==================================================================
                   F-PROT ANTIVIRUS 4.5.3

               for AIX on IBM pSeries (RS/6000)

                       RELEASE NOTES
==================================================================


This document describes the changes in the software since F-Prot
Antivirus 4.4.8.


MAJOR ENHANCEMENTS
------------------

4.5.3:

This new version 4.5.3 adds a new commandline switch to the Daemon
Scanner: '-fullreport'.  By default, the Daemon Scanner will group
similar scan results to simplify interpretation for connecting
clients.  If the -fullreport switch is specified during startup
then the Daemon Scanner will report more detailed results.

Version 4.5.3 also adds new possible summary codes to the Daemon
Scanner or changes their meaning.

Previously summary code 11 meant that the object was infected or
highly suspicious.  Now summary code 11 only means that the object
is infected but a new summary code 10 means that the object is highly
suspicious.  It is recommended in the case of infected objects
(summary code 11) that they be removed but in the case of suspicious
objects (summary code 10) that they be quarantined.  In the case of
infected e-mails they should be removed in both cases.

Summary code 22 can now only occur when using the -fullreport switch.

New summary codes, when using the -fullreport switch, are summary
codes 6, 7, 8 and 18.

Please see the Daemon Scanner (f-protd) man page for more details
and a full list of possible summary codes.

4.5.2:

This new version 4.5.2 is released to fix a bug in the scanning
of Acrobat PDF files.

4.5.1:

This new version 4.5.1 is released to fix a critical bug in the
Mail Scanner that surfaced in version 4.5.0.

4.5.0:

Version 4.5.0 contains a major overhaul of the virus scanning
engine (new engine version 3.16.1).  These changes improve its
detection capabilities of known malware as well as unknown malware
by means of heuristics.  The engine can now better detect and
handle executable packers that are often used by malware authors
to conceal their malicious code.

All executables that are encrypted in ZIP archives are now
reported as "could be a suspicious file (encrypted program in
archive)" but where previously reported as "could be a security
risk".

Archive handling has been improved and is now more consistent.
Version 4.5.0 also includes detection against so-called "archive
bombs", archives that are constructed in such a way that a 
seemingly innocent file will expand tremendously, consuming all
available memory and CPU on the computer.  A part of this change
is that the scanners now only scan to a certain number of levels.
Of particular note is that the Command-Line Scanner and the Daemon
Scanner only scan by default to a depth of 5 levels.  This can be
changed by using the command-line switch /ARCHIVE=N where N can
be 1 through 99, or 0 for infinite.  If the limit is exceeded then
the Command-Line Scanner will exit with a new exit code 10 (some
files were not scanned; in this case because maximum archive level
was reached).  The Daemon Scanner will return a new summary code 
30 in this event.

Another new exit code has been added to the Command-Line Scanner,
exit code 9.  This exit code indicates that some files were not
scanned, e.g., encrypted files, because of unsupported/unknown
compression methods, because of unsupported/unknown file formats,
corrupted or invalid files.  The Daemon Scanner will return summary
codes 0, 3 or 4.

Both exit code 9 and 10 indicate that some files were not scanned
and, therefore, they can not be guaranteed to be clean.  The
difference between them is that if exit code 10 occurs then some
settings can be changed (e.g., increase the maximum allowed
archive depth) and the scanner might be able to scan the file.
If, however, exit code 9 occurs then the scanner is not able to
scan the file.

A complete list of the exit codes can be found in the man pages
for the Command-Line Scanner.

New summary codes have been added to the Daemon Scanner:

22:  The object is a valid archive which contains at least one
     infected object.
30:  The object was not scanned; maximum recursion level (N) was
     reached as specified vith '-archive=N'.
31:  Not scanned, suspicious decompression ratio found in archive,
     possible archive bomb.

One summary code was removed:

7:  The object was identified as an "innocent" object.

A complete list of the summary codes can be found in the man pages
for the Daemon Scanner.


MINOR ENHANCEMENTS AND BUGFIXES
-------------------------------

Please see the CHANGES document in the package for more information.


2005-01-06