are provided for most of the platforms supported by
eTrust Antivirus.
On Windows systems, use the INOCMD32.EXE Command Line Scanner to

perform scans from the command line. Scan results are displayed on the
screen during the course of the scan, and are also saved in the scan log for
viewing or printing at a later time.
On UNIX systems, which are case-sensitive, and on OS X systems, use the

command inocmd32.
Note: On eTrust Antivirus 7.0 or 7.1 for NetWare, use the ETRUSTAV console
application to perform scanning. For more information, see Using the
ETRUSTAV Console Program (see page 99).
The command syntax for INOCMD32 is:
inocmd32 [-options] file|directory|drive
Each option is preceded by a dash -. Some options have associated action

choices.
Specify at least one file or directory to scan. On Windows systems, you can
specify a drive to scan.
Examples:
inocmd32 -ACT cure -SCA mf -LIS:myscan.txt c:\temp
This command invokes the INOCMD32 Command Line Scanner to scan the
drive and directory c:\temp, sets the file action ACT to Cure, sets the special
cure action SCA to Move File if Cure Fails, and sends the scan results to a file
named myscan.txt.
inocmd32 -NEX -ARC /home/myfiles
This command invokes inocmd32 to scan the UNIX directory /home/myfiles

and all its subdirectories, and to scan archive files, which are identified by
their contents rather than their names.
Using the Command Line Scanner Inocmd32 77

Scanner Options for Inocmd32

The following scanner options are available for Inocmd32:
MOD mod
Scan mode. Use MOD to set the scan Safety Level.
Secure
Use the Secure mode as the standard method for scanning files
completely.
Reviewer
If you suspect you have an infection that is not being detected by the
Secure mode, you can use the Reviewer mode.
Default: Secure
ACT action
Infected file action. Specify what to do with an infected file. Use one of the
following action options:
Cure
Attempt to cure an infected file automatically. Even if the infected file

is cured, we recommend that you delete the infected file and then
restore the original file from a backup.
Rename
Automatically rename an infected file. With this option, an infected file

is renamed with an AVB extension. Infected files with the same name
are given incremental extensions in the form AV#. For example,
FILE.AV0, FILE.AV1, and so on. After a file is renamed with an AVB-
type of extension, it is not scanned subsequently.
Delete
Delete an infected file.
Move
Move an infected file from its current directory to the Move folder.
Default: Report Only
EXE
Scan specified files only. The list of file extensions indicated by the
Specified Extensions Only option for regular files in the interface
determines which files are scanned.
EXC
Exclude files from scanning. The list of file extensions indicated by the All
Except the Specified Extensions option for regular files in the GUI
determines which files are excluded from the scan.
ARC
Scan archive files. Use this option to scan compressed files.
ARF
Apply extension filter to the contents of archived files.
NEX
Detect compressed files by content, not by file extension.
NOR
On Unix, skip remotely mounted file systems.
NOS
No subdirectory traverse. Use this option to exclude from the scan the
subdirectories in the specified directory.
FIL:pattern
Only scan files that match pattern. Use shell wildcard patterns to select
files to scan.
Example: The pattern *.doc will scan only files with a .doc extension.
SCA action
Special Cure Action. Use this option when the ACT action is set to Cure.
Use one of the following SCA actions.
CB - Copy Before
A copy of the original file is made, and the copy is moved to the Move
folder before the cure is attempted.
RF - Rename if Cure Fails
If a file cannot be cured, it is renamed with an AVB extension.
MF - Move if Cure Fails

If a cure fails, the infected file is moved from its current directory to
the Move folder.
MCA action
Macro Cure Action. Use one of the following action options.
RA - Remove All
All macros are removed from the infected file.
RI - Remove Infected.
Only the macros that contain infected code are removed from the
infected file.
SPM mode

Special Mode. Use this option to run a scan with one of the following
modes:
Specifies the Heuristic engine to scan for unknown viruses.
Applies actions set by the ACT switch to archived files.
SFI
Stop at first infection in archive. If this option is in effect and an infected

file is found as files are extracted from a compressed file, no additional
files in the archive are scanned.
SMF
Scan migrated files on Windows and NetWare systems. Use this option to
scan files that have been migrated to external storage. With this option in
effect, files that have been backed up are restored to the local drive and
scanned. If this option is not in effect, and there is an entry in a directory
for a file that has been backed up and moved off the local drive, the file is
not scanned.
SRF
Skip regular file scanning of archives. If you use this option, compressed
files are not scanned.
BOO
Windows system boot sector scan. The default setting is to Report Only.
Use the ACT option to set this option to cure boot sector infections.
MEM
On Windows systems, scan memory. Scan for infections in programs

currently running in memory.
LIS:file
Use this option when you run a scan and send the scan result list to a
specified file.
APP:file
Append scan report to file. Use this option when you run a scan and
append the scan result list to an existing specified file.
SYS
On Windows systems, enable system cure. Use this option to invoke the
system cure facility for any infected file(s) that are found and which have a
system cure associated with them. Please refer to the virus encyclopedia
on the Computer Associates web site for current information about viruses
and associated system cures. Note that in some cases, you must reboot
your computer for a system cure to take effect.
VER
Verbose mode. Use this option to display detailed scan information.
COU
Activates the file counter. Use this option to return a message after 1000
files have been scanned. The message is repeated each time 1000 files are
scanned.
COU:number
Activates the file counter and sets it to the value indicated. Use this option
to return a message after the indicated number of files has been scanned.
The message is repeated after the indicated number of files has been
scanned.
SIG
Signature. Use this option to display signature version numbers.
SIG:dir
Signature directory. Use this option to display signature version numbers

of engines in the specified directory.
HEL or ?
Display command line help.

Appendix B: Integrating with Unicenter
NSM
eTrust Antivirus works with Unicenter NSM on the Enterprise, Local, and
Workgroup Servers. The Unicenter NSM platform required is determined by the
operating system of the server:
Unicenter NSM for Windows NT, 2000, or 2003 must be installed on all
Windows NT- or 2000-based Enterprise, Local, and Workgroup Servers.
The Unicenter NSM that corresponds to the hardware and operating
system of the UNIX-based Enterprise, Local, or Workgroup Local Server
must be installed on those servers.
Preparing for Unicenter NSM Integration (see page 83)

Managing Antivirus Options in WorldView (see page 85)
Remote Scan View (see page 87)
Preparing for Unicenter NSM Integration

Integrating eTrust Antivirus with Unicenter Network and Systems Management
(NSM), is a simple matter of importing the results of the eTrust ITM discovery
process into the Unicenter NSM repository and creating appropriate Unicenter
Business Process Views. The Unicenter NSM platform required is determined
by the operating system of the server.
Important! To enable this integration, the ITM Server must be installed on

same system as the Unicenter NSM.
Integrating with Unicenter NSM 83

Preparing for Unicenter NSM Integration
Using TRIX to Import to the Repository
Use the Repository Import/Export program (TRIX) to invoke the import script
that is provided with eTrust Antivirus. This creates an Antivirus class.
You can access the TRIX program from the Start menu, Unicenter, NSM,
WorldView program group. Choose Repository Import/Export to launch the
TRIX interface. Then, use TRIX to open the script file, TRIX0.TNG, and import
it into the repository. This import script file is located in the directory where
eTrust Antivirus is installed.
You must know the name of the repository to which you wish to connect, and
use a valid User ID and Password to sign on to the repository.
TRIX can also be invoked by entering the following at the command prompt.
trix
This executes TRIX.EXE.
For more information about TRIX, refer to the Unicenter NSM documentation.
Using InoUpTNG to Populate the View
After completing the import to the repository, use the InoUpTNG utility to
create the antivirus Business Process View and populate it with a display of the
computers in your antivirus network.
InoUpTNG discovers computers in your network based on the computer

information in the Unicenter NSM database, and the subnet discovery
information in the Admin Server database. The utility uses the information
from both of these sources to populate the WorldView repository.
The Unicenter NSM network must have been discovered and a computer must
already exist in the Unicenter NSM repository before you run InoUpTNG. The
subnet discovery for the ITM Server must also have been completed. Based on
the computer information in the ITM Server database, InoUpTNG searches the
Unicenter NSM repository for matching computer objects.
If InoUpTNG finds a matching computer in the Unicenter NSM database, it

creates an Antivirus object and links it to the computer. Then the object is
displayed in the Business Process View. This provides the view of all the
computers that are running instances of eTrust Antivirus in your network. If
there are multiple ITM Server in your network, the utility discovers them.
Conversely, if the computer is not already in the Unicenter NSM database,

then an object will not be created for it, and it will not be displayed in the
view.
Managing Antivirus Options in WorldView

After you have a Business Process View of your antivirus network, you can
manage the scanning options for the computers in the view.

Integrating with WorldView
When you right-click on a computer in the view, the standard Unicenter

options for managing objects are available. In addition, the following options
are available for managing the antivirus software on computers in the view:
Configure Realtime
Use Configure Realtime to set the Realtime Monitor options for the
selected machine. This displays the same options that are available for
managing the Realtime Monitor on a local machine.
For more information about using the realtime monitor options, see Using
the Realtime Monitor.
Configure Distribution
Use Configure Distribution to set Signature Update options for the selected
machine. This displays the same option that is available for managing
signature updates on a local machine.
Schedule Job
Use Schedule Job to set Schedule Scan Job options. This displays the
Remote Scan View, which provides access to the same option that is
available for managing scheduled scan jobs on a local machine. You can
create a new scheduled scan job or modify an existing job. For more
information, see Remote Scan View (see page 87).
Display Logs
Use Display Logs to view and manage log information for the selected
machine. This displays the same view and option that is available from the
Log Viewer on a local machine.
For more information about using the Log Viewer, see Viewing and
Managing Logs.
Configure Contact
Use Configure Contact to set the Contact Information options for the
selected machine. This displays the same option that is available for
managing the contact information options on a local machine.
Display Summary (for legacy computers)
This is available for legacy machines only. Use Display Summary to display
summary information for a selected machine that is running a 4.x version
of the eTrust Antivirus.
Broadcast Configuration (for legacy computers)
This is available for legacy machines only. Use Broadcast Configuration to

manage broadcast configuration information for a selected machine that is
running a 4.x version of the eTrust Antivirus.
Configure Service (for legacy computers)
Remote Scan View
This is available for legacy machines only. Use Configure Service to

manage antivirus services for a selected machine that is running a 4.x
version of the eTrust Antivirus.
These options enable you to set scanning options for the selected computer in
the same way that a user sets the options on a local computer. To view and
modify options on a computer, you must have a valid user ID and password
for the Admin Server that manages the computer.
Note: When you select a legacy computer and right-click on it, you can select
legacy options to manage that computer. These options display the dialogs for
the older versions of the product. To manage options on a computer, you need
a valid user ID and password on that computer.
Remote Scan View

From the Remote Scan View, you can add a new scheduled scan job, edit an
existing job, or delete a selected job. These are the same options that are
available for managing scheduled scan jobs on a local computer.
These options are available from the Options menu, and the toolbar buttons.
You can also access these options by right-clicking on a job in the list on the
left. In addition, when you highlight a job in the list on the left, you can right-
click anywhere in the summary on the right to display the available options.
The Remote Scan View displays the selected computer on the left side of the
window. You can expand the computer to display jobs that are scheduled to
run on the computer, if any.
When you highlight a job in the list on the left side of the window, summary
information about the job is displayed on the right. This displays the properties
used for the job.
For more information about using the schedule scan job options, see Using the
Scheduled Scanner.

Appendix C: Managing NetApp
This appendix describes how to use the eTrust Antivirus Network Appliance
Filer Scanner with a filer from Network Appliance™ (NetApp®). For installation
information, refer to the eTrust Antivirus Implementation Guide. This appendix
applies to Windows only.
Managing the Scanner

This section describes how to control the scanner and its antivirus settings. A
Microsoft Management Console (MMC) snap-in controls the scanner. You can
use the MMC to configure which filers are registered to scanners and to
manage the scanners remotely.
Managing NetApp 89
Add Another Filer to a Scanner
The installation wizard let you configure one filer with a scanner. To add
another filer to a scanner (register a filer with a scanner), follow these steps:
1. From the product program folder, launch Scanner Management (MMC

snap-in). The console window opens.
2. In the left pane, expand Console Root, eTrust Antivirus NetApp Scanner.
The AV Machines node displays:
3. Select AV Machines.
The list of managed scanner machines appears in the right pane. If

your machine is not in the list, you need to add the machine to the
MMC. To do so, right-click the AV Machines node and select
Administrator AV Machine. You can also add a remote scanner this
way, as long as the local machine has the required privileges.
4. Double-click the machine.
The Properties dialog displays:
5. Enter the name of the filer or click the browse button to locate and select
the filer.
6. Click Add to add any additional filers.
Managing NetApp 91
View Scanner Statistics
To view scanner statistics, click the Statistics tab on the Properties dialog.
For more information, see the eTrust Antivirus NetApp Filer Scanner online
help.
Managing Custom Move and Copy Directories
The installation process creates the following registry values and sets these
values to the location of the eTrust Antivirus Quarantine directory.
HKLM = HKEY_LOCAL_MACHINE.
HKLM\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\NetApp Scanner
CopyDir
MoveDir
Change Infected File Destination to the Filer
On the Cure Action Options dialog, if you specify Quarantine, then the scanner
moves infected files from the filer to the eTrust Antivirus Quarantine directory
on the local machine (usually Program Files\CA\eTrustITM\Quarantine). You
can change this setting.
To move infected files to the filer instead of the scanner, use Regedit to
manually change the registry configuration values on the scanner machine.
The new values override the Quarantine directory of the Realtime Monitor.
Directories must not have a trailing backslash and can point to local drives or
mapped drives, or be specified as universal naming convention (UNC) paths.
Example:
HKLM\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\NetApp Scanner\MoveDir=\\f760\vol1\move
Manage Files in a Custom Move Directory
Once you specify a custom Quarantine directory, you cannot use the eTrust
Antivirus interface to manage its files. Instead, you must use the RestMove
command line utility. It is in the installation directory of the scanner machine
and has these characteristics:
Displays original file names and their infections
Supports standard DOS wildcards: * and ?
To display information about all files in the custom Quarantine directory, enter
the following command:
RestMove \\f760\vol1\move\*.* -i
Result:
\\f760\vol1\move\31ed8c4e-b930-45f0-8c1e-35e1d3570cd6
Original file name: \\F760\VSCAN_ADMIN$\vol\vol1\sabra01\eicar2.com
Infection name: EICAR test file
Detected by engine 23.61.00, signature 23.61.50 on 6/16/2003, 1:06:11 PM
To restore the files to their original location, enter the RestMove command and
do not use the -i switch.
You can provide single paths for both the MoveDir and the CopyDir because
the values are stored in single registry keys. Therefore, a scanner serving
multiple filers can store moved and copied files in different locations.
Managing NetApp 93
Managing the Filer
View the Virus Detection Log
The scanner adds an entry to the Realtime Scanner log whenever it receives a
file request for a file with a virus. The scanner also sends a message to the
filer’s system console that notifies the filer administrator of the virus infection.
To view the Realtime Scanner log, go to the Logs tab of the eTrust Threat
Management Agent.
Manage the Scanner Remotely
To manage scanner antivirus settings remotely with the Administrators View,

follow these steps:
1. Initiate the ITM Server to discover all of the scanners.
2. Put the scanners into a group.
Note: Be careful when choosing settings, because the software applies the
settings to both the eTrust Antivirus engine and the scanner running on
the machine, and some of the realtime settings do not fit with both.
3. Set realtime antivirus settings for the group.
4. Push the policy to the selected filer’s scanner.
Managing the Filer

This section provides procedures to manage the filer and its environment.
Common Internet file system (CIFS) virus protection is a feature of the filer's
operating system, Data ONTAP, which gives CIFS clients on-access virus
scanning of files on a filer. On-access virus scanning is the scanning of a file
before a CIFS client is allowed to open it. For more information about the filer,
go to the Netwrok Appliance Antivirus Scanning website.
Enable and Disable Virus Scanning
To enable and disable virus scanning, enter the following command:
vscan on [-f][on|off]
where -f forces virus scanning to be enabled even if no virus scanning clients

are available to scan files.
Note: Turning on virus scanning when no clients are available to scan files
causes the CIFS clients not to be able to access filer files.
Managing the Filer
Specify File Extensions to Scan Using vscan
A default list of file extensions is available when you enable vscan. Up to 255
file extensions can exist in the file extensions list.
Note: The extension list on the filer processes before the extension list on the
scanner machine that you establish through realtime scanner configuration.
For example, if *.vbs is not configured on the filer for scanning, VBS-files do
not pass to the scanner. Therefore, even if VBS files are configured for
scanning on the scanner, they do not reach the scanner for processing. Also, if
an extension is in the extension list on the filer but not specified in the
realtime scanner configuration, the filer passes the corresponding files to the
scanner, but the scanner ignores these scan requests.
To control which files to scan, there are commands you can use to change the
default list of file extensions.
To display the default list of file extensions for the filer to scan, enter the
following command:
vscan extensions
To add to the default include list of file extensions for the filer to scan, enter
vscan extensions include add ext[,ext...]
where ext is the extension to add.
To add to the default exclude list of file extensions for the filer to scan, enter
vscan extensions exclude add ext[,ext...]
where ext is the extension to add.
Example:
vscan extensions include add txt
To replace the default include list of file extensions with a new list, enter the
following command:
vscan extensions include set ext[,ext...]
where ext is the extension to set.
To replace the default exclude list of file extensions with a new list, enter the
following command:
vscan extensions exclude set ext[,ext...]
Managing NetApp 95
Managing the Filer
where ext is the extension to set.
To remove file types from the default include list of file extensions, enter the
following command:
vscan extensions include remove ext[,ext...]
where ext is the extension to remove.
To remove file types from the default exclude list of file extensions, enter the
following command:
vscan extensions exclude remove ext[,ext...]
where ext is the extension to remove.
To reset the file extensions list to the default include and exclude lists, enter
the following commands as appropriate:
vscan extensions include reset
vscan extensions exclude reset
Specifying Shares to Scan Using CIFS
You may want to indicate whether your virus-scanning application performs a

virus scan when clients open files on a specified share. You can turn scanning
on or off for shares that you specify, either for any access or for read-only
access.
Turn Scanning Off for Files in a Share
The default state of a share has virus scanning turned on. You can turn virus
scanning off for files in a share. Reasons to do this may include: the users are
restricted to trusted users, the files are restricted to read-only mode, or speed
of access is more important than safety.
To turn virus scanning off for files in a specified share, enter the following
command:
cifs shares -change share_name -novscan
where share_name is the name of the share for which you want to turn off
virus scanning.
The setting is persistent after rebooting.
Managing the Filer
Turn Scanning Off for Read-Only Access in a Share
You can turn virus scanning off in a share for users who open files for read-
only access to increase the speed of file access. The default state of a share
has virus scanning turned on.
To turn virus scanning off for read-only access to files in a specified share,
enter the following command:
cifs shares -change share_name -novscanread
where share_name is the name of the share for which you want to turn off
virus scanning.
Turn Scanning On for Read-Only Access in a Share
To turn virus scanning on for read-only access to files in a specified share,

enter the following command:
cifs shares -change share_name -vscanread
where share_name is the name of the share for which you want to turn on
virus scanning.
Add a Share With Scanning Off
You can create a share with virus scanning turned off. The default state of a
share has virus scanning turned on.
To add a share that has virus scanning turned off, enter the following
command:
cifs shares -add share_name /path -novscan
where share_name is the name of the share that you want to create with virus
scanning turned off and path specifies where you want the share created.
Data ONTAP creates the share with virus scanning turned off.
Managing NetApp 97
Appendix D: Using the ETRUSTAV
Console Program on Netware
After installing eTrust Antivirus for NetWare on a NetWare server, use the
ETRUSTAV console program to take advantage of its features. The ETRUSTAV
program invokes a menu from which you can control many eTrust Antivirus
operations on the server. From the NetWare command line, entering
ETRUSTAV starts the program. To start all the eTrust Antivirus services at the
same time as starting ETRUSTAV, you must instead enter ETRUSTAV
AUTOSTART.
Using the ETRUSTAV Menu (see page 99)
Using the ETRUSTAV Menu

Use the keyboard Up and Down arrow keys to navigate the ETRUSTAV menu
items. The Enter key activates the selected menu option. You can exit the
ETRUSTAV program and pop-up option screens by pressing the Escape key.
Note: The default options for the ETRUSTAV program are set by the
inoc6_nw.icf file during installation.
Using the ETRUSTAV Console Program on Netware 99

Main Menu Options
The following list contains the ETRUSTAV main menu selections:
Start All Services
Loads and starts all eTrust Antivirus services.
Stop All Services
Stops and unloads all eTrust Antivirus services.
Start Selected Service
Starts an individual eTrust Antivirus service. If there are any services not
already running, a pop-up menu appears from which you can select the
service to start.
Stop Selected Service
Stops and unloads an individual eTrust Antivirus service. If there are any
services currently running, a pop-up menu appears from which you can
select the service to stop.
Configure Realtime
Lets you configure settings for real-time scanning on the Netware server.
Configure Local Scanner
Lets you configure settings for local scans run on the Netware server.
Run Local Scanner
Opens a pop-up menu from which you can specify a full pathname to scan.
Stop Local Scanner
Stops a local scan that is currently running.
Check Status of Scheduled Jobs
Displays the status of any scheduled scan job that is currently running.
Information displayed is refreshed every second as the job progresses.
Check Status of Realtime Scanning
Displays the status of realtime scanning from the time the Realtime
Monitor was started. Information displayed is refreshed every second.
Display signature versions
Displays the current scan engine and signature versions for the eTrust
Antivirus engines installed on the server.
Download signatures now
Initiate a process to get and apply signature updates immediately.
Advanced
Lets you configure options that are less commonly used.

Configure Realtime
This option opens a pop-up menu from which you can modify Realtime
Scanning Settings. From the Realtime Settings pop-up menu, you can view or
modify Scanning options, Selection options, Filters, and Advanced options.

Realtime Settings: Scanning Options
The following list describes the Scanning options for the Realtime Scanner:
Direction of Scan
Specifies when the realtime scanner should scan a file.
Disabled
Disables the realtime scanner, so that no realtime scanning is done.
Outgoing and Incoming Files
Scans files when they are accessed for reading or executing and when
they are written to a volume.
Outgoing Files
Scans files only when they are accessed for reading or executing.
Safety level
Specifies the scan safety level.
Secure
Use as the standard method for scanning files completely.
Reviewer
Use if you suspect you have an infection that Secure mode is not
detecting.
Scanning engine
Specify the antivirus engine to use in the scan:
Inoculate IT
The Inoculate engine.
Vet
The Vet engine
Heuristic Scanner
Specify whether to use the Heuristic Scanner to scan for unknown viruses:
No
Do not use the Heuristic Scanner.
Yes
Use the Heuristic Scanner.
File Action
Specify an action option for an infected file:
Cure

Attempt to cure an infected file automatically. Even if the file is cured,

it is recommended that you delete the infected file and restore the
original file.
Delete
Move
Rename
Automatically rename an infected file with an AVB extension. Assigns

incremental extensions in the form #.AVB to infected files with the
same name, for example, File.0.AVB, File.1.AVB, and so on. After a file
is renamed with an AVB-type of extension, it is not subsequently
scanned.
Report Only
Report an infected file.
Cure Options
If Cure Fails. Specify the cure fail option when File Action is set to Cure:
Move File
Move an infected file from its current directory to the Move folder if a
cure fails.
No Action
Do nothing if cure fails.
Rename File
Rename a file with an AVB extension if a cure fails.
Macro Virus Treatment
Specify a removal option for an infected file.
Remove All Macros
Remove all macros from the infected file.
Remove Infected Macros
Remove only the macros that contain infected code from the infected
file.

Copy File Before Cure
Make a copy of the original file and put it in the Move folder before
attempting the cure.
No
Do not copy the file before cure.
Yes
Copy the file before cure.

Realtime Settings: Selection Options
The following list describes the Selection options for the Realtime Scanner:
Do not scan migrated files
Specify whether to scan files that have been migrated to external storage:
Yes
Do not scan migrated files.
No
Scan migrated files.
Scan Files With Extensions
Specify scanning of files with filename extensions:
All Extensions
Scan all files.
All Except the Specified Extensions
Scan all files except the files that have extensions specified in the
Available Extensions list. The Available Extensions list is specified with
the Edit Extensions List option.
Specified Extensions Only
Scan only the files that have extensions specified in the Available
Extensions list. The Available Extensions list is specified with the Edit
Extensions List option.
Edit Extension List
Use to specify the existing set of filename extensions.
Note: You can view or modify the list only when the All Except the
Specified Extensions or Specified Extensions Only selections are made
from the Scan Files With Extensions option.
You can edit extensions in the Available Extensions list by selecting an

extension and using the F5, Delete, or Insert key.
Delete key
Use to delete a selected extension from the list:
Yes
Deletes the selected filename extension(s) from the list.
No
Keeps the filename extension(s) in the list.
F5 key

You can use the F5 key to mark extensions for deletion from the list
with the Delete key.
Insert key
Use to add an extension to the list. Enter a filename extension in the

Enter Extension field.
Scan Compressed Files
Specify scanning of archived files:
Yes
Scan compressed files.
Note: Options for the type of archive file scanning and compressed file
types are specified with the Compressed File and Archive types to
support options.
No
Do not scan compressed files.
types are specified with Compressed File Options and Archive types to
support.
Compressed File Options
Use to specify the options for scanning archived files.
Note: You can view or modify the types of archived files only when the
Scan Compressed Files option is set to Yes.
Specify whether to filter files inside archives by extension.
Specify whether to stop scanning an archive file when an infection is

found.
Determine a file's compression by its filename extension or by its contents.

The default setting is by filename extension.
Archive types to support
Specify which types of archived files:
In the Compressed File Options List, specify the type of archived files for
scanning. You can select Yes to include the file type or No to exclude the
archived file type.

Realtime Settings: Filter Options
The following list describes the Filters options for the Realtime Scanner:
Exclude Threads
Specify threads to exclude from realtime scanning.
Note: On NetWare, process exclusion is done by thread name not by NLM

name. Entering a thread name excludes all threads whose names begin
with the entered name. For example, entering "MYTHREAD" excludes
MYTHREAD_1, MYTHREAD_2, etc. Thread names are case-sensitive. If
you do not know the names of threads you want to exclude, contact
Technical Support.
Exclude Directories
Specify the names of directories to exclude from realtime scanning
Pre-Scan Block
Block access to files with specified extensions. When a file extension is

blocked, files with that extension are not scanned, and all access to the file
is denied.
Exempt
Exempt specified files from the pre-scan block. Exempted files will be
scanned by realtime, even if the file extension is on the blocked extension
List.
Realtime Settings: Advanced Options
The following list describes the Advanced options for the Realtime Scanner:
Pop-ups Enabled
Enable or disable pop-up messages. Use this option to have pop-up

messages displayed on the client workstation from which access of an
infected file is detected by the realtime scanner.
Pop-up Limit
Specify the maximum number of pop-up messages that are displayed

when the realtime scanner finds multiple infections during a scan
operation.
Note: This option is not available if Pop-ups Enabled is set to No.
Configure Local Scanner
The Configure Local Scanner option opens a pop-up menu from which you can
modify Local Scanner Settings. From the Local Scanner Settings pop-up menu,
you can view or modify Scanning Options or Selection Options.

Local Scanner: Scanning Options
The following list describes the Scanning options for the Local Scanner:
Safety level
Specifies the scan safety level.
Secure
Use as the standard method for scanning files completely.
Reviewer
Use if you suspect you have an infection that Secure mode is not
detecting.
Scanning engine
Specify the antivirus engine to use in the scan:
Inoculate IT
The Inoculate engine.
Vet
The Vet engine
Heuristic Scanner
Specify whether to use the Heuristic Scanner to scan for unknown viruses:
No
Do not use the Heuristic Scanner.
Yes
Use the Heuristic Scanner.
File Action
Specify an action option for infected file:
Cure
Attempt to cure an infected file automatically. Even if the file is cured,

it is recommended that you delete the infected file and restore the
original file.
Delete
Move
Rename

Automatically rename an infected file with an AVB extension. Assigns

incremental extensions in the form #.AVB to infected files with the
same name, for example, File.0.AVB, File.1.AVB, and so on. After a file
is renamed with an AVB-type of extension, it is not subsequently
scanned.
Report Only
Report an infected file.
Cure Options
If Cure Fails. Specify the cure fail option when File Action is set to Cure:
Copy File Before Cure

Make a copy of the original file and put it in the Move folder before
attempting the cure.
Move File
Move an infected file from its current directory to the Move folder if a
cure fails.
No Action
Do nothing if cure fails.
Rename File
Rename a file with an AVB extension if a cure fails.
Macro Virus Treatment
Specify a removal option for an infected file.
Remove Infected Macros
Remove only the macros that contain infected code from the infected
file.
Remove All Macros
Remove all macros from the infected file.

Local Scanner: Selection Options
The following list describes the Selection options for the Local Scanner:
Do not scan migrated files
Specify whether to scan files that have been migrated to external storage:
Yes
Do not scan migrated files.
No
Scan migrated files.
Scan Files With Extensions
Specify scanning of files with filename extensions:
All Extensions
Scan all files.
All Except the Specified Extensions
Scan all files except the files that have extensions specified in the
Available Extensions list. The Available Extensions list is specified with
the Edit Extensions List option.
Specified Extensions Only
Scan only the files that have extensions specified in the Available
Extensions list. The Available Extensions list is specified with the Edit
Extensions List option.
Edit Extensions List
Use to specify the existing set of filename extensions.
Note: You can view or modify the list only when the All Except the
Specified Extensions or Specified Extensions Only selections are made
from the Scan Files With Extensions option.
You can edit extensions in the Available Extensions list by selecting an

extension and using the F5, Delete, or Insert key.
Delete key
Use to delete a selected extension from the list:
Yes
Deletes the selected filename extension(s) from the list.
No
Keeps the filename extension(s) in the list.
F5 key

You can use the F5 key to mark extensions for deletion from the list
with the Delete key.
Insert key
Use to add an extension to the list. Enter a filename extension in the

Enter Extension field.
Scan Compressed Files
Specify scanning of archived files:
Yes
Scan compressed files.

types are specified with the Compressed File and Archive types to
support options.
No
Do not scan compressed files.
Compressed File Options
Use to specify the options for scanning archived files.
Specify whether to filter files inside archives by extension.
Specify whether to stop scanning an archive file when an infection is

found.
Determine a file's compression by its filename extension or contents. The

default setting is by filename extension.
Archive types to support
Specify which types of archived files:
In the Compressed File Options List, specify the type of archived files for
scanning. You can select Yes to include the file type or No to exclude the
archived file type.

Advanced Options
The Advanced Options for ETRUSTAV include:
Check status of services
Displays the status of all eTrust Antivirus services.
Set Discovery Ports
The Set discovery ports option lets you display and specify the current port
numbers that the discovery process uses for listening to broadcast
messages.
To set discovery ports, follow these steps:
1. In the pop-up field, select the Enter key to display the current port
numbers that the discovery process uses for listening to broadcast
messages.
2. Enter POLL and specify a port value to set the port number on which
the eTrust Antivirus client listens for polls from the Admin Server.
3. Enter SUBNET and specify a port value to set the port number that
eTrust Antivirus clients use to communicate within a subnet.
Enter BOTH and specify a port value to use the same value for the port
number on which the eTrust Antivirus clients listen for polls from the
Admin Server and the port number that eTrust Antivirus clients use to
communicate in a subnet.
Restore infected files in Move folder
Restores an infected file from the Move directory to its original location.
After the command is entered, follow the onscreen instructions.
Set Approved Admin Servers
The Set approved Admin Server(s) option let you display and specify the
current set of approved eTrust Antivirus Admin Servers.
To set and display approved Admin Servers, follow these steps:
1. In the IP address field pop-up, select the Enter key to display the
current set of approved eTrust Admin Servers.
2. Set the eTrust Antivirus Admin Servers at the specified IP addresses as

approved for the NetWare server on which the command is run. Enter
IP addresses in the format <ip-address-1> <ip-address-n> separated
by a space.
3. For example, entering IP addresses 192.168.130.2 192.168.130.10

causes the Admin Servers at those IP addresses to be set as approved
eTrust Antivirus Admin Servers.
Set eTrust Antivirus environment variable
Specify an environment variable for eTrust Antivirus.

For example, entering AV_VAR1=1 would set the value of a hypothetical

environment variable AV_VAR1 to 1.
Note: eTrust Antivirus environment variables are only used inside eTrust
Antivirus. They have no effect on other programs running on your server.

Appendix E: Messages and Codes
Messages
Error 2
The system cannot find the file specified
Reason:
The file does not exist.
Action:
Verify the correct name and spelling of the file.
Error 3
The system cannot find the path specified
Reason:
The directory is incorrect.
Action:
Verify the correct directory.
Error 5
Access denied
Reason:
You do not have access to an object or file.
Action:
Contact your system administrator for access to the object or file.
Messages and Codes 115

Messages
Error 120
This function is not supported in this system
Reason:
A mismatched policy decoder is installed on a client system.
Action:
Contact CA Customer Support.
Error 258 (0x102)
wait operation timed out
Reason:
A synchronization object timed out. This is generic synchronization error which

is usually reported in a debug log file. The action that was to take place before
the timeout will be reattempted on the next cycle.
Action:
Stop and restart the eTrust ITM Services.
Error 1331
Logon failure: account currently disabled.
Reason:
A user with disabled account tried to log on to the Threat Management

Console.
Action:
Use a valid account to log on to the Threat Management Console.

Messages
Error 1717
Unknown interface
Reason:
A Management-Server request was made to a machine that is not a

management server.
A request was made after the RPC service was started, but the RPC service
was not fully initialized.
Action:
Make sure requests are sent only to Management Servers.
Retry the request later.
Error 1722
The server cannot be contacted
Reason:
The RPC service on the server is down.
The client cannot resolve the name of the server.
A firewall is preventing a connection between the client and the server.
Action:
Start the RPC service on the server.
Make sure the client is using the correct server name.
Configure the firewall to allow a connection between the client and the server.
Error 1723
The RPC server is too busy to complete the operation.
Reason:
The proxy is busy handling other requests, and it cannot accept new requests.
Action:
Retry the request later.
Messages and Codes 117

Messages
Error 1726
General RPC error
Reason:
The connection to the server was lost.
Action:
Restore the connection to the server.
Error 1789
The trust relationship between this workstation and the primary

domain failed.
Reason:
A domain account was used to log in to the Threat Management Console, but
the workstation was not a member of that domain, or the account was not
valid.
Action:
Ensure the workstation and the account are on the correct domain before
logging into the Threat Management Console, or ensure that the account is
valid.

Appendix F: Acknowledgements
Acknowledgements 119
Apache Tomcat
Apache Tomcat
Licenses
The Apache Software Foundation uses various licenses to distribute software

and documentation, to accept regular contributions from individuals and
corporations, and to accept larger grants of existing software products. We are
also in the process of updating the Apache licenses to reflect changes in the
community regarding patents and contributing.
These licenses help us achieve our goal of providing reliable and long-lived
software products through collaborative open source software development. In
all cases, contributors retain full rights to use their original contributions for
any other purpose outside of Apache while providing the ASF and its projects
the right to distribute and build upon their work within Apache.
Licensing of Distributions
All software produced by The Apache Software Foundation or any of its

projects or subjects is licensed according to the terms of the documents listed
below.
Apache License, Version 2.0 (current)
http://www.apache.org/licenses/LICENSE-2.0 (TXT or HTML)
The 2.0 version of the Apache License was approved by the ASF in 2004. The
goals of this license revision have been to reduce the number of frequently
asked questions, to allow the license to be reusable without modification by
any project (including non-ASF projects), to allow the license to be included by
reference instead of listed in every file, to clarify the license on submission of
contributions, to require a patent license on contributions that necessarily
infringe the contributor's own patents, and to move comments regarding
Apache and other inherited attribution notices to a location outside the license
terms (the NOTICE file).
The result is a license that is supposed to be compatible with other open

source licenses while remaining true to the original goals of the Apache Group
and supportive of collaborative development across both nonprofit and
commercial organizations. The Apache Software Foundation is still trying to
determine if this version of the Apache License is compatible with the GPL.
All packages produced by the ASF are implicitly licensed under the Apache
License, Version 2.0, unless otherwise explicitly stated. More developer
documentation on how to apply the Apache License to your work can be found
in Applying the Apache License, Version 2.0.
Apache License, Version 1.1 (historic)

Apache Tomcat
http://www.apache.org/licenses/LICENSE-1.1
primary change from the 1.0 license is in the 'advertising clause' (section 3 of
the 1.0 license); derived products are no longer required to include attribution
in their advertising materials, but only in their documentation.
Individual packages licensed under the 1.1 version may use different wording
due to varying requirements for attribution or mark identification, but the
binding terms were all the same.
This is the original Apache License which applies only to older versions of
Apache packages (such as version 1.2 of the Web server).
Contributor License Agreements
The ASF desires that all contributors of ideas, code, or documentation to the
Apache projects complete, sign, and submit (via snailmail or fax) a Individual
Contributor License Agreement (CLA) [PDF form]. The purpose of this
agreement is to clearly define the terms under which intellectual property has
been contributed to the ASF and thereby allow us to defend the project should
there be a legal dispute regarding the software at some future time. A signed
CLA is required to be on file before an individual is given commit rights to an
ASF project.
For a corporation that has assigned employees to work on an Apache project,

a Corporate CLA (CCLA) is available for contributing intellectual property via
the corporation that may have been assigned as part of an employment
agreement. Note that a Corporate CLA does not remove the need for every
developer to sign their own CLA as an individual, to cover their contributions
that are not owned by the corporation signing the CCLA.
Note: If you choose to send this document via fax, rather than via traditional
postal mail, then be absolutely sure that you have sent it correctly. Often
faxes are received back-to-front, blank, or totally illegible.
Software Grants
When an individual or corporation decides to donate a body of existing

software or documentation to one of the Apache projects, they need to
execute a formal Software Grant agreement with the ASF. Typically, this is
done after negotiating approval with the ASF Incubator or one of the PMCs,
since the ASF will not accept software unless there is a viable community
available to support a collaborative project.
CURL
CURL
COPYRIGHT AND PERMISSION NOTICE
Copyright (c) 1996 - 2005, Daniel Stenberg, <daniel@haxx.se>.
All rights reserved.
Permission to use, copy, modify, and distribute this software for any purpose
with or without fee is hereby granted, provided that the above copyright
notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be
used in advertising or otherwise to promote the sale, use or other dealings in
this Software without prior written authorization of the copyright holder.

gSOAP
gSOAP
gSOAP is distributed under:
The gSOAP public open source license (which is based on the Mozilla public
license 1.1). See the section below further details.
GPL (GNU Public License). Some parts of gSOAP are strictly distributed
under the GPL (see below). Most parts are distributed under the gSOAP
license and GPL. For those parts, you can choose the gSOAP license or GPL
based on your needs.
The gSOAP public license allows for commercial use of gSOAP. It allows
products to be built on top and distributed under any license (including
commercial). Products developed with gSOAP should include a notice of
copyright and a disclaimer of warranty in the product's documentation (License
Exhibit B). Please refer to the README files and/or header information in
source code files for the appropriate licensing specific to that part of the souce
code.
The parts of the code that are strictly distributed under the GPL (i.e. the code
that is distributed under GPL only) cannot always be used for commercial
purposes. These parts are:
The wsdl2h WSDL parser source code and the code generated by it.
The examples included in the gSOAP distribution package, including the
Web server and UDDI applications.
A license for commercial use is available (this license replaces the GPL
restrictions). Please refer to the license details at Genivia Inc licensing and
support for further details.
Genivia Inc Licensing and Support
URL http://www.genivia.com/Products/gsoap/GeniviaGSoapLicense.pdf
Content
GENIVIA, INC., SOURCE CODE LICENSE AGREEMENT FOR COMMERCIAL

USE
Rationale: This source code license for commercial use shall replace the gSOAP
public license and GPL license for Customer's use of the Software, thereby
rendering the terms and conditions imposed by the gSOAP public license and
GPL license on Customer inactive during the term of this commercial license as
set forth in this Agreement. This license covers the entire gSOAP source
distribution, including, but not limited to, the runtime library, compiler, WSDL
importer, example applications, and documentation.
gSOAP
THIS SOURCE CODE LICENSE AGREEMENT ("Agreement") is made and

entered into as of the last date executed by the parties below (the "Effective
Date") by and between GENIVIA, INC., a Florida corporation having a principal
place of business at 3178 Shamrock East, Tallahassee, Florida 32309, USA,
("Genivia"), and ______________________________________, a
__________________________________ corporation having a principal place
of business at
__________________________________ ("Customer").
The parties agree as follows:
1. DEFINITIONS.
"Original Code" means Source Code of computer software code which is

described in the Source Code notice required by Exhibit A as Original Code.
"Modifications" means any addition to or deletion from the substance or

structure of either the Original Code or any previous Modifications. When
Covered Code is released as a series of files, a Modification is: (i) any addition
to or deletion from the contents of a file containing Original Code or previous
Modifications; (ii) any new file that contains any part of the Original Code, or
previous Modifications.
"Covered Code" means the Original Code, or Modifications or the combination

of the Original Code, and Modifications, in each case including portions
thereof.
"Software" means the Covered Code and accompanying documentation and

support files referenced in section 1 of Exhibit A, including Updates (if any).
"Updates" means any patches, bug fixes, upgrades, and new versions of the
Software made generally available by Genivia during the term of this
Agreement.
"Source Code" means computer programming code in human readable form

that is not suitable for machine execution without the intervening steps of
interpretation or compilation, meaning the preferred form of the Covered Code
for making modifications to it, including all modules it contains, plus any
associated interface definition files, scripts used to control compilation and
installation of an Executable Object Code, or source code differential
comparisons against the Original Code. The Source Code can be in a
compressed or archival form, provided the appropriate decompression or de-
archiving software is widely available for no charge.
"Executable Object Code" means the computer programming code in any other
form than Source Code that is not readily perceivable by humans and suitable
for machine execution without the intervening steps of interpretation or
compilation.

gSOAP
"Authorized Site" means the specific address of Customer’s facility consisting

of a single building or multiple buildings on a contiguous campus as specified
in Exhibit A.
"Project" means a concerted undertaking by an identified Customer

development team to design or produce a Target Application.
"Run-Time Module" means the Executable Object Code derived from compiling
the Software to be incorporated into a Target Application as inseparably
embedded code.
"Target Application" means an end-user item, such as a software product that

is possibly replicated in identical form and offered for sale or licensed to third
parties, or a device or system developed by Customer pursuant to a Project
that contains a Run-Time Module, or any portion thereof, as specified in
Exhibit A and any Updates made during the term of this Agreement.
2. SOURCE CODE LICENSE.
Subject to Customer’s compliance with the terms and conditions of this

Agreement and payment of any applicable fees, Genivia hereby grants to
Customer a non-transferable, nonexclusive, worldwide, royalty-free, paid-up
license: (i) to reproduce and use the Software, solely at the Authorized Site in
connection with the Project; (ii) to create Modifications and other derivative
works of the Software, solely to the extent necessary to support the
development of the Target Application; (iii) to compile the Software, including
any Modifications and derivative works thereof, into Run-Time Modules; (iv) to
reproduce an unlimited number of Run-Time Modules for physical incorporation
into the Target Application; and (v) to market and distribute the Target
Application.
3. RESTRICTIONS.
Customer shall reproduce and include any and all copyright notices and
proprietary rights legends, as such notices and legends appear in the original
Software, on any copy of the Software, or portion thereof, with the exception
of the gSOAP public license and GPL license notices.
The Software shall be handled, used and stored, solely at the Authorized Site
identified in Exhibit A. The Software may be used from a single machine, a set
of machines, or a network file server, but there shall be no access to the
Software from any external network not located at the Authorized Site.
A function of the Software is to create Run-Time Modules for incorporation into

Target Applications. Except as set forth in Section 2 above, no license is
granted hereunder to reproduce or distribute the gSOAP soapcpp2 compiler
and wsdl2h importer as part of such Target Application.
4. OWNERSHIP.
gSOAP
Genivia represents and warrants to Customer that Genivia has all rights in the
Software necessary to grant the rights and license granted to Customer in this
Agreement. Without limiting the foregoing, Genivia represents and warrants
that Genivia acquires an assignment of all intellectual property rights in and to
all portions of the Software delivered to Customer under this Agreement,
including any Modifications made by GPL or gSOAP Public License licensees.
Customer shall not have any obligation to provide, assign, or disclose to

Genivia or any other party any Modifications. Notwithstanding the foregoing,
Genivia and its licensors shall retain exclusive ownership of all worldwide
Intellectual Property Rights in and to the Software.
Customer acknowledges that this Agreement does not grant to Customer any
Intellectual Property Rights in or to the Software other than the limited rights
with respect to the Software as set forth in Section 2. Customer hereby agrees
to assign to Genivia all Intellectual Property Rights it may have or obtain in
and to the Modifications that Customer makes to the Software.
If Customer has or obtains any rights to the foregoing that cannot be assigned
to Genivia, Customer unconditionally and irrevocably waives the enforcement
of such rights, and if such rights cannot be waived, Customer hereby grants to
Genivia an exclusive, irrevocable, perpetual, worldwide, fully paid and royalty-
free license, with rights to sublicense through one or more levels of
sublicensees, to reproduce, create derivative works of, distribute, publicly
perform, publicly display, make, use, sell and import such Modifications and
other intellectual property noted above by all means now known or later
developed. All rights in and to the Software not expressly granted to Customer
in this Agreement are expressly reserved for Genivia and its licensors.
5. DELIVERY AND PAYMENT.
Immediately following the Effective Date, Genivia grants Customer the right to
download the Software from the Approved Software Download Site specified in
Exhibit A, and install the Software at the Authorized Site and use the Software
as set forth in Section 2 subject to the restrictions listed in Section 3.
Notwithstanding any terms or other agreements posted on the Approved
Software Download Site, this Agreement shall be the sole and exclusive
agreement governing Customer's use of the Software.
Customer shall pay to Genivia the Software license fee set forth in Exhibit A.
License fees will be invoiced with shipment of this License Agreement.
Payment of all amounts invoiced shall be due sixty (60) days after receipt of
the invoice.

gSOAP
All payments and amounts shall be paid without deduction, set-off or counter
claim, free and clear of any restrictions or conditions, and without deduction
for any taxes, levies, imposts, duties, fees, deductions, withholdings or other
governmental charges. If any deduction is required to be made by law,
Customer shall pay in the manner and at the same time such additional
amounts as will result in receipt by Genivia of such amount as would have
been received by Genivia had no such amount been required to be deducted.
If Customer is claiming sales or use tax exemption, a certified Tax Exempt
Certificate must be attached to this Agreement or applicable purchase order
submitted by Customer.
6. TERM AND TERMINATION.
This Agreement shall commence upon the Effective Date and is granted in
perpetuity, but may be terminated without notice in the following
circumstances: if you breach any term of this agreement, unless such breach
is curable and is cured by Customer within thirty (30) days after notice of such
breach is provided by Genivia; if you become the subject of insolvency
proceedings; if you, being a firm or partnership, are dissolved; or if you
destroy the Software for any reason. Upon termination, you or your
representative shall destroy any remaining copies of the Software or otherwise
return or dispose of such material. Termination pursuant to this clause shall
not affect any rights or remedies, which Genivia may have otherwise under
this license or at law.
The following Sections shall survive any termination of this Agreement:

Sections 1, 4, 6, and 8. Termination of this Agreement, if any, shall not affect
any licenses or other grants of any rights, titles, or interests of Customer in or
to any Run-Time Modules or the Target Application.
7. LIMITED WARRANTY.
Genivia warrants that the Software, installation scripts, and future Updates will
be provided to Customer. Customer assumes full responsibility for: (i) the
selection, download, and installation of the Software from the Approved
Software Download Site specified in Exhibit A; (ii) the proper use of the
Software; (iii) verifying the results obtained from the use of the Software; and
(iv) taking appropriate measures to prevent loss of data. Genivia does not
warrant that the operation of the Software will meet Customer’s requirements
or that Customer will be able to achieve any particular results from use or
modification of the Software or that the Software will operate free from error.
gSOAP
EXCEPT AS EXPRESSLY SET FORTH IN SECTIONS 7 AND 8 OF THIS

AGREEMENT, GENIVIA AND ITS LICENSORS DISCLAIM ALL WARRANTIES,
WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT
LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, OF FITNESS
FOR A PARTICULAR PURPOSE, NONINFRINGEMENT OF THIRD PARTY
INTELLECTUAL PROPERTY RIGHTS, AND ANY WARRANTY THAT MAY ARISE BY
REASON OF TRADE USAGE, CUSTOM, OR COURSE OF DEALING. WITHOUT
LIMITING THE FOREGOING, CUSTOMER ACKNOWLEDGES THAT THE
SOFTWARE IS PROVIDED "AS IS" AND THAT GENIVIA DOES NOT WARRANT
THE SOFTWARE WILL RUN UNINTERRUPTED OR ERROR FREE. THE ENTIRE
RISK AS TO RESULTS AND PERFORMANCE OF THE SOFTWARE IS ASSUMED BY
CUSTOMER.
UNDER NO CIRCUMSTANCES WILL GENIVIA BE LIABLE FOR ANY SPECIAL,

INDIRECT, INCIDENTAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES OF ANY
KIND OR NATURE WHATSOEVER, WHETHER BASED ON CONTRACT,
WARRANTY, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR
OTHERWISE, ARISING OUT OF OR IN ANY WAY RELATED TO THE SOFTWARE,
EVEN IF GENIVIA HAS BEEN ADVISED ON THE POSSIBILITY OF SUCH
DAMAGE OR IF SUCH DAMAGE COULD HAVE BEEN REASONABLY FORESEEN,
AND NOTWITHSTANDING ANY FAILURE OF ESSENTIAL PURPOSE OF ANY
EXCLUSIVE REMEDY PROVIDED. SUCH LIMITATION ON DAMAGES INCLUDES,
BUT IS NOT LIMITED TO, DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS,
LOSS OF DATA OR SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION OR IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL
GENIVIA BE LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE
SOFTWARE OR SERVICES. CUSTOMER ACKNOWLEDGE THAT THIS SOFTWARE
IS NOT DESIGNED FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS
ENVIRONMENTS SUCH AS OPERATION OF NUCLEAR FACILITIES, AIRCRAFT
NAVIGATION OR CONTROL, OR LIFE-CRITICAL APPLICATIONS. GENIVIA
EXPRESSLY DISCLAIM ANY LIABILITY RESULTING FROM USE OF THE
SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS
ENVIRONMENTS AND ACCEPTS NO LIABILITY IN RESPECT OF ANY ACTIONS
OR CLAIMS BASED ON THE USE OF THE SOFTWARE IN ANY SUCH ON-LINE
EQUIPMENT IN HAZARDOUS ENVIRONMENTS BY CUSTOMER. FOR PURPOSES
OF THIS PARAGRAPH, THE TERM "LIFE-CRITICAL APPLICATION" MEANS AN
APPLICATION IN WHICH THE FUNCTIONING OR MALFUNCTIONING OF THE
SOFTWARE MAY RESULT DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR
LOSS OF HUMAN LIFE. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN
ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS
AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
8. INFRINGEMENT INDEMNITY.

gSOAP
Genivia will defend at its expense any suit brought against Customer and will
pay all damages finally awarded in such suit insofar as such suit is based on a
claim that the Software as provided to Customer infringes a previously issued
patent or copyright, provided that Genivia is notified promptly of such claim
and is given full and complete authority (including settlement authority
consistent with the other terms and conditions of this Agreement), information
and assistance by Customer for such defense. In the event that the Software
is held in any such suit to infringe such a right and its use is enjoined, or if in
the opinion of Genivia the Software is likely to become the subject of such a
claim, Genivia at its own election and expense will either (i) procure for
Customer the right to continue using the Software or (ii) modify or replace the
Software so that it becomes non-infringing while giving substantially
equivalent performance. In the event that (i) or (ii) above are not, in Genivia’s
sole determination, obtainable using reasonable commercial efforts, then
Genivia may terminate this Agreement and refund amount Customer paid
Genivia under this Agreement for the Software which is the subject of such
claim. The indemnification obligation shall not apply to infringement actions or
claims to the extent that such actions or claims are caused solely by: (i)
modifications made to the Software by a party other than Genivia; and (ii) the
combination of the Software with items not supplied or approved by Genivia.
9. GENERAL.
Neither party shall be liable hereunder by reason of any failure or delay in the
performance of its obligations hereunder (except for the payment of money)
on account of strikes, shortages, riots, insurrection, fires, flood, storm,
explosions, acts of God, war, governmental action, labor conditions,
earthquakes, material shortages or any other cause which is beyond the
reasonable control of such party.
The Software is a "commercial item" as that term is defined at 48 C.F.R.

2.101, consisting of "commercial computer software" and "commercial
computer software documentation" as such terms are used in 48 C.F.R.
12.212. Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through
227.7202-4, Customer will provide the Software to U.S. Government End
Users only pursuant to the terms and conditions therein. Customer may not
delegate, assign or transfer this Agreement, the license(s) granted or any of
Customer’s rights or duties hereunder without Genivia's express prior written
consent, except by way of merger or acquisition of the business of Customer,
and any attempt to do so shall be void. Genivia may assign this Agreement,
and its rights and obligations hereunder, in its sole discretion.
All Software and technical information delivered under this Agreement are
subject to U.S. export control laws and may be subject to export or import
regulations in other countries. Customer agrees to strictly comply with all such
laws and regulations.
gSOAP
This Agreement is governed by California law, excluding any principle or

provision that would call for the application of the law of any jurisdiction other
than California. Any action regarding this Agreement shall be brought in a
court of competent jurisdiction, federal or state, in the County of Santa Clara,
California, and Genivia consents to venue and jurisdiction in and service of
process from such court.
EXHIBIT A
1. Genivia gSOAP Source Code Products.
Original Source Code files suitable for compilation into Run-Time Modules for
integration into a Target Application:
dom.h
dom++.h
dom.c
dom++.cpp
dom.cpp
soapdoc2.pdf
soapdoc2.html
stdsoap2.h
stdsoap2.c
stdsoap2.cpp
stl.h
stldeque.h
stllist.h
stlvector.h
stlset.h
samples/* (all example files included in the package under 'samples')
uddi2/* (all of the UDDI v2 support files included in the package under 'uddi2')
WS/* (all of the files included included in the package under 'WS' )
Updates to any of the Original Source Code files listed above and distributed
by Genivia are also covered under this Agreement.
Original Source Code files of the Software with development functionality not
suitable for compilation and integration into Target Applications:
src/error2.c
src/error2.h
src/init2.c
src/soapcpp2.c
src/soapcpp2.h
src/soapcpp2_lex.l
src/soapcpp2_yacc.y
src/symbol2.c
wsdl/dime.h
wsdl/gwsdl.h
wsdl/http.h

gSOAP
wsdl/imports.h
wsdl/includes.h
wsdl/mime.h
wsdl/schema.cpp
wsdl/schema.h
wsdl/service.cpp
wsdl/service.h
wsdl/soap.cpp
wsdl/soap.h
wsdl/typemap.dat
wsdl/types.cpp
wsdl/types.h
wsdl/wsdl.cpp
wsdl/wsdl.h
wsdl/wsdl2h.cpp
The source codes above are part of the software development toolkit. The
development toolkit generates source code that is suitable for compilation and
integration into the Target Application as set forth by Sections 2 and 3.
2. Approved Software Download Site
http://sourceforge.net/projects/gsoap2
3. Description of the Customer's Project and the Intended

Functionality of the Target
Application.
______________________________________________________________
_________
License Fee: $195.00 USD
Authorized Site (address and building identification):

______________________________
IN WITNESS WHEREOF, the parties’ authorized representatives have executed

this
Agreement and Exhibit as of the Effective Date.
GENIVIA
By: Robert van Engelen
Title: President
Date: __________
gSOAP
CUSTOMER __________
By: __________
Title: __________
Date: __________
This form must be completed, signed, and returned by email, mail, or fax to
the following
address to ensure prompt completion of the order. A copy can be send by

email to expedite
the execution of the Agreement.
Genivia, Inc., Sales Department
3178 Shamrock East
Tallahassee, FL32309, USA
Email: sales@genivia.com
Voice: +1 (850) 264 2676
Fax: +1 (850) 893 1426
Genivia, Inc., Source Code License Agreement
Jan 1, 2004, revised June 27, Aug 1, Aug 14, Oct 19, 2004; Mar 31, 2005,
May 10, 2005.
The gSOAP Public License
The gSOAP Public License 1.3 is based on MPL1.1 (Mozilla Public License 1.1).
The license allows for commercial use of gSOAP. It also allows products to be
built on top and distributed under any license (including commercial). Products
developed with gSOAP should include a notice of copyright and a disclaimer of
warranty in the product's documentation (License Exhibit B).
gSOAP source code modifications that are distributed part of an open source
product should be submitted back to us for quality control. Please note that
modifications to the gSOAP runtime source codes are not required to build
applications so this requirement should not prohibit (commercial) product
development in any way.

gSOAP
We also encourage suggestions for modifications to be submitted to the gSOAP

mailing list for consideration in future releases.
TERMS AND CONDITIONS OF USE
gSOAP is copyrighted by Robert A. van Engelen, Genivia inc.
Copyright (C) 2000-2003 Robert A. van Engelen, Genivia inc. All Rights
Reserved.
USE RESTRICTIONS
You may not: (i) transfer rights to gSOAP or claim authorship; or (ii) remove
any product identification, copyright, proprietary notices or labels from gSOAP.
MAINTENANCE, SUPPORT AND UPDATES
There is no obligation to maintain or support or update the Software in any

way, or to provide updates or error corrections.
WARRANTY
THE AUTHORS EXPRESSLY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS,

IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
WARRANTIES OF MERCHANTABILITY, OF FITNESS FOR A PARTICULAR
PURPOSE, NONINFRINGEMENT OF THIRD PARTY INTELLECTUAL PROPERTY
RIGHTS, AND ANY WARRANTY THAT MAY ARISE BY REASON OF TRADE
USAGE, CUSTOM, OR COURSE OF DEALING. WITHOUT LIMITING THE
FOREGOING, YOU ACKNOWLEDGE THAT THE SOFTWARE IS PROVIDED "AS
IS" AND THAT THE AUTHORS DO NOT WARRANT THE SOFTWARE WILL RUN
UNINTERRUPTED OR ERROR FREE.
gSOAP
LIMITED LIABILITY THE ENTIRE RISK AS TO RESULTS AND PERFORMANCE OF

THE SOFTWARE IS ASSUMED BY YOU. UNDER NO CIRCUMSTANCES WILL THE
AUTHORS BE LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, EXEMPLARY
OR CONSEQUENTIAL DAMAGES OF ANY KIND OR NATURE WHATSOEVER,
WHETHER BASED ON CONTRACT, WARRANTY, TORT (INCLUDING
NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, ARISING OUT OF OR IN
ANY WAY RELATED TO THE SOFTWARE, EVEN IF THE AUTHORS HAVE BEEN
ADVISED ON THE POSSIBILITY OF SUCH DAMAGE OR IF SUCH DAMAGE
COULD HAVE BEEN REASONABLY FORESEEN, AND NOTWITHSTANDING ANY
FAILURE OF ESSENTIAL PURPOSE OF ANY EXCLUSIVE REMEDY PROVIDED.
SUCH LIMITATION ON DAMAGES INCLUDES, BUT IS NOT LIMITED TO,
DAMAGES FOR LOSS OF GOODWILL, LOST PROFITS, LOSS OF DATA OR
SOFTWARE, WORK STOPPAGE, COMPUTER FAILURE OR MALFUNCTION OR
IMPAIRMENT OF OTHER GOODS. IN NO EVENT WILL THE AUTHORS BE
LIABLE FOR THE COSTS OF PROCUREMENT OF SUBSTITUTE SOFTWARE OR
SERVICES. YOU ACKNOWLEDGE THAT THIS SOFTWARE IS NOT DESIGNED
FOR USE IN ON-LINE EQUIPMENT IN HAZARDOUS ENVIRONMENTS SUCH AS
OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR CONTROL,
OR LIFE-CRITICAL APPLICATIONS. THE AUTHORS EXPRESSLY DISCLAIM ANY
LIABILITY RESULTING FROM USE OF THE SOFTWARE IN ANY SUCH ON-LINE
EQUIPMENT IN HAZARDOUS ENVIRONMENTS AND ACCEPTS NO LIABILITY IN
RESPECT OF ANY ACTIONS OR CLAIMS BASED ON THE USE OF THE
SOFTWARE IN ANY SUCH ON-LINE EQUIPMENT IN HAZARDOUS
ENVIRONMENTS BY YOU. FOR PURPOSES OF THIS PARAGRAPH, THE TERM
"LIFE-CRITICAL APPLICATION" MEANS AN APPLICATION IN WHICH THE
FUNCTIONING OR MALFUNCTIONING OF THE SOFTWARE MAY RESULT
DIRECTLY OR INDIRECTLY IN PHYSICAL INJURY OR LOSS OF HUMAN LIFE.

IBM Developer Kit for Linux

IBM Developer Kit for Linux, Java 2 Technology Edition
International License Agreement for Non-Warranted Programs
Part 1 - General Terms
BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, OR USING THE

PROGRAM YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE
ACCEPTING THESE TERMS ON BEHALF OF ANOTHER PERSON OR A COMPANY
OR OTHER LEGAL ENTITY, YOU REPRESENT AND WARRANT THAT YOU HAVE
FULL AUTHORITY TO BIND THAT PERSON, COMPANY, OR LEGAL ENTITY TO
THESE TERMS. IF YOU DO NOT AGREE TO THESE TERMS,
- DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, OR USE THE PROGRAM; AND
- PROMPTLY RETURN THE PROGRAM AND PROOF OF ENTITLEMENT TO THE

PARTY FROM WHOM YOU ACQUIRED IT TO OBTAIN A REFUND OF THE
AMOUNT YOU PAID. IF YOU DOWNLOADED THE PROGRAM, CONTACT THE
PARTY FROM WHOM YOU ACQUIRED IT.
"IBM" is International Business Machines Corporation or one of its subsidiaries.
"License Information" ("LI") is a document that provides information specific to

a Program. The Program's LI is available at http://www.ibm.com/software/sla/
. The LI may also be found in a file in the Program's directory, by the use of a
system command, or as a booklet which accompanies the Program.
"Program" is the following, including the original and all whole or partial
copies: 1) machine-readable instructions and data, 2) components, 3) audio-
visual content (such as images, text, recordings, or pictures), 4) related
licensed materials, and 5) license use documents or keys, and documentation.
A "Proof of Entitlement" ("PoE") is evidence of Your authorization to use a

Program at a specified level. That level may be measured, for example, by the
number of processors or users. The PoE is also evidence of Your eligibility for
future upgrade prices, if any, and potential special or promotional
opportunities. If IBM does not provide You with a PoE, then IBM may accept
the original paid sales receipt or other sales record from the party (either IBM
or its reseller) from whom You acquired the Program, provided that it specifies
the name of the Program and the usage level acquired.
"You" and "Your" refer either to an individual person or to a single legal entity.
This Agreement includes Part 1 - General Terms, Part 2 - Country-unique

Terms (if any), License Information, and Proof of Entitlement and is the
complete agreement between You and IBM regarding the use of the Program.
It replaces any prior oral or written communications between You and IBM
concerning Your use of the Program. The terms of Part 2 and License
Information may replace or modify those of Part 1. To the extent there is a
conflict between the terms of this Agreement and those of the IBM
International Passport Advantage Agreement, the terms of the latter

agreement prevail.
1. Entitlement
License
The Program is owned by IBM or an IBM supplier, and is copyrighted and

licensed, not sold.
IBM grants You a nonexclusive license to use the Program when You lawfully
acquire it.
You may 1) use the Program up to the level of use specified in the PoE and 2)
make and install copies, including a backup copy, to support such use. The
terms of this license apply to each copy You make. You will reproduce all
copyright notices and all other legends of ownership on each copy, or partial
copy, of the Program.
If You acquire the Program as a program upgrade, after You install the
upgrade You may not use the Program from which You upgraded or transfer it
to another party.
You will ensure that anyone who uses the Program (accessed either locally or
remotely) does so only for Your authorized use and complies with the terms of
this Agreement.
You may not 1) use, copy, modify, or distribute the Program except as
provided in this Agreement; 2) reverse assemble, reverse compile, or
otherwise translate the Program except as specifically permitted by law
without the possibility of contractual waiver; or 3) sublicense, rent, or lease
the Program.
IBM may terminate Your license if You fail to comply with the terms of this
Agreement. If IBM does so, You must destroy all copies of the Program and its
PoE.
Money-back Guarantee
If for any reason You are dissatisfied with the Program and You are the
original licensee, You may obtain a refund of the amount You paid for it, if
within 30 days of Your invoice date You return the Program and its PoE to the
party from whom You obtained it. If You downloaded the Program, You may
contact the party from whom You acquired it for instructions on how to obtain
the refund.
Program Transfer
You may transfer a Program and all of Your license rights and obligations to
another party only if that party agrees to the terms of this Agreement. When
You transfer the Program, You must also transfer a copy of this Agreement,
including the Program's PoE. After the transfer, You may not use the Program.
2. Charges
The amount payable for a Program license is a one-time charge.
One-time charges are based on the level of use acquired which is specified in
the PoE. IBM does not give credits or refunds for charges already due or paid,
except as specified elsewhere in this Agreement.
If You wish to increase the level of use, notify IBM or the party from whom
You acquired it and pay any applicable charges.
If any authority imposes a duty, tax, levy or fee, excluding those based on
IBM's net income, upon the Program, then You agree to pay the amount
specified or supply exemption documentation. You are responsible for any
personal property taxes for the Program from the date that You acquire it.
3. No Warranty
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE EXCLUDED,

IBM MAKES NO WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
AND NON-INFRINGEMENT, REGARDING THE PROGRAM OR TECHNICAL
SUPPORT, IF ANY.
The exclusion also applies to any of IBM's Program developers and suppliers.
Manufacturers, suppliers, or publishers of non-IBM Programs may provide their

own warranties.
IBM does not provide technical support, unless IBM specifies otherwise.
4. Limitation of Liability
Circumstances may arise where, because of a default on IBM's part or other

liability, You are entitled to recover damages from IBM. In each such instance,
regardless of the basis on which You may be entitled to claim damages from
IBM, (including fundamental breach, negligence, misrepresentation, or other
contract or tort claim), IBM is liable for no more than 1) damages for bodily
injury (including death) and damage to real property and tangible personal
property and 2) the amount of any other actual direct damages up to the
charges for the Program that is the subject of the claim.
This limitation of liability also applies to IBM's Program developers and

suppliers. It is the maximum for which they and IBM are collectively
responsible.

UNDER NO CIRCUMSTANCES IS IBM, ITS PROGRAM DEVELOPERS OR

SUPPLIERS LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF
THEIR POSSIBILITY:
1. LOSS OF, OR DAMAGE TO, DATA;
2. SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES, OR FOR ANY

ECONOMIC CONSEQUENTIAL DAMAGES; OR
3. LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR ANTICIPATED

SAVINGS.
SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF

INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR
EXCLUSION MAY NOT APPLY TO YOU.
5. General
1. Nothing in this Agreement affects any statutory rights of consumers

that cannot be waived or limited by contract.
2. In the event that any provision of this Agreement is held to be

invalid or unenforceable, the remaining provisions of this Agreement remain in
full force and effect.
3. You agree to comply with all applicable export and import laws and
regulations.
4. You agree to allow IBM to store and use Your contact information,
including names, phone numbers, and e-mail addresses, anywhere they do
business. Such information will be processed and used in connection with our
business relationship, and may be provided to contractors, Business Partners,
and assignees of IBM for uses consistent with their collective business
activities, including communicating with You (for example, for processing
orders, for promotions, and for market research).
5. Neither You nor IBM will bring a legal action under this Agreement
more than two years after the cause of action arose unless otherwise provided
by local law without the possibility of contractual waiver or limitation.
6. Neither You nor IBM is responsible for failure to fulfill any

obligations due to causes beyond its control.
7. This Agreement will not create any right or cause of action for any
third party, nor will IBM be responsible for any third party claims against You
except, as permitted by the Limitation of Liability section above, for bodily
injury (including death) or damage to real or tangible personal property for
which IBM is legally liable.
6. Governing Law, Jurisdiction, and Arbitration
Governing Law
Both You and IBM consent to the application of the laws of the country in
which You acquired the Program license to govern, interpret, and enforce all of
Your and IBM's rights, duties, and obligations arising from, or relating in any
manner to, the subject matter of this Agreement, without regard to conflict of
law principles.
The United Nations Convention on Contracts for the International Sale of

Goods does not apply.
Jurisdiction
All of our rights, duties, and obligations are subject to the courts of the
country in which You acquired the Program license.
Part 2 - Country-unique Terms
AMERICAS
ARGENTINA: Governing Law, Jurisdiction, and Arbitration (Section 6): The

following exception is added to this section:
Any litigation arising from this Agreement will be settled exclusively by the
Ordinary Commercial Court of the city of Buenos Aires.
BRAZIL: Governing Law, Jurisdiction, and Arbitration (Section 6): The

following exception is added to this section:
Any litigation arising from this Agreement will be settled exclusively by the
court of Rio de Janeiro, RJ.
CANADA: General (Section 5): The following replaces item 7:
7. This Agreement will not create any right or cause of action for any third
party, nor will IBM be responsible for any third party claims against You except
as permitted by the Limitation of Liability section above for bodily injury
(including death) or physical harm to real or tangible personal property caused
by IBM's negligence for which IBM is legally liable."
Governing Law, Jurisdiction, and Arbitration (Section 6): The phrase "the laws
of the country in which You acquired the Program license" in the Governing
Law subsection is replaced by the following:
the laws in the Province of Ontario"

PERU: Limitation of Liability (Section 4): The following is added at the end of
this section:
In accordance with Article 1328 of the Peruvian Civil Code, the limitations and
exclusions specified in this section will not apply to damages caused by IBM's
willful misconduct ("dolo") or gross negligence ("culpa inexcusable").
UNITED STATES OF AMERICA: General (Section 5): The following is added to

this section:
U.S. Government Users Restricted Rights - Use, duplication or disclosure

restricted by the GSA ADP Schedule Contract with the IBM Corporation.
the laws of the State of New York, United States of America
ASIA PACIFIC
AUSTRALIA: No Warranty (Section 3): The following is added:
Although IBM specifies that there are no warranties, You may have certain
rights under the Trade Practices Act 1974 or other legislation and are only
limited to the extent permitted by the applicable legislation.
Limitation of Liability (Section 4): The following is added:
Where IBM is in breach of a condition or warranty implied by the Trade

Practices Act 1974, IBM's liability is limited to the repair or replacement of the
goods, or the supply of equivalent goods. Where that condition or warranty
relates to right to sell, quiet possession or clear title, or the goods are of a
kind ordinarily acquired for personal, domestic or household use or
consumption, then none of the limitations in this paragraph apply.
the laws of the State or Territory in which You acquired the Program license
CAMBODIA, LAOS, and VIETNAM: Governing Law, Jurisdiction, and Arbitration

(Section 6): The phrase "the laws of the country in which You acquired the
Program license" in the Governing Law subsection is replaced by the following:
the laws of the State of New York, United States of America
The following is added to this section:
Arbitration
Disputes arising out of or in connection with this Agreement shall be finally

settled by arbitration which shall be held in Singapore in accordance with the
Arbitration Rules of Singapore International Arbitration Center ("SIAC Rules")
then in effect. The arbitration award shall be final and binding for the parties
without appeal and shall be in writing and set forth the findings of fact and the
conclusions of law.
The number of arbitrators shall be three, with each side to the dispute being
entitled to appoint one arbitrator. The two arbitrators appointed by the parties
shall appoint a third arbitrator who shall act as chairman of the proceedings.
Vacancies in the post of chairman shall be filled by the president of the SIAC.
Other vacancies shall be filled by the respective nominating party. Proceedings
shall continue from the stage they were at when the vacancy occurred.
If one of the parties refuses or otherwise fails to appoint an arbitrator within

30 days of the date the other party appoints its, the first appointed arbitrator
shall be the sole arbitrator, provided that the arbitrator was validly and
properly appointed.
All proceedings shall be conducted, including all documents presented in such

proceedings, in the English language. The English language version of this
Agreement prevails over any other language version.
HONG KONG S.A.R. and MACAU S.A.R. of China: Governing Law, Jurisdiction,
and Arbitration (Section 6): The phrase "the laws of the country in which You
acquired the Program license" in the Governing Law subsection is replaced by
the following:
the laws of Hong Kong Special Administrative Region of China
INDIA: Limitation of Liability (Section 4): The following replaces the terms of
items 1 and 2 of the first paragraph:
1) liability for bodily injury (including death) or damage to real property and
tangible personal property will be limited to that caused by IBM's negligence;
and 2) as to any other actual damage arising in any situation involving
nonperformance by IBM pursuant to, or in any way related to the subject of
this Agreement, IBM's liability will be limited to the charge paid by You for the
individual Program that is the subject of the claim.
General (Section 5): The following replaces the terms of item 5:
If no suit or other legal action is brought, within three years after the cause of
action arose, in respect of any claim that either party may have against the
other, the rights of the concerned party in respect of such claim will be
forfeited and the other party will stand released from its obligations in respect

of such claim.
Governing Law, Jurisdiction, and Arbitration (Section 6): The following is

added to this section:
Arbitration

settled by arbitration which shall be held in Bangalore, India in accordance
with the laws of India then in effect. The arbitration award shall be final and
binding for the parties without appeal and shall be in writing and set forth the
findings of fact and the conclusions of law.
Vacancies in the post of chairman shall be filled by the president of the Bar
Council of India. Other vacancies shall be filled by the respective nominating
party. Proceedings shall continue from the stage they were at when the
vacancy occurred.

properly appointed.

JAPAN: General (Section 5): The following is inserted after item 5:
Any doubts concerning this Agreement will be initially resolved between us in

good faith and in accordance with the principle of mutual trust.
MALAYSIA: Limitation of Liability (Section 4): The word "SPECIAL" in item 2 of

the third paragraph is deleted:
NEW ZEALAND: No Warranty (Section 3): The following is added:
Although IBM specifies that there are no warranties, You may have certain
rights under the Consumer Guarantees Act 1993 or other legislation which
cannot be excluded or limited. The Consumer Guarantees Act 1993 will not
apply in respect of any goods which IBM provides, if You require the goods for
the purposes of a business as defined in that Act.
Limitation of Liability (Section 4): The following is added:
Where Programs are not acquired for the purposes of a business as defined in
the Consumer Guarantees Act 1993, the limitations in this Section are subject
to the limitations in that Act.
PEOPLE'S REPUBLIC OF CHINA: Charges (Section 2): The following is added:
All banking charges incurred in the People's Republic of China will be borne by
You and those incurred outside the People's Republic of China will be borne by
IBM.
the laws of the State of New York, United States of America (except when local
law requires otherwise)
PHILIPPINES: Limitation of Liability (Section 4): The following replaces the

terms of item 2 of the third paragraph:
2. special (including nominal and exemplary damages), moral, incidental, or

indirect damages or for any economic consequential damages; or
Governing Law, Jurisdiction, and Arbitration (Section 6): The following is

added to this section:
Arbitration

settled by arbitration which shall be held in Metro Manila, Philippines in
accordance with the laws of the Philippines then in effect. The arbitration
award shall be final and binding for the parties without appeal and shall be in
writing and set forth the findings of fact and the conclusions of law.
Vacancies in the post of chairman shall be filled by the president of the
Philippine Dispute Resolution Center, Inc. Other vacancies shall be filled by the
respective nominating party. Proceedings shall continue from the stage they
were at when the vacancy occurred.

properly appointed.


SINGAPORE: Limitation of Liability (Section 4): The words "SPECIAL" and

"ECONOMIC" are deleted from item 2 of the third paragraph.
Subject to the rights provided to IBM's suppliers and Program developers as

provided in Section 4 above (Limitation of Liability), a person who is not a
party to this Agreement shall have no right under the Contracts (Right of Third
Parties) Act to enforce any of its terms.
EUROPE, MIDDLE EAST, AFRICA (EMEA)
No Warranty (Section 3): In the European Union, the following is added at the
beginning of this section:
In the European Union, consumers have legal rights under applicable national
legislation governing the sale of consumer goods. Such rights are not affected
by the provisions of this Section 3.
Limitation of Liability (Section 4): In Austria, Denmark, Finland, Greece, Italy,

Netherlands, Norway, Portugal, Spain, Sweden and Switzerland, the following
replaces the terms of this section in its entirety:
Except as otherwise provided by mandatory law:
1. IBM's liability for any damages and losses that may arise as a consequence
of the fulfillment of its obligations under or in connection with this agreement
or due to any other cause related to this agreement is limited to the
compensation of only those damages and losses proved and actually arising as
an immediate and direct consequence of the non-fulfillment of such obligations
(if IBM is at fault) or of such cause, for a maximum amount equal to the
charges You paid for the Program.
The above limitation shall not apply to damages for bodily injuries (including
death) and damages to real property and tangible personal property for which
IBM is legally liable.
2. UNDER NO CIRCUMSTANCES IS IBM, OR ANY OF ITS PROGRAM

DEVELOPERS, LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF
THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL OR
INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; 3)
LOST PROFITS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF
THE EVENT THAT GENERATED THE DAMAGES; OR 4) LOSS OF BUSINESS,
REVENUE, GOODWILL, OR ANTICIPATED SAVINGS.
3. The limitation and exclusion of liability herein agreed applies not only to the
activities performed by IBM but also to the activities performed by its suppliers
and Program developers, and represents the maximum amount for which IBM
as well as its suppliers and Program developers, are collectively responsible.
Limitation of Liability (Section 4): In France and Belgium, the following

replaces the terms of this section in its entirety:
Except as otherwise provided by mandatory law:
1. IBM's liability for any damages and losses that may arise as a consequence
of the fulfillment of its obligations under or in connection with this agreement
is limited to the compensation of only those damages and losses proved and
actually arising as an immediate and direct consequence of the non-fulfillment
of such obligations (if IBM is at fault), for a maximum amount equal to the
charges You paid for the Program that has caused the damages.
The above limitation shall not apply to damages for bodily injuries (including
death) and damages to real property and tangible personal property for which
IBM is legally liable.
2. UNDER NO CIRCUMSTANCES IS IBM, OR ANY OF ITS PROGRAM

DEVELOPERS, LIABLE FOR ANY OF THE FOLLOWING, EVEN IF INFORMED OF
THEIR POSSIBILITY: 1) LOSS OF, OR DAMAGE TO, DATA; 2) INCIDENTAL OR
INDIRECT DAMAGES, OR FOR ANY ECONOMIC CONSEQUENTIAL DAMAGES; 3)
LOST PROFITS, EVEN IF THEY ARISE AS AN IMMEDIATE CONSEQUENCE OF
THE EVENT THAT GENERATED THE DAMAGES; OR 4) LOSS OF BUSINESS,
REVENUE, GOODWILL, OR ANTICIPATED SAVINGS.
3. The limitation and exclusion of liability herein agreed applies not only to the
activities performed by IBM but also to the activities performed by its suppliers
and Program developers, and represents the maximum amount for which IBM
as well as its suppliers and Program developers, are collectively responsible.
Governing Law, Jurisdiction, and Arbitration (Section 6)
Governing Law
The phrase "the laws of the country in which You acquired the Program
license" is replaced by:
1) "the laws of Austria" in Albania, Armenia, Azerbeijan, Belarus, Bosnia-
Herzegovina, Bulgaria, Croatia, Georgia, Hungary, Kazakhstan, Kyrgyzstan,
FYR Macedonia, Moldavia, Poland, Romania, Russia, Slovakia, Slovenia,
Tajikistan, Turkmenistan, Ukraine, Uzbekistan, and FR Yugoslavia;
2) "the laws of France" in Algeria, Benin, Burkina Faso, Cameroon, Cape
Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti,
Democratic Republic of Congo, Equatorial Guinea, French Guiana, French
Polynesia, Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon,
Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia,
Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis &
Futuna;
3) "the laws of Finland" in Estonia, Latvia, and Lithuania;

4) "the laws of England" in Angola, Bahrain, Botswana, Burundi, Egypt,

Eritrea, Ethiopia, Ghana, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta,
Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome, Saudi
Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, the
United Kingdom, West Bank/Gaza, Yemen, Zambia, and Zimbabwe; and
5) "the laws of South Africa" in South Africa, Namibia, Lesotho and Swaziland.
Jurisdiction
The following exceptions are added to this section:
1) In Austria the choice of jurisdiction for all disputes arising out of this
Agreement and relating thereto, including its existence, will be the competent
court of law in Vienna, Austria (Inner-City);
2) in Angola, Bahrain, Botswana, Burundi, Egypt, Eritrea, Ethiopia, Ghana,
Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman,
Pakistan, Qatar, Rwanda, Sao Tome, Saudi Arabia, Sierra Leone, Somalia,
Tanzania, Uganda, United Arab Emirates, West Bank/Gaza, Yemen, Zambia,
and Zimbabwe all disputes arising out of this Agreement or related to its
execution, including summary proceedings, will be submitted to the exclusive
jurisdiction of the English courts;
3) in Belgium and Luxembourg, all disputes arising out of this Agreement or
related to its interpretation or its execution, the law, and the courts of the
capital city, of the country of Your registered office and/or commercial site
location only are competent;
4) in France, Algeria, Benin, Burkina Faso, Cameroon, Cape Verde, Central
African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic
Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia,
Gabon, Gambia, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar,
Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion,
Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis & Futuna all disputes
arising out of this Agreement or related to its violation or execution, including
summary proceedings, will be settled exclusively by the Commercial Court of
Paris;
5) in Russia, all disputes arising out of or in relation to the interpretation, the
violation, the termination, the nullity of the execution of this Agreement shall
be settled by Arbitration Court of Moscow;
6) in South Africa, Namibia, Lesotho and Swaziland, both of us agree to submit
all disputes relating to this Agreement to the jurisdiction of the High Court in
Johannesburg;
7) in Turkey all disputes arising out of or in connection with this Agreement
shall be resolved by the Istanbul Central (Sultanahmet) Courts and Execution
Directorates of Istanbul, the Republic of Turkey;
8) in each of the following specified countries, any legal claim arising out of
this Agreement will be brought before, and settled exclusively by, the
competent court of a) Athens for Greece, b) Tel Aviv-Jaffa for Israel, c) Milan
for Italy, d) Lisbon for Portugal, and e) Madrid for Spain; and
9) in the United Kingdom, both of us agree to submit all disputes relating to
this Agreement to the jurisdiction of the English courts.
Arbitration
In Albania, Armenia, Azerbeijan, Belarus, Bosnia-Herzegovina, Bulgaria,

Croatia, Georgia, Hungary, Kazakhstan, Kyrgyzstan, FYR Macedonia, Moldavia,
Poland, Romania, Russia, Slovakia, Slovenia, Tajikistan, Turkmenistan,
Ukraine, Uzbekistan, and FR Yugoslavia all disputes arising out of this
Agreement or related to its violation, termination or nullity will be finally
settled under the Rules of Arbitration and Conciliation of the International
Arbitral Center of the Federal Economic Chamber in Vienna (Vienna Rules) by
three arbitrators appointed in accordance with these rules.
The arbitration will be held in Vienna, Austria, and the official language of the
proceedings will be English. The decision of the arbitrators will be final and
binding upon both parties. Therefore, pursuant to paragraph 598 (2) of the
Austrian Code of Civil Procedure, the parties expressly waive the application of
paragraph 595 (1) figure 7 of the Code. IBM may, however, institute
proceedings in a competent court in the country of installation.
In Estonia, Latvia and Lithuania all disputes arising in connection with this
Agreement will be finally settled in arbitration that will be held in Helsinki,
Finland in accordance with the arbitration laws of Finland then in effect. Each
party will appoint one arbitrator. The arbitrators will then jointly appoint the
chairman. If arbitrators cannot agree on the chairman, then the Central
Chamber of Commerce in Helsinki will appoint the chairman.
AUSTRIA: No Warranty (Section 3): The terms of this section are completely
replaced by the following:
The following limited warranty applies if You have paid a charge to obtain the
Program:
The warranty period is twelve months from the date of delivery. The limitation
period for consumers in action for breach of warranty is the statutory period as
a minimum.
The warranty for an IBM Program covers the functionality of the Program for
its normal use and the Program's conformity to its specifications.
IBM warrants that when the Program is used in the specified operating
environment it will conform to its specifications. IBM does not warrant
uninterrupted or error-free operation of the Program or that IBM will correct all
Program defects. You are responsible for the results obtained from the use of
the Program.
The warranty applies only to the unmodified portion of the Program.
If the Program does not function as warranted during the warranty period and
the problem cannot be resolved with information available. You may return the
Program to the party from whom You acquired it and receive a refund in the

amount You paid. If You downloaded the Program, You may contact the party
from whom You acquired it to obtain the refund.
This is our sole obligation to You, except as otherwise required by applicable

statutory law.
General (Section 5): The following is added to item 4:
For purposes of this clause, contact information will also include information
about You as a legal entity, for example revenue data and other transactional
information.
GERMANY: No Warranty (Section 3): The same changes apply as those in No

Warranty (Section 3) under Austria above.
Limitation of Liability (Section 4): The following paragraph is added to this

Section:
The limitations and exclusions specified in this Section will not apply to
damages caused by IBM intentionally or by gross negligence.
Any claims resulting from this Agreement are subject to a statute of limitation
of three years, except as stated in Section 3 (No Warranty) of this Agreement.
HUNGARY: Limitation of Liability (Section 4): The following is added at the end
of this section:
The limitation and exclusion specified herein shall not apply to liability for a
breach of contract damaging life, physical well-being, or health that has been
caused intentionally, by gross negligence, or by a criminal act.
The parties accept the limitations of liability as valid provisions and state that
the Section 314.(2) of the Hungarian Civil Code applies as the acquisition price
as well as other advantages arising out of the present Agreement balance this
limitation of liability.
IRELAND: No Warranty (Section 3): The following is added to this section:
Except as expressly provided in these terms and conditions, or section 12 of

the Sale of Goods Act 1893 (as amended by the Sale of Goods and Supply of
Services Act 1980 ("the 1980 Act")), all conditions and warranties (express or
implied, statutory or otherwise) are hereby excluded including, without
limitation, any warranties implied by the Sale of Goods Act 1893 as amended
by the 1980 Act (including, for the avoidance of doubt, section 39 of the 1980
Act).
Limitation of Liability (Section 4): The following replaces the terms of this
section in its entirety:
For the purposes of this section, a "Default" means any act, statement,
omission, or negligence on the part of IBM in connection with, or in relation to,
the subject matter of an Agreement in respect of which IBM is legally liable to
You whether in contract or tort. A number of Defaults which together result in,
or contribute to, substantially the same loss or damage will be treated as one
Default occurring on the date of occurrence of the last such Default.
Circumstances may arise where, because of a Default, You are entitled to

recover damages from IBM. This section sets out the extent of IBM's liability
and Your sole remedy.
1. IBM will accept unlimited liability for (a) death or personal injury caused by
the negligence of IBM, and (b) subject always to the Items for Which IBM is
Not Liable below, for physical damage to Your tangible property resulting from
the negligence of IBM.
2. Except as provided in item 1 above, IBM's entire liability for actual damages
for any one Default will not in any event exceed the greater of 1) EUR
125,000, or 2) 125% of the amount You paid for the Program directly relating
to the Default. These limits also apply to any of IBM's suppliers and Program
developers. They state the maximum for which IBM and such suppliers and
Program developers are collectively responsible.
Items for Which IBM is Not Liable
Save with respect to any liability referred to in item 1 above, under no

circumstances is IBM or any of its suppliers or Program developers liable for
any of the following, even if IBM or they were informed of the possibility of
such losses:
1. loss of, or damage to, data;
2. special, indirect, or consequential loss; or
3. loss of profits, business, revenue, goodwill, or anticipated savings.
ITALY: General (Section 5): The following is added to this section:
IBM and Customer (hereinafter, individually, "Party") shall comply with all the
obligations of the applicable provisions of law and/or regulation on personal
data protection. Each of the Parties will indemnify and keep the other Party
harmless from any damage, claim, cost or expense incurred by the latter,
directly and or indirectly, as a consequence of an infringement of the other
Party of the mentioned provisions of law and/or regulations.
SLOVAKIA: Limitation of Liability (Section 4): The following is added to the

end of the last paragraph:

The limitations apply to the extent they are not prohibited under §§ 373-386
of the Slovak Commercial Code.
General (Section 5): The terms of item 5 are replaced with the following:
THE PARTIES AGREE THAT, AS DEFINED BY APPLICABLE LOCAL LAW, ANY

LEGAL OR OTHER ACTION RELATED TO A BREACH OF THIS AGREEMENT MUST
BE COMMENCED NO LATER THAN FOUR YEARS FROM THE DATE ON WHICH
THE CAUSE OF ACTION AROSE.
SWITZERLAND: General (Section 5): The following is added to item 4:
For purposes of this clause, contact information will also include information
about You as a legal entity, for example revenue data and other transactional
information.
UNITED KINGDOM: No Warranty (Section 3): The following replaces the first
sentence in the first paragraph of this section:
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,

IBM MAKES NO WARRANTY OR CONDITION EITHER EXPRESS OR IMPLIED,
INCLUDING (WITHOUT LIMITATION) THE IMPLIED WARRANTIES OF
SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-
INFRINGEMENT, REGARDING THE PROGRAM.
Limitation of Liability (Section 4): The following replaces the terms of this
section in its entirety:
For the purposes of this section, a "Default" means any act, statement,
omission, or negligence on the part of IBM in connection with, or in relation to,
the subject matter of an Agreement in respect of which IBM is legally liable to
You, whether in contract or tort. A number of Defaults which together result
in, or contribute to, substantially the same loss or damage will be treated as
one Default.
Circumstances may arise where, because of a Default, You are entitled to

recover damages from IBM. This section sets out the extent of IBM's liability
and Your sole remedy.
1. IBM will accept unlimited liability for:
a. death or personal injury caused by the negligence of IBM;
b. any breach of its obligations implied by Section 12 of the Sale of Goods Act
1979 or Section 2 of the Supply of Goods and Services Act 1982, or any
statutory modification or re-enactment of either such Section; and
c. subject always to the Items for Which IBM is Not Liable below, for physical
damage to Your tangible property resulting from the negligence of IBM.
2. IBM's entire liability for actual damages for any one Default will not in any
event, except as provided in item 1 above, exceed the greater of 1) £75,000,
or 2) 125% of the amount You paid for the Program directly relating to the
Default. These limits also apply to IBM's suppliers and Program developers.
They state the maximum for which IBM and such suppliers and Program
developers are collectively responsible.
Items for Which IBM is Not Liable
Save with respect to any liability referred to in item 1 above, under no

circumstances is IBM or any of its suppliers or Program developers liable for
any of the following, even if IBM or they were informed of the possibility of
such losses:
1. loss of, or damage to, data;
2. special, indirect, or consequential loss; or
3. loss of profits, business, revenue, goodwill, or anticipated savings.
Z125-5589-03 (11/2002)
LICENSE INFORMATION
The Programs listed below are licensed under the following terms and
conditions in addition to those of the International License Agreement for Non-
Warranted Programs.
Program Name: IBM(R) 31-bit Runtime Environment for Linux(R) on

zSeries(TM), Java(TM) 2 Technology Edition, Version 1.4
Program Number: 5648-C98
Authorization for Use on Home/Portable Computer: 1
EXPLANATIONS OF TERMS:
Authorization for Use on Home/Portable Computer:

"1" means that the Program may be stored on the primary machine and
another machine, provided that the Program is not in active use on both
machines at the same time.
"2" means that You may not copy and use this Program on another computer
without paying additional license fees.
Specified Operating Environment
The Program's specifications and specified operating environment information

may be found in documentation accompanying the Program, if available, such
as a read-me file, or other information published by IBM, such as an

announcement letter.
Program-unique Terms
1. GENERAL
To the extent of any conflict between the terms of the International License
Agreement for Non-Warranted Programs and this License Information, the
terms of this License Information shall prevail.
WHERE THE PROGRAM HAS BEEN PROVIDED TO YOU SEPARATELY BY IBM, IT

IS PROVIDED AT NO CHARGE.
The Program consists of binary code that executes on the operating system(s)
specified in Readme files that accompany the Program.
3. TRADEMARKS AND COPYRIGHT: YOUR RESPONSIBILITIES
a) You shall not modify, delete, suppress, or obscure any copyright, trademark
or other legal notice (whether from IBM or any third party) which may be
displayed by or included within the Program.
b) Java and all Java-based Trademarks are trademarks of Sun Microsystems,

Inc. in the United States, other countries, or both.
c) You recognize IBM's and Sun Microsystems, Inc.'s ownership and title to
their respective trademarks and of any goodwill attaching thereto, including
goodwill resulting from use. You will not use or attempt to register any
trademark which is confusingly similar to such IBM or Sun trademarks.
3. PROOF OF ENTITLEMENT
This License Agreement constitutes your Proof of Entitlement.
D/N: L-ADAN-5YWF2Z
P/N: L-ADAN-5YWF2Z
ICU
ICU
COPYRIGHT AND PERMISSION NOTICE
Copyright (c) 1995-2003 International Business Machines Corporation and

others. All rights reserved.
Permission is hereby granted, free of charge, to any person obtaining a copy

of this software and associated documentation files (the "Software"), to deal in
the Software without restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, provided
that the above copyright notice(s) and this permission notice appear in all
copies of the Software and that both the above copyright notice(s) and this
permission notice appear in supporting documentation.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,

EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE
COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE BE LIABLE FOR
ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR
ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
Except as contained in this notice, the name of a copyright holder shall not be
used in advertising or otherwise to promote the sale, use or other dealings in
this Software without prior written authorization of the copyright holder.

Jakarta
Jakarta
Licenses


below.

Jakarta
ASF project.

Software Grants


Open SSL
Open SSL
LICENSE ISSUES
==============
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the
OpenSSL License and the original SSLeay license apply to the toolkit. See
below for the actual license texts. Actually both licenses are BSD-style Open
Source licenses. In case of any license issues related to OpenSSL please
contact openssl-core@openssl.org.
OpenSSL License
---------------
/*
================================================
====================
* Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
* Redistribution and use in source and binary forms, with or without

modification, are permitted provided that the following conditions are met:
* 1. Redistributions of source code must retain the above copyright notice,

this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright

notice, this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software must

display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project for use
in the OpenSSL Toolkit. (http://www.openssl.org/)"
Open SSL
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used
to endorse or promote products derived from this software without prior
written permission. For written permission, please contact openssl-
core@openssl.org.
* 5. Products derived from this software may not be called "OpenSSL" nor
may "OpenSSL" appear in their names without prior written permission of the
OpenSSL Project.
* 6. Redistributions of any form whatsoever must retain the following

acknowledgment:
* "This product includes software developed by the OpenSSL Project for use
in the OpenSSL Toolkit (http://www.openssl.org/)"
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `ÀS IS'' AND

ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL
PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
================================================
====================
* This product includes cryptographic software written by Eric Young

(eay@cryptsoft.com). This product includes software written by Tim Hudson
(tjh@cryptsoft.com).
*/
Original SSLeay License

Open SSL
-----------------------
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
* This package is an SSL implementation written by Eric Young

(eay@cryptsoft.com). The implementation was written so as to conform with
Netscapes SSL.
* This library is free for commercial and non-commercial use as long as the
following conditions are aheared to. The following conditions apply to all code
found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
included with this distribution is covered by the same copyright terms except
that the holder is Tim Hudson (tjh@cryptsoft.com).
* Copyright remains Eric Young's, and as such any Copyright notices in the
code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution

as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or in

documentation (online or textual) provided with the package.

* 1. Redistributions of source code must retain the copyright notice, this list
of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright

* 3. All advertising materials mentioning features or use of this software must

display the following acknowledgement:
Open SSL
* "This product includes cryptographic software written by Eric Young

(eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson

(tjh@cryptsoft.com)"
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `ÀS IS'' AND ANY

EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
* The licence and distribution terms for any publically available version or
derivative of this code cannot be changed. i.e. this code cannot simply be
copied and put under another distribution licence
* [including the GNU Public Licence.]
*/

PCRE
PCRE
PCRE LICENCE
------------
PCRE is a library of functions to support regular expressions whose syntax and

semantics are as close as possible to those of the Perl 5 language.
Release 5 of PCRE is distributed under the terms of the "BSD" licence, as

specified below. The documentation for PCRE, supplied in the "doc" directory,
is distributed under the same terms as the software itself.
Written by: Philip Hazel <ph10@cam.ac.uk>
University of Cambridge Computing Service,
Cambridge, England. Phone: +44 1223 334714.
Copyright (c) 1997-2004 University of Cambridge
All rights reserved.
Redistribution and use in source and binary forms, with or without

* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice,

this list of conditions and the following disclaimer in the documentation and/or
other materials provided with the distribution.
* Neither the name of the University of Cambridge nor the names of its
contributors may be used to endorse or promote products derived from this
software without specific prior written permission.
PCRE
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
End

Struts
Struts
Licenses


below.

Struts
ASF project.

Software Grants


Sun JDK
Sun JDK
Sun Microsystems, Inc.
Binary Code License Agreement
for the JAVATM 2 SOFTWARE DEVELOPMENT KIT (J2SDK), STANDARD

EDITION, VERSION 1.4.2_X
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE

IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT
ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT
AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT").
PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR
INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT.
INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON AT THE
BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY
ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE
AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT
CONTINUE.
1.DEFINITIONS. "Software" means the identified above in binary form, any

other machine readable materials (including, but not limited to, libraries,
source files, header files, and data files), any updates or error corrections
provided by Sun, and any user manuals, programming guides and other
documentation provided to you by Sun under this Agreement. "Programs"
mean Java applets and applications intended to run on the Java 2 Platform,
Standard Edition (J2SETM platform) platform on Java-enabled general purpose
desktop computers and servers.
2.LICENSE TO USE. Subject to the terms and conditions of this Agreement,

including, but not limited to the Java Technology Restrictions of the
Supplemental License Terms, Sun grants you a non-exclusive, non-
transferable, limited license without license fees to reproduce and use
internally Software complete and unmodified for the sole purpose of running
Programs. Additional licenses for developers and/or publishers are granted in
the Supplemental License Terms.
Sun JDK
3.RESTRICTIONS. Software is confidential and copyrighted. Title to Software

and all associated intellectual property rights is retained by Sun and/or its
licensors. Unless enforcement is prohibited by applicable law, you may not
modify, decompile, or reverse engineer Software. You acknowledge that
Licensed Software is not designed or intended for use in the design,
construction, operation or maintenance of any nuclear facility. Sun
Microsystems, Inc. disclaims any express or implied warranty of fitness for
such uses. No right, title or interest in or to any trademark, service mark, logo
or trade name of Sun or its licensors is granted under this Agreement.
Additional restrictions for developers and/or publishers licenses are set forth in
4.LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90)
days from the date of purchase, as evidenced by a copy of the receipt, the
media on which Software is furnished (if any) will be free of defects in
materials and workmanship under normal use. Except for the foregoing,
Software is provided "AS IS". Your exclusive remedy and Sun's entire liability
under this limited warranty will be at Sun's option to replace Software media
or refund the fee paid for Software. Any implied warranties on the Software
are limited to 90 days. Some states do not allow limitations on duration of an
implied warranty, so the above may not apply to you. This limited warranty
gives you specific legal rights. You may have others, which vary from state to
state.
5.DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL

EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,
INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO
THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
6.LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN

NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF
THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR
INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you,
whether in contract, tort (including negligence), or otherwise, exceed the
amount paid by you for Software under this Agreement. The foregoing
limitations will apply even if the above stated warranty fails of its essential
purpose. Some states do not allow the exclusion of incidental or consequential
damages, so some of the terms above may not be applicable to you.

Sun JDK
7.SOFTWARE UPDATES FROM SUN. You acknowledge that at your request or

consent optional features of the Software may download, install, and execute
applets, applications, software extensions, and updated versions of the
Software from Sun ("Software Updates"), which may require you to accept
updated terms and conditions for installation. If additional terms and
conditions are not presented on installation, the Software Updates will be
considered part of the Software and subject to the terms and conditions of the
Agreement.
8.SOFTWARE FROM SOURCES OTHER THAN SUN. You acknowledge that, by

your use of optional features of the Software and/or by requesting services
that require use of the optional features of the Software, the Software may
automatically download, install, and execute software applications from
sources other than Sun ("Other Software"). Sun makes no representations of a
relationship of any kind to licensors of Other Software. TO THE EXTENT NOT
PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED
REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED
TO THE USE OF OR INABILITY TO USE OTHER SOFTWARE, EVEN IF SUN HAS
BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Some states do not
allow the exclusion of incidental or consequential damages, so some of the
terms above may not be applicable to you.
9.TERMINATION. This Agreement is effective until terminated. You may

terminate this Agreement at any time by destroying all copies of Software.
This Agreement will terminate immediately without notice from Sun if you fail
to comply with any provision of this Agreement. Either party may terminate
this Agreement immediately should any Software become, or in either party's
opinion be likely to become, the subject of a claim of infringement of any
intellectual property right. Upon Termination, you must destroy all copies of
Software.
10.EXPORT REGULATIONS. All Software and technical data delivered under

this Agreement are subject to US export control laws and may be subject to
export or import regulations in other countries. You agree to comply strictly
with all such laws and regulations and acknowledge that you have the
responsibility to obtain such licenses to export, re-export, or import as may be
required after delivery to you.
11.TRADEMARKS AND LOGOS. You acknowledge and agree as between you

and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET
trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related
trademarks, service marks, logos and other brand designations ("Sun Marks"),
and you agree to comply with the Sun Trademark and Logo Usage
Requirements currently located at http://www.sun.com/policies/trademarks.
Any use you make of the Sun Marks inures to Sun's benefit.
Sun JDK
12.U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by

or on behalf of the U.S. Government or by a U.S. Government prime
contractor or subcontractor (at any tier), then the Government's rights in
Software and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4
(for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and
12.212 (for non-DOD acquisitions).
13.GOVERNING LAW. Any action related to this Agreement will be governed

by California law and controlling U.S. federal law. No choice of law rules of
any jurisdiction will apply.
14.SEVERABILITY. If any provision of this Agreement is held to be

unenforceable, this Agreement will remain in effect with the provision omitted,
unless omission would frustrate the intent of the parties, in which case this
Agreement will immediately terminate.
15.INTEGRATION. This Agreement is the entire agreement between you and

Sun relating to its subject matter. It supersedes all prior or contemporaneous
oral or written communications, proposals, representations and warranties and
prevails over any conflicting or additional terms of any quote, order,
acknowledgment, or other communication between the parties relating to its
subject matter during the term of this Agreement. No modification of this
Agreement will be binding, unless in writing and signed by an authorized
representative of each party.
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the terms of the Binary
Code License Agreement. Capitalized terms not defined in these Supplemental
Terms shall have the same meanings ascribed to them in the Binary Code
License Agreement . These Supplemental Terms shall supersede any
inconsistent or conflicting terms in the Binary Code License Agreement, or in
any license contained within the Software.
A.Software Internal Use and Development License Grant. Subject to the terms
and conditions of this Agreement, including, but not limited to the Java
Technology Restrictions of these Supplemental Terms, Sun grants you a non-
exclusive, non-transferable, limited license without fees to reproduce internally
and use internally the Software complete and unmodified (unless otherwise
specified in the applicable README file) for the purpose of designing,
developing, and testing your Programs.

Sun JDK
B.License to Distribute Software. Subject to the terms and conditions of this

Agreement, including, but not limited to the Java Technology Restrictions of
these Supplemental Terms, Sun grants you a non-exclusive, non-transferable,
limited license without fees to reproduce and distribute the Software, provided
that (i) you distribute the Software complete and unmodified (unless otherwise
specified in the applicable README file) and only bundled as part of, and for
the sole purpose of running, your Programs, (ii) the Programs add significant
and primary functionality to the Software, (iii) you do not distribute additional
software intended to replace any component(s) of the Software (unless
otherwise specified in the applicable README file), (iv) you do not remove or
alter any proprietary legends or notices contained in the Software, (v) you
only distribute the Software subject to a license agreement that protects Sun's
interests consistent with the terms contained in this Agreement, and (vi) you
agree to defend and indemnify Sun and its licensors from and against any
damages, costs, liabilities, settlement amounts and/or expenses (including
attorneys' fees) incurred in connection with any claim, lawsuit or action by any
third party that arises or results from the use or distribution of any and all
Programs and/or Software.
C.License to Distribute Redistributables. Subject to the terms and conditions of

this Agreement, including but not limited to the Java Technology Restrictions
of these Supplemental Terms, Sun grants you a non-exclusive, non-
transferable, limited license without fees to reproduce and distribute those files
specifically identified as redistributable in the Software "README" file
("Redistributables") provided that: (i) you distribute the Redistributables
complete and unmodified (unless otherwise specified in the applicable README
file), and only bundled as part of Programs, (ii) you do not distribute additional
software intended to supersede any component(s) of the Redistributables
(unless otherwise specified in the applicable README file), (iii) you do not
remove or alter any proprietary legends or notices contained in or on the
Redistributables, (iv) you only distribute the Redistributables pursuant to a
license agreement that protects Sun's interests consistent with the terms
contained in the Agreement, (v) you agree to defend and indemnify Sun and
its licensors from and against any damages, costs, liabilities, settlement
amounts and/or expenses (including attorneys' fees) incurred in connection
with any claim, lawsuit or action by any third party that arises or results from
the use or distribution of any and all Programs and/or Software.
Sun JDK
D.Java Technology Restrictions. You may not modify the Java Platform
Interface ("JPI", identified as classes contained within the "java" package or
any subpackages of the "java" package), by creating additional classes within
the JPI or otherwise causing the addition to or modification of the classes in
the JPI. In the event that you create an additional class and associated API(s)
which (i) extends the functionality of the Java platform, and (ii) is exposed to
third party software developers for the purpose of developing additional
software which invokes such additional API, you must promptly publish
broadly an accurate specification for such API for free use by all developers.
You may not create, or authorize your licensees to create, additional classes,
interfaces, or subpackages that are in any way identified as "java", "javax",
"sun" or similar convention as specified by Sun in any naming convention
designation.

Sun JDK
E.Distribution by Publishers. This section pertains to your distribution of the

Software with your printed book or magazine (as those terms are commonly
used in the industry) relating to Java technology ("Publication"). Subject to
and conditioned upon your compliance with the restrictions and obligations
contained in the Agreement, in addition to the license granted in Paragraph 1
above, Sun hereby grants to you a non-exclusive, nontransferable limited right
to reproduce complete and unmodified copies of the Software on electronic
media (the "Media") for the sole purpose of inclusion and distribution with your
Publication(s), subject to the following terms: (i) You may not distribute the
Software on a stand-alone basis; it must be distributed with your
Publication(s); (ii) You are responsible for downloading the Software from the
applicable Sun web site; (iii) You must refer to the Software as JavaTM 2
Software Development Kit, Standard Edition, Version 1.4.2; (iv) The Software
must be reproduced in its entirety and without any modification whatsoever
(including, without limitation, the Binary Code License and Supplemental
License Terms accompanying the Software and proprietary rights notices
contained in the Software); (v) The Media label shall include the following
information: Copyright 2003, Sun Microsystems, Inc. All rights reserved. Use
is subject to license terms. Sun, Sun Microsystems, the Sun logo, Solaris,
Java, the Java Coffee Cup logo, J2SE , and all trademarks and logos based on
Java are trademarks or registered trademarks of Sun Microsystems, Inc. in the
U.S. and other countries. This information must be placed on the Media label
in such a manner as to only apply to the Sun Software; (vi) You must clearly
identify the Software as Sun's product on the Media holder or Media label, and
you may not state or imply that Sun is responsible for any third-party software
contained on the Media; (vii) You may not include any third party software on
the Media which is intended to be a replacement or substitute for the
Software; (viii) You shall indemnify Sun for all damages arising from your
failure to comply with the requirements of this Agreement. In addition, you
shall defend, at your expense, any and all claims brought against Sun by third
parties, and shall pay all damages awarded by a court of competent
jurisdiction, or such settlement amount negotiated by you, arising out of or in
connection with your use, reproduction or distribution of the Software and/or
the Publication. Your obligation to provide indemnification under this section
shall arise provided that Sun: (i) provides you prompt notice of the claim; (ii)
gives you sole control of the defense and settlement of the claim; (iii) provides
you, at your expense, with all available information, assistance and authority
to defend; and (iv) has not compromised or settled such claim without your
prior written consent; and (ix) You shall provide Sun with a written notice for
each Publication; such notice shall include the following information: (1) title
of Publication, (2) author(s), (3) date of Publication, and (4) ISBN or ISSN
numbers. Such notice shall be sent to Sun Microsystems, Inc., 4150 Network
Circle, M/S USCA12-110, Santa Clara, California 95054, U.S.A , Attention:
Contracts Administration.
F.Source Code. Software may contain source code that, unless expressly
licensed for other purposes, is provided solely for reference purposes pursuant
to the terms of this Agreement. Source code may not be redistributed unless
expressly provided for in this Agreement.
Sun JDK
G.Third Party Code. Additional copyright notices and license terms applicable
to portions of the Software are set forth in the
THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions
of any third party opensource/freeware license identified in the
THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and
limitation of liability provisions in paragraphs 5 and 6 of the Binary Code
License Agreement shall apply to all Software in this distribution.
For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle,
Santa Clara, California 95054, U.S.A.
(LFI#141496/Form ID#011801)

Sun JDK
Third Party Licenses Related to JDK
A) The following software may be included in this product:
CS CodeViewer v1.0; Use of any of this software is governed by the terms of

the license below:
Copyright 1999 by CoolServlets.com.
Any errors or suggested improvements to this class can be reported as

instructed on CoolServlets.com. We hope you enjoy this program... your
comments will encourage further development! This software is distributed
under the terms of the BSD License. Redistribution and use in source and
binary forms, with or without modification, are permitted provided that the
following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this
2. Redistributions in binary form must reproduce the above copyright notice,

Neither name of CoolServlets.com nor the names of its contributors may be

used to endorse or promote products derived from this software without
specific prior written permission.
THIS SOFTWARE IS PROVIDED BY COOLSERVLETS.COM AND CONTRIBUTORS

`ÀS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
B) The following software may be included in this product: DES and 3xDES ;
Use of any of this software is governed by the terms of the license below:
"Copyright 2000 by Jef Poskanzer <jef@acme.com>. All rights reserved.

Sun JDK
1. Redistributions of source code must retain the above copyright notice, this
2. Redistributions in binary form must reproduce the above copyright notice,

THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS `ÀS

IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE."
C) The following software may be included in this product:
Crimson v1.1.1 ; Use of any of this software is governed by the terms of the
license below:
/*
* The Apache Software License, Version 1.1
* Copyright (c) 1999-2000 The Apache Software Foundation. All rights

reserved.

* 1. Redistributions of source code must retain the above copyright notice, this
* 2. Redistributions in binary form must reproduce the above copyright notice,

* 3. The end-user documentation included with the redistribution, if any, must

include the following acknowledgment:
* "This product includes software developed by the Apache Software

Foundation (http://www.apache.org/)."

Sun JDK
* Alternately, this acknowledgment may appear in the software itself, if and

wherever such third-party acknowledgments normally appear.
* 4. The names "Crimson" and "Apache Software Foundation" must not be

used to endorse or promote products derived from this software without prior
written permission. For written permission, please contact
apache@apache.org.
* 5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the Apache
Software Foundation.
* THIS SOFTWARE IS PROVIDED `ÀS IS'' AND ANY EXPRESSED OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
*
================================================
====================
* This software consists of voluntary contributions made by many individuals

on behalf of the Apache Software Foundation and was originally based on
software copyright (c) 1999, International Business Machines, Inc.,
http://www.ibm.com. For more information on the Apache Software
Foundation, please see <http://www.apache.org/>.
*/
D) The following software may be included in this product: Xalan J2; Use of
any of this software is governed by the terms of the license below:
/*
* The Apache Software License, Version 1.1
* Copyright (c) 1999-2000 The Apache Software Foundation. All rights

reserved.
Sun JDK

* 1. Redistributions of source code must retain the above copyright notice, this
* 2. Redistributions in binary form must reproduce the above copyright notice,

* 3. The end-user documentation included with the redistribution, if any, must

include the following acknowledgment:
* "This product includes software developed by the Apache Software

Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself, if and

wherever such third-party acknowledgments normally appear.
* 4. The names "Xalan" and "Apache Software Foundation" must not be used
to endorse or promote products derived from this software without prior
written permission. For written permission, please contact
apache@apache.org.
* 5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the Apache
Software Foundation.
* THIS SOFTWARE IS PROVIDED `ÀS IS'' AND ANY EXPRESSED OR IMPLIED

WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
*
================================================
====================

Sun JDK
* This software consists of voluntary contributions made by many individuals

on behalf of the Apache Software Foundation and was originally based on
software copyright (c) 1999, International Business Machines, Inc.,
http://www.ibm.com. For more information on the Apache Software
Foundation, please see <http://www.apache.org/>.
*/
E) The following software may be included in this product: NSIS 1.0j; Use of
any of this software is governed by the terms of the license below:
Copyright (C) 1999-2000 Nullsoft, Inc.
This software is provided 'as-is', without any express or implied warranty. In

no event will the authors be held liable for any damages arising from the use
of this software. Permission is granted to anyone to use this software for any
purpose, including commercial applications, and to alter it and redistribute it
freely, subject to the following restrictions:
1. The origin of this software must not be misrepresented; you must not claim
that you wrote the original software. If you use this software in a product, an
acknowledgment in the product documentation would be appreciated but is not
required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Justin Frankel justin@nullsoft.com"
F) Some Portions licensed from IBM are available at:

http://oss.software.ibm.com/icu4j/
G) Portions Copyright Eastman Kodak Company 1992
H) Lucida is a registered trademark or trademakr of Bigelow & Holmes in the

U.S. and other countries.
I) Portions licensed from Taligent, Inc.
Sun JRE 1.5
Sun JRE 1.5

Sun Microsystems, Inc. Binary Code License Agreement for the JAVA 2
PLATFORM STANDARD EDITION RUNTIME ENVIRONMENT 5.0
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THE SOFTWARE

IDENTIFIED BELOW TO YOU ONLY UPON THE CONDITION THAT YOU ACCEPT
ALL OF THE TERMS CONTAINED IN THIS BINARY CODE LICENSE AGREEMENT
AND SUPPLEMENTAL LICENSE TERMS (COLLECTIVELY "AGREEMENT").
PLEASE READ THE AGREEMENT CAREFULLY. BY DOWNLOADING OR
INSTALLING THIS SOFTWARE, YOU ACCEPT THE TERMS OF THE AGREEMENT.
INDICATE ACCEPTANCE BY SELECTING THE "ACCEPT" BUTTON AT THE
BOTTOM OF THE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY
ALL THE TERMS, SELECT THE "DECLINE" BUTTON AT THE BOTTOM OF THE
AGREEMENT AND THE DOWNLOAD OR INSTALL PROCESS WILL NOT
CONTINUE.
1. DEFINITIONS. "Software" means the identified above in binary form, any

other machine readable materials (including, but not limited to, libraries,
source files, header files, and data files), any updates or error corrections
provided by Sun, and any user manuals, programming guides and other
documentation provided to you by Sun under this Agreement. "Programs"
mean Java applets and applications intended to run on the Java 2 Platform
Standard Edition (J2SE platform) platform on Java-enabled general purpose
desktop computers and servers.
2. LICENSE TO USE. Subject to the terms and conditions of this Agreement,

including, but not limited to the Java Technology Restrictions of the
Supplemental License Terms, Sun grants you a non-exclusive, non-
transferable, limited license without license fees to reproduce and use
internally Software complete and unmodified for the sole purpose of running
Programs. Additional licenses for developers and/or publishers are granted in
3. RESTRICTIONS. Software is confidential and copyrighted. Title to Software

and all associated intellectual property rights is retained by Sun and/or its
licensors. Unless enforcement is prohibited by applicable law, you may not
modify, decompile, or reverse engineer Software. You acknowledge that
Licensed Software is not designed or intended for use in the design,
construction, operation or maintenance of any nuclear facility. Sun
Microsystems, Inc. disclaims any express or implied warranty of fitness for
such uses. No right, title or interest in or to any trademark, service mark, logo
or trade name of Sun or its licensors is granted under this Agreement.
Additional restrictions for developers and/or publishers licenses are set forth in

Sun JRE 1.5
4. LIMITED WARRANTY. Sun warrants to you that for a period of ninety (90)
days from the date of purchase, as evidenced by a copy of the receipt, the
media on which Software is furnished (if any) will be free of defects in
materials and workmanship under normal use. Except for the foregoing,
Software is provided "AS IS". Your exclusive remedy and Sun's entire liability
under this limited warranty will be at Sun's option to replace Software media
or refund the fee paid for Software. Any implied warranties on the Software
are limited to 90 days. Some states do not allow limitations on duration of an
implied warranty, so the above may not apply to you. This limited warranty
gives you specific legal rights. You may have others, which vary from state to
state.
5. DISCLAIMER OF WARRANTY. UNLESS SPECIFIED IN THIS AGREEMENT, ALL

PARTICULAR PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO
THE EXTENT THAT THESE DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.
6. LIMITATION OF LIABILITY. TO THE EXTENT NOT PROHIBITED BY LAW, IN

NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED REGARDLESS OF
THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR
INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. In no event will Sun's liability to you,
whether in contract, tort (including negligence), or otherwise, exceed the
amount paid by you for Software under this Agreement. The foregoing
limitations will apply even if the above stated warranty fails of its essential
purpose. Some states do not allow the exclusion of incidental or consequential
damages, so some of the terms above may not be applicable to you.
7. TERMINATION. This Agreement is effective until terminated. You may

terminate this Agreement at any time by destroying all copies of Software.
This Agreement will terminate immediately without notice from Sun if you fail
to comply with any provision of this Agreement. Either party may terminate
this Agreement immediately should any Software become, or in either party's
opinion be likely to become, the subject of a claim of infringement of any
intellectual property right. Upon Termination, you must destroy all copies of
Software.
8. EXPORT REGULATIONS. All Software and technical data will be governed by

California law and controlling U.S. federal law. No choice of law rules of any
jurisdiction will apply.
Sun JRE 1.5
9. TRADEMARKS AND LOGOS. You acknowledge and agree as between you

and Sun that Sun owns the SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET
trademarks and all SUN, SOLARIS, JAVA, JINI, FORTE, and iPLANET-related
trademarks, service marks, logos and other brand designations ("Sun Marks"),
and you agree to comply with the Sun Trademark and Logo Usage
Requirements currently located at http://www.sun.com/policies/trademarks.
Any use you make of the Sun Marks inures to Sun's benefit.
10. U.S. GOVERNMENT RESTRICTED RIGHTS. If Software is being acquired by

or on behalf of the U.S. Government or by a U.S. Government prime
contractor or subcontractor (at any tier), then the Government's rights in
Software and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4
(for Department of Defense (DOD) acquisitions) and with 48 CFR 2.101 and
12.212 (for non-DOD acquisitions).
11. GOVERNING LAW. Any action related to this Agreement will be governed
by California law and controlling U.S. federal law. No choice of law rules of
any jurisdiction will apply.
12. SEVERABILITY. If any provision of this Agreement is held to be

unenforceable, this Agreement will remain in effect with the provision omitted,
unless omission would frustrate the intent of the parties, in which case this
Agreement will immediately terminate.
13. INTEGRATION. This Agreement is the entire agreement between you and
Sun relating to its subject matter. It supersedes all prior or contemporaneous
oral or written communications, proposals, representations and warranties and
prevails over any conflicting or additional terms of any quote, order,
acknowledgment, or other communication between the parties relating to its
subject matter during the term of this Agreement. No modification of this
Agreement will be binding, unless in writing and signed by an authorized
representative of each party.
SUPPLEMENTAL LICENSE TERMS
These Supplemental License Terms add to or modify the terms of the Binary
Code License Agreement. Capitalized terms not defined in these Supplemental
Terms shall have the same meanings ascribed to them in the Binary Code
License Agreement . These Supplemental Terms shall supersede any
inconsistent or conflicting terms in the Binary Code License Agreement, or in
any license contained within the Software.

Sun JRE 1.5
A. Software Internal Use and Development License Grant. Subject to the terms
and conditions of this Agreement and restrictions and exceptions set forth in
the Software "README" file, including, but not limited to the Java Technology
Restrictions of these Supplemental Terms, Sun grants you a non-exclusive,
non-transferable, limited license without fees to reproduce internally and use
internally the Software complete and unmodified for the purpose of designing,
developing, and testing your Programs.
B. License to Distribute Software. Subject to the terms and conditions of this

Agreement and restrictions and exceptions set forth in the Software README
file, including, but not limited to the Java Technology Restrictions of these
Supplemental Terms, Sun grants you a non-exclusive, non-transferable,
limited license without fees to reproduce and distribute the Software, provided
that (i) you distribute the Software complete and unmodified and only bundled
as part of, and for the sole purpose of running, your Programs, (ii) the
Programs add significant and primary functionality to the Software, (iii) you do
not distribute additional software intended to replace any component(s) of the
Software, (iv) you do not remove or alter any proprietary legends or notices
contained in the Software, (v) you only distribute the Software subject to a
license agreement that protects Sun's interests consistent with the terms
contained in this Agreement, and (vi) you agree to defend and indemnify Sun
and its licensors from and against any damages, costs, liabilities, settlement
amounts and/or expenses (including attorneys' fees) incurred in connection
with any claim, lawsuit or action by any third party that arises or results from
the use or distribution of any and all Programs and/or Software.
C. Java Technology Restrictions. You may not create, modify, or change the
behavior of, or authorize your licensees to create, modify, or change the
behavior of, classes, interfaces, or subpackages that are in any way identified
as "java", "javax", "sun" or similar convention as specified by Sun in any
naming convention designation.
D. Source Code. Software may contain source code that, unless expressly
licensed for other purposes, is provided solely for reference purposes pursuant
to the terms of this Agreement. Source code may not be redistributed unless
expressly provided for in this Agreement.
E. Third Party Code. Additional copyright notices and license terms applicable
to portions of the Software are set forth in the
THIRDPARTYLICENSEREADME.txt file. In addition to any terms and conditions
of any third party opensource/freeware license identified in the
THIRDPARTYLICENSEREADME.txt file, the disclaimer of warranty and limitation
of liability provisions in paragraphs 5 and 6 of the Binary Code License
Agreement shall apply to all Software in this distribution.
For inquiries please contact: Sun Microsystems, Inc., 4150 Network Circle,
Santa Clara, California 95054, U.S.A.
(LFI#141623/Form ID#011801)
Sun JRE
Sun JRE
Copyright 1994-2005 Sun Microsystems, Inc. All Rights Reserved.

Redistribution of source code must retain the above copyright notice,

this list of conditions and the following disclaimer.
Redistribution in binary form must reproduce the above copyright

Neither the name of Sun Microsystems, Inc. or the names of contributors may
be used to endorse or promote products derived from this software without
specific prior written permission.
This software is provided "AS IS," without a warranty of any kind. ALL
PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED.
SUN MICROSYSTEMS, INC. ("SUN") AND ITS LICENSORS SHALL NOT BE
LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING,
MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS DERIVATIVES. IN NO
EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST REVENUE,
PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS
OF THE THEORY OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY
TO USE THIS SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
You acknowledge that this software is not designed, licensed or intended for
use in the design, construction, operation or maintenance of any nuclear
facility.

XERCES
XERCES
The Apache Software License, Version 2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the

copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other
entities that control, are controlled by, or are under common control with that
entity. For the purposes of this definition, "control" means (i) the power, direct
or indirect, to cause the direction or management of such entity, whether by
contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising

permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation source, and
configuration files.
"Object" form shall mean any form resulting from mechanical

transformation or translation of a Source form, including but not limited to
compiled object code, generated documentation, and conversions to other
media types.
"Work" shall mean the work of authorship, whether in Source or Object

form, made available under the License, as indicated by a copyright notice that
is included in or attached to the work (an example is provided in the Appendix
below).
XERCES
"Derivative Works" shall mean any work, whether in Source or Object

form, that is based on (or derived from) the Work and for which the editorial
revisions, annotations, elaborations, or other modifications represent, as a
whole, an original work of authorship. For the purposes of this License,
Derivative Works shall not include works that remain separable from, or
merely link (or bind by name) to the interfaces of, the Work and Derivative
Works thereof.
"Contribution" shall mean any work of authorship, including the original

version of the Work and any modifications or additions to that Work or
Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or Legal Entity
authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written
communication sent to the Licensor or its representatives, including but not
limited to communication on electronic mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in
writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on

behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this

License, each Contributor hereby grants to You a perpetual, worldwide, non-
exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce,
prepare Derivative Works of, publicly display, publicly perform, sublicense, and
distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License,
each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section) patent
license to make, have made, use, offer to sell, sell, import, and otherwise
transfer the Work, where such license applies only to those patent claims
licensable by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s) with the Work
to which such Contribution(s) was submitted. If You institute patent litigation
against any entity (including a cross-claim or counterclaim in a lawsuit)
alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate as of the date
such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or

Derivative Works thereof in any medium, with or without modifications, and in
Source or Object form, provided that You meet the following conditions:

XERCES
(a) You must give any other recipients of the Work or Derivative Works a
copy of this License; and
(b) You must cause any modified files to carry prominent notices stating
that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You
distribute, all copyright, patent, trademark, and attribution notices from the
Source form of the Work, excluding those notices that do not pertain to any
part of the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution,
then any Derivative Works that You distribute must include a readable copy of
the attribution notices contained within such NOTICE file, excluding those
notices that do not pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed as part of the
Derivative Works; within the Source form or documentation, if provided along
with the Derivative Works; or, within a display generated by the Derivative
Works, if and wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and do not modify the
License. You may add Your own attribution notices within Derivative Works
that You distribute, alongside or as an addendum to the NOTICE text from the
Work, provided that such additional attribution notices cannot be construed as
modifying the License.
You may add Your own copyright statement to Your modifications and may
provide additional or different license terms and conditions for use,
reproduction, or distribution of Your modifications, or for any such Derivative
Works as a whole, provided Your use, reproduction, and distribution of the
Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any

Contribution intentionally submitted for inclusion in the Work by You to the
Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify the

terms of any separate license agreement you may have executed with Licensor
regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor, except
as required for reasonable and customary use in describing the origin of the
Work and reproducing the content of the NOTICE file.
XERCES
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in

writing, Licensor provides the Work (and each Contributor provides its
Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
OF ANY KIND, either express or implied, including, without limitation, any
warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY,
or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for
determining the appropriateness of using or redistributing the Work and
assume any risks associated with Your exercise of permissions under this
License.
8. Limitation of Liability. In no event and under no legal theory, whether in

tort (including negligence), contract, or otherwise, unless required by
applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any
direct, indirect, special, incidental, or consequential damages of any character
arising as a result of this License or out of the use or inability to use the Work
(including but not limited to damages for loss of goodwill, work stoppage,
computer failure or malfunction, or any and all other commercial damages or
losses), even if such Contributor has been advised of the possibility of such
damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or

Derivative Works thereof, You may choose to offer, and charge a fee for,
acceptance of support, warranty, indemnity, or other liability obligations
and/or rights consistent with this License. However, in accepting such
obligations, You may act only on Your own behalf and on Your sole
responsibility, not on behalf of any other Contributor, and only if You agree to
indemnify, defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate
notice, with the fields enclosed by brackets "[]" replaced with your own
identifying information. (Don't include the brackets!) The text should be
enclosed in the appropriate comment syntax for the file format. We also
recommend that a file or class name and description of purpose be included on
the same "printed page" as the copyright notice for easier identification within
third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License.

XERCES
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed

under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
XMLSEC
XMLSEC
The Apache Software License, Version 2.0
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and
distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by the

copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other
entities that control, are controlled by, or are under common control with that
entity. For the purposes of this definition, "control" means (i) the power, direct
or indirect, to cause the direction or management of such entity, whether by
contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising

permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation source, and
configuration files.
"Object" form shall mean any form resulting from mechanical

transformation or translation of a Source form, including but not limited to
compiled object code, generated documentation, and conversions to other
media types.
"Work" shall mean the work of authorship, whether in Source or Object

form, made available under the License, as indicated by a copyright notice that
is included in or attached to the work (an example is provided in the Appendix
below).

XMLSEC
"Derivative Works" shall mean any work, whether in Source or Object

form, that is based on (or derived from) the Work and for which the editorial
revisions, annotations, elaborations, or other modifications represent, as a
whole, an original work of authorship. For the purposes of this License,
Derivative Works shall not include works that remain separable from, or
merely link (or bind by name) to the interfaces of, the Work and Derivative
Works thereof.
"Contribution" shall mean any work of authorship, including the original

version of the Work and any modifications or additions to that Work or
Derivative Works thereof, that is intentionally submitted to Licensor for
inclusion in the Work by the copyright owner or by an individual or Legal Entity
authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written
communication sent to the Licensor or its representatives, including but not
limited to communication on electronic mailing lists, source code control
systems, and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in
writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on

behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this

License, each Contributor hereby grants to You a perpetual, worldwide, non-
exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce,
prepare Derivative Works of, publicly display, publicly perform, sublicense, and
distribute the Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of this License,
each Contributor hereby grants to You a perpetual, worldwide, non-exclusive,
no-charge, royalty-free, irrevocable (except as stated in this section) patent
license to make, have made, use, offer to sell, sell, import, and otherwise
transfer the Work, where such license applies only to those patent claims
licensable by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s) with the Work
to which such Contribution(s) was submitted. If You institute patent litigation
against any entity (including a cross-claim or counterclaim in a lawsuit)
alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate as of the date
such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or

Derivative Works thereof in any medium, with or without modifications, and in
Source or Object form, provided that You meet the following conditions:
XMLSEC
(a) You must give any other recipients of the Work or Derivative Works a
copy of this License; and
(b) You must cause any modified files to carry prominent notices stating
that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You
distribute, all copyright, patent, trademark, and attribution notices from the
Source form of the Work, excluding those notices that do not pertain to any
part of the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution,
then any Derivative Works that You distribute must include a readable copy of
the attribution notices contained within such NOTICE file, excluding those
notices that do not pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed as part of the
Derivative Works; within the Source form or documentation, if provided along
with the Derivative Works; or, within a display generated by the Derivative
Works, if and wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and do not modify the
License. You may add Your own attribution notices within Derivative Works
that You distribute, alongside or as an addendum to the NOTICE text from the
Work, provided that such additional attribution notices cannot be construed as
modifying the License.
You may add Your own copyright statement to Your modifications and may
provide additional or different license terms and conditions for use,
reproduction, or distribution of Your modifications, or for any such Derivative
Works as a whole, provided Your use, reproduction, and distribution of the
Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any

Contribution intentionally submitted for inclusion in the Work by You to the
Licensor shall be under the terms and conditions of this License, without any
additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify the

terms of any separate license agreement you may have executed with Licensor
regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor, except
as required for reasonable and customary use in describing the origin of the
Work and reproducing the content of the NOTICE file.

XMLSEC
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in

writing, Licensor provides the Work (and each Contributor provides its
Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
OF ANY KIND, either express or implied, including, without limitation, any
warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY,
or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for
determining the appropriateness of using or redistributing the Work and
assume any risks associated with Your exercise of permissions under this
License.
8. Limitation of Liability. In no event and under no legal theory, whether in

tort (including negligence), contract, or otherwise, unless required by
applicable law (such as deliberate and grossly negligent acts) or agreed to in
writing, shall any Contributor be liable to You for damages, including any
direct, indirect, special, incidental, or consequential damages of any character
arising as a result of this License or out of the use or inability to use the Work
(including but not limited to damages for loss of goodwill, work stoppage,
computer failure or malfunction, or any and all other commercial damages or
losses), even if such Contributor has been advised of the possibility of such
damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or

Derivative Works thereof, You may choose to offer, and charge a fee for,
acceptance of support, warranty, indemnity, or other liability obligations
and/or rights consistent with this License. However, in accepting such
obligations, You may act only on Your own behalf and on Your sole
responsibility, not on behalf of any other Contributor, and only if You agree to
indemnify, defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason of your
accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate
notice, with the fields enclosed by brackets "[]" replaced with your own
identifying information. (Don't include the brackets!) The text should be
enclosed in the appropriate comment syntax for the file format. We also
recommend that a file or class name and description of purpose be included on
the same "printed page" as the copyright notice for easier identification within
third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not
use this file except in compliance with the License.
zlib
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed

under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
zlib
/* zlib.h -- interface of the 'zlib' general purpose compression library version
1.2.2, October 3rd, 2004
Copyright (C) 1995-2004 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied warranty. In

no event will the authors be held liable for any damages arising from the use
of this software.
Permission is granted to anyone to use this software for any purpose, including
commercial applications, and to alter it and redistribute it freely, subject to the
following restrictions:
1. The origin of this software must not be misrepresented; you must not claim
that you wrote the original software. If you use this software in a product, an
acknowledgment in the product documentation would be appreciated but is not
required.
2. Altered source versions must be plainly marked as such, and must not be
misrepresented as being the original software.
3. This notice may not be removed or altered from any source distribution.
Jean-loup Gailly Mark Adler
jloup@gzip.org madler@alumni.caltech.edu
The data format used by the zlib library is described by RFCs (Request for
Comments) 1950 to 1952 in the files http://www.ietf.org/rfc/rfc1950.txt (zlib
format), rfc1951.txt (deflate format) and rfc1952.txt (gzip format)

Index
Inocmd32 • 77
A InoSetAlert script • 75
access permissions InoSetApproved script • 57
admin server • 56 integrating with Unicenter NSM • 83
administrator view • 55 ITM Server
acknowledgements • 119 access rights • 56
admin server • See user accounts, See guest accessing on the web • 11
account, See accessing on the web, See guest account • 57
access rights user accounts • 57
administrator rights at installation • 57
L
Alert Manager • 74
local alert manager • 75
B logs
branches collecting system metrics • 53
management • 17 scheduled job policy • 47
using with ODBC • 53
C
M
collecting system metrics • 53
command line scanner • 77 managing
configuration daemons • 51
of machines in security network • 55 managing, services • 51
proxy • 21 NetApp filers • 94
settings • 29 NetApp scanners • 89
connecting to ITM Server • 11
O
customer support • iii
ODBC (using with logs) • 53
D organization tree • 17
distribution branch management • 17
of configuration changes • 21 computer management • 49
E P
email policies • 38 PERFMON • 54
ETRUSTAV console • 99 Performance Monitor • 54
policies
G email • 38
enforcement of • 29
guest account on admin server • 57
legacy signature distribution • 36
I locking settings • 30
precedence • 30
ICF files scheduled jobs • 34
granting administrator rights at installation scheduled scanner • 34
time • 57 send for analysis • 37
inherited user rights • 59 proxy server
INOC6.ICF configuration • 21
administrator rights at installation • 57 considerations • 22
Index 193
override option • 21 W
R web access to ITM Server • 11
web browsers
remote management
using to access eTrust Antivirus • 11
Threat Management Console • 55
windows
reports
administrator view • 55
reports tab • 61
WorldView • 86
rights
administrator • 57
running Alert Manager • 74
S
scan settings
using the command line scanner Inocmd32
• 77
scheduled jobs
viewing logs for multiple machines • 47
security
administrator view • 55
service manager • 51
specified user rights • 59
subnets
discovering • 23
system metrics information • 53
T
Threat Management Console
access • 55
configuration settings • 29
e-mail policies • 38
Organization tree • 17
viewing logs • 47
window • 55
U
Unicenter Network and Systems Management
(integration with) • 83
UNIX/Linux
access permissions • 56
alert notification • 75
approved server • 57
InoSetApproved • 57
managing daemons • 51
notification facility • 75
root user • 56
user rights
characteristics • 59

Etrust Antivirus Administrator Guide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Etrust Antivirus Administrator Guide

Hochgeladen von

Copyright:

Verfügbare Formate

eTrust Antivirus

The manufacturer of this Documentation is CA.

Copyright © 2006 CA. All rights reserved.

Contact Technical Support

Chapter 1: Using the Threat Management Console 9

Chapter 2: Understanding the Dashboard 15

Chapter 3: Working With the Organization Tree 17

Chapter 4: Discovering Subnets 23

Chapter 6: Working with Clients 49

Chapter 7: Managing User Access 55

Chapter 9: Managing Licenses 69

Chapter 10: Using the Alert Manager 73

Appendix A: Using the Command Line Scanner Inocmd32 77

Appendix B: Integrating with Unicenter NSM 83

Appendix C: Managing NetApp 89

Appendix D: Using the ETRUSTAV Console Program on Netware 99

Appendix E: Messages and Codes 115

Appendix F: Acknowledgements 119

viii Administrator Guide

For information on web browser and console settings, see Chapter 3,

This section contains the following topics:

Using the Threat Management Console 9

Open the Console from a Browser

To open the Threat Management Console using a web browser

1. Open a web browser.

The Login dialog appears.

4. Click Log in.

Open the Console from the ITM Server Machine

To open the console from machine hosting the ITM Server

1. From the computer hosting the ITM Server:

(Windows) Click Start, Programs, CA, eTrust, eTrustITM, Console.

(Mac OS X) Choose /Applications/CA/eTrustITM, and then double click

The Login dialog appears.

3. Click Log in.

Navigating the Console

Tab Features and Options

Dashboard Provides at-a-glance product status, license

Discovery Lets you discover computers running eTrust Threat

Using the Threat Management Console 11

Tab Features and Options

Organization Lets you organize computers into logical containers, or

Client Provides access to properties, policies, and logs for a

Report Displays a wide variety of reports and graphs for eTrust

Licensing Provides detailed license information for your network,

Accessing CA Security Advisor

Using the Threat Management Console 13

Using the Dashboard Tab (see page 15)

Using the Dashboard Tab

Understanding the Dashboard 15

Restarting the ITM Server

Organization Tree (see page 17)

Note: A computer can only be a member of one branch at a time.

Working With the Organization Tree 17

Adding a Computer to a Branch

Using the Organization Tab

The following example Organization tree has a branch called Accounting.

Working With the Organization Tree 19

Viewing Client Information

Note: To perform management tasks on a particular computer, you can use

Working with Branch Properties

Using Policy Proxy Servers

Using Proxy Servers in Sub-Branches