Unmistakable proof that you can force a nickel to scream for mercy: You’re still running your old NT 4.0 servers.

The odds are pretty good that your budgeteers haven’t loosened the purse strings for virus scanning on servers at all. So every now and then, you probably break out in a cold sweat (we hope).

Well Bubba… This article’s for you. We’re going to show you how to assemble an anti-virus toolkit for a network manager without a wallet.

Will you end up with a full commercial-grade anti-virus solution when we’re done? C’mon. You’re running legacy servers. Most the kids writing for the major a/v outfits were still wetting their pants when NT 4.0 production assumed room temperature.

Consider this a lightweight anti-virus kit. Light on your pocketbook. And vastly more powerful than what you currently have, i.e., nothing.

For starters, you need to dig down deep. Sysinternals’ RootkitRevealer lists Registry and file system API discrepancies that may indicate the presence of a user-mode or kernel-mode rootkit.

RootkitRevealer detects all persistent rootkits published at www.rootkit.com, including AFX, Vanquish and the public version of HackerDefender. A beautifully wrought utility crafted by two guys with unimpeachable credentials: Bryce Cogswell and Mark Russinovich. To interpret its output, you’ll need the instructions.

Next comes Sentinel. This fairly small program watches for changes or additions to your System folder (and others). When change happens, Sentinel runs a CRC32 check. If the check fails, Sentinel screams, then activates your anti-virus software… assuming you have anti-virus software… which you don’t.

Like RootkitRevealer, Sentinel watches your registry. But its interest is trojans and worms, rather than rootkits. It’s looking for programs that are trying to start using the Registry, like Beagle (the worm).

By setting Sentinel to auto-start, then using its Secure Shutdown feature, you help it circle the wagons around your NT 4 server.

The final chunk of your toolkit is A2-Squared Free (A2SF). This offspring of Austrians is the closest thing we’ve found to a free full-ride anti-virus scanner for NT 4 servers. It maintains a list of around 150,000 signatures.

A2SF does a lot of stuff like commercial a/v software. It runs signature scans for trojans, backdoors, keyloggers, worms, dialers, spyware, adware, hijackers, and tracking cookies. It does memory scans of active processes. And runs heuristic scans for unknown malware.

But unless you pay up for A2-Squared Personal, it won’t do its thing on-the-fly. You’ll have to load it yourself. As far as that personal stuff goes… here’s the A2SF licensing restriction for usage: “You may install and use the Software Product on a computer system.”

In case you were wondering, servers are computer systems.

By pointing Sentinel at A2-Squared Free when it triggers an alert, you’ll round out your Email Battles’ Lightweight Anti-Virus Free System for NT (EB-LAFS-NT) without spending a penny.

The accountants will love you… Till something comes along the system can’t handle. Until then, don’t worry. Be happy.

Have any additions or corrections for EB-LAFS-NT? Post ‘em here for all to enjoy.

Email Battles Backgrounder: