OVERVIEW

    WW2DSHIELD ("W2D") prepares WallWatcher log records for submission to DSHIELD.ORG.  It can use the actual WallWatcher logs or records you have filtered through WallReViewer.

    During the one-time setup, you can choose how you want to submit your reports.  The preferred way is by e-mail, but you can also use your Browser (it gives you more control and a chance to preview what you're going to submit).  After you've done the Setup, you can submit occasional reports when you think there's excessive activity, or schedule automatic daily e-mail reports.

    To prevent duplicate submissions, W2D keeps track of the latest timestamp it has successfully sent to DSHIELD.ORG, and won't send any records with an earlier timestamp.  You can temporarily bypass this feature.

SETUP

• Download WW2DShield.zip and unzip it into the WallWatcher folder
• Double-click "ww2dshield.exe" to start the program
• Enter your E-mail address and DShield User ID, then click "Save Setup".
• You also may need to enter your normal SMTP (Mail Server) name before clicking 'Save Setup'
• You probably will want to use some other options, but can fine-tune them later on.
• Select a recent log file and click "Submit" to make sure it works.
• You may have to tell your software firewall to allow W2D to use the Internet.
• If you receive a confirmation from DShield.org, which can take a few hours, you can submit other logs at any time.

• Select Scheduled Tasks or Task Scheduler, from the Windows Control Panel;
• Select "Add scheduled task", find "WW2DShield.exe" in the WallWatcher folder, and select it;
• Add two run-time switches (-t -q) in the "Run" box, so that it reads something like this:

                        "C:\Program Files\WallWatcher\WW2Dshield.exe"  -t  -q
• decide how often, you want it to run (DShield.org recommends at least every few hours, to make sure the information is current when they receive it);
• If you choose multiple schedules, the last run-time should be a minute or two before midnight;
• If you choose to submit reports only once a day, replace the -t with -y and schedule the submission for just after midnight;
• Make sure the new task is Enabled, then click OK

1. If you haven't already done so, download WW2DSHIELD using the link above, then unzip its contents to the folder that already contains WallWatcher and WallReViewer.  The ZIP file includes sndmail.dll, which must be available to W2D even if you're not using its e-mail feature;
2. Double-click "ww2dshield.exe" to customize it.  You only need to do this the first time, or when you want to change the setup;
3. In the FILES area, select the drive and folder containing your WallWatcher logs.  Usually, that folder will have been pre-selected for you;
4. In the SETUP area:
1. Decide how you want to submit the reports:
• at website, by pasting the completed report into DShield's Report Submission page;
• by E-mail.  This is the easiest method.  It requires a one-time setup, can be fully automatic thereafter:
• To use email, you'll need to supply your e-mail address and the SMTP server your e-mail uses.
• if you omit the SMTP server, W2D may still work, but you won't be able to use the Test or cc options.
• You can find the name of your SMTP server by looking in your normal E-mail program.  To find it in Outlook Express, click the "Tools" menu item, then click "Accounts" (select an account if necessary), "Properties", and finally, "Servers".  The item "Outgoing mail (SMTP)" identifies the server.
• You can test W2D by checking "Test: send to yourself"
• Then, complete the rest of the Setup, and choose a WallWatcher Log file from the file list.
• Click "Submit Report".  You'll see immediate results in the message area at the bottom of the screen, and should receive the report in your normal e-mail program almost immediately.

NOTE: if you are using a software firewall, it will probably block the first e-mail submission.  You will have to tell it to allow WW2DSHIELD to send SMTP records to the SMTP server on port 25.
• W2D does not check for duplicate submissions while in Test mode.
• Some ISP's will not let you use their SMTP servers to send e-mail this way.  If W2D fails to send in Test mode, it may work in production mode: leave the SMTP field blank, send a report, and wait to see whether DShield receives and accepts it.
• If W2D can't successfully send the email, please see EMail Alternatives, below
• Once you're satisfied that the e-mail method works, turn off the Test option and save the Setup.  Anything you submit through W2D from then on will be sent to "report@DSHIELD.ORG".
• If you want to e-mail copies of the actual reports to yourself, check the "cc" option.
• This only works if you can use your own SMTP server ID.
• If you want to keep a history file of the submitted reports, check the "History" option.

 
2. If you have a DShield Userid, enter it also.  Otherwise, leave it at "0", which DSHIELD.ORG will also accept;

 
3. PRIVACY: Inbound log records probably contain your real IP Address.  If you do not want to reveal that address to DSHIELD, check the "Privacy" option, enter your real IP Address, and then choose the replacement method to be used throughout the report:
• Partially - replaces the first segment with '10' and keeps the last three segments.  DSHIELD.ORG prefers this method;
• Totally - replaces the entire IP Address with '10.0.0.1', DSHIELD's standard for a fake address;

 
4. FILTERING: If you've told WallWatcher and / or WallReViewer to hide certain IP Addresses, URLs, websites, or ports; and want to omit those from your DShield reports, check Omit Hidden Records.  Otherwise, Inbound records from your e-mail server and other trusted sites will be included in these reports.

 
5. Click "Save Setup";
6. Click "Exit"; you're done with the one-time Setup.

TWO WAYS TO MAKE OCCASIONAL REPORTS

    You can submit an unfiltered report directly by just running WW2DShield, or filtered reports by using WallReViewer.  Here's a summary of the second approach:

1. Run WallReViewer ("WRV") and use its filters to select only the records you want submitted to DSHIELD.
• W2D and WRV will only submit "Inbound" log records, and ignore the rest.
• You can include several days' logs; you can use SHOW ONLY;
• the Dshield menu is not available in Summary mode, because W2D no longer accepts Summary reports;
2. Use WRV's "DSHIELD" menu to choose what you want submitted to Dshield ("All", "Window", or "Range"; normally, you will want to select "All").
• WRV will pass that information through the Clipboard to this program (W2D), which will prepare the report.
• Then, based on your Setup, it will either e-mail it or place the result on the Clipboard and open your Browser to DSHIELD.ORG's Report Submission page.
• In either case, W2D will run invisibly, but if it detects an error, it will display a message.
3. If you've chosen to Submit at website, you will see DSHIELD.ORG's page in a browser window:
• Position the cursor in the "LOG EXCERPT" area and use PASTE on the Browser's Edit menu (or Ctrl-V);
• The page has a drop-down list of report formats. You must change the report format to "DShield Tab Delim" (the default, "Linux", won't work);
• The log records already contain the Time Zone and your UserID (if you provided one during Setup), so you can ignore those items on the page;
• Send in the report.
4. W2D logs the outcome of its submissions in a file called "WW2DSHIELD.LOG", and you can check this from time to time to make sure everything's been working properly.
5. If you are registered with DSHIELD.ORG, have provided a valid e-mail address and User ID, and have asked them to send you confirmations, you should receive those confirmations by e-mail.  That may take some time.

MORE ABOUT USING WW2DSHIELD

    You can use W2D in three different ways: through WRV as described above, directly, or on a schedule, through the Windows Task Scheduler.  If you want to send unfiltered reports occasionally, the direct way is probably the one to use.  If you want to be more selective, use WRV's filtering capabilities and its "DShield" option on the FILE menu.  If you want to submit daily reports automatically, use the scheduled method.

USING WW2DSHIELD DIRECTLY

    To change the Setup or to select specific files to be reported, you can start W2D by double-clicking on its name or a shortcut to it.  You can use filtered WallReViewer report files or actual WallWatcher logs.

To filter the log information through WallReViewer, which will also let you summarize several logs into one report:

1. Run WallReViewer ("WRV") and use its filters so that it only shows the records you want submitted to DSHIELD;
• do not use Summary mode, because DShield, and therefore W2D, does not accept summary records (they could be misleading);
2. Use WRV's PRINT menu to "Print to File" and then select what you want printed ("All", "Window", or "Range").
• this places the information in a file instead of on the Clipboard (the same way WRV has supported print-to-file in the past);
• if you place multiple reports in a single file, W2D will only use the first one and ignore the rest.
3. Run WW2DSHIELD.EXE yourself by double-clicking on it or a shortcut to it;
4. In the FILES area, select the file you just prepared in WallReViewer.  It will be in the WallWatcher folder, so it should be in the file list that is already on the screen;
5. You can change the SETUP if you wish to do so;
6. If you want to save this setup for future use (so that you won't have to re-enter everything), click the "Save" button. This does NOT save the name of the file you've selected, but does save the path to it.
7. When you've finished making your selections, click "Submit Report".
• Report preparation is almost instantaneous.  You'll see the outcome in the message area of the window;
• If you're submitting through e-mail, you're done.  While W2D is connecting to your mail server, the message area will be highlighted in green.  When it's done, the message area will display the final result;
• if you're submitting at the website, the report will be on the Clipboard and W2D will open your Browser at DShield's Report Submission page;
• When you see DSHIELD.ORG's Report page:
• Position the cursor in the "Log Excerpt" area and paste in the report;
• Set the report format to "DShield Tab Delim".  The default, "Linux", won't work;
• Each line in the report already contains your Userid and your Time Zone adjustment, so you can ignore those items on the page;
• Send it in;
• The first few times you use W2D, you may want to review the report before submitting it;

To select entire WallWatcher logs (one day of records per report):

1. Run W2D by double-clicking its name or a shortcut to it;
2. In the Select File area, choose the WallWatcher log file(s) you want to submit.  WW log files are named: LOG yyyy-mm-dd.TXT;
• If you check "List in reverse order", the most recent logs will be at the top of the list, and you won't have to scroll down to find them.  You can include this setting in your saved Setup.
• If you check "Select all unreported", all logs since your last submission to DShield will be selected.
3. Make sure your Setup is satisfactory;
4. Click "Submit Report";
5. You'll see the outcome in the message area of the window.  Usually, it will just confirm that the report has been sent.  The most common "error" message will be that "no reportable events" were found, because:
• There were no Inbound records in the log;
• All Inbound records were from Addresses you've told WW or WRV to hide (trusted sites);
• The timestamps on the records were earlier than the threshold, and were rejected as possible duplicates.
6. If you're submitting the report at the website, DSHIELD.ORG's Report Submission page will open, and you can Paste your report and submit it.
• Position the cursor in the "LOG EXCERPT" area and use PASTE on the Browser's Edit menu (or Ctrl-V);
• The page has a drop-down list of report formats. You must change the report format to "DShield Tab Delim" (the default, "Linux", won't work);
• The log records already contain the Time Zone and your UserID (if you provided one during Setup), so you can ignore those items on the page;
• Send in the report.
7. If you want to submit additional logs, you may do so.  DSHIELD.ORG requests that you not submit the same records more than once, and W2D keeps track of the most recent timestamp it's already submitted to prevent duplicates.

RUNNING WW2DSHIELD ON A DAILY SCHEDULE

    This method is provided for people who want to submit daily, automatic reports by e-mail.  It only works on a daily basis, not weekly or anything else; and it only works if your computer is running at the scheduled time.  Before relying on an automatic schedule, you probably should use W2D manually to submit one or two WallWatcher logs directly, make sure that it works, and get a positive confirmation from DShield.

1. Make sure your W2D Setup uses e-mail and that it works properly (you've used it manually and gotten a confirmation back from DShield);
2. Start the Windows Task Manager, or whatever automatic scheduler you are using.  If you aren't using any scheduler, the rest of this won't work.  The instructions below are for the Windows Task Manager:
3. Select "Add new task", then the Wizard (the Wizard likes to think for a while, so be patient);
4. Browse to "WW2DSHIELD.EXE" and select it;
5. Schedule it to run daily.  If you leave your computer on overnight, run it any time after midnight.  Otherwise, choose a time when your computer is likely to be running;
6. Click "open advanced properties", then click Finish;
7. The Task tab of the Settings window will open, highlighting the program  path and name;
8. Put a quotation mark " before and after the highlighted path and name;
9. After the final quote, type a space, a dash, and the letter "Y" (for 'yesterday') or the letter "T" (for 'today').  These must NOT be in quotes, and case doesn't matter.
•  -Y  tells W2D to use "yesterday's" log file.  This should work from 12:01 AM to 11:58 PM.  It is the preferred choice because yesterday's log is complete;
•  -T tells W2D to use "today's" log file, which will always be incomplete unless you're scheduling the task for just before midnight.  (that's why "-Y" is the preferred choice.)
• -Q tells W2D to quit after running automatically, even if no report was sent or an error occurred (most errors).  Use this only after you're sure your setup is working properly.  When this switch is not used and W2D is running automatically, it will quit only if it sends a report, so you'll be able to see whether something went wrong.
Example:  "C:\Program Files\Wallwatcher\Ww2dshield.exe" -y -q
10. Click "OK".  If you check the setting later, the quotes may have been removed by Task Scheduler.  That means they weren't needed, which is OK, too.
11. You should see "WW2DSHIELD" as a scheduled task in the list;
12. Close the Task Manager's window and you're done.  The reports will be sent in every day until you change the schedule or W2D's setup, or are no longer running WallWatcher;
13. You can check "WW2DSHIELD.LOG" from time to time, to make sure the reports are being submitted.  If you're registered with DShield, have provided your real e-mail address, and asked them for confirmations, DSHIELD.ORG will send you those confirmations, which is even more reassurring.

E-MAIL and SMTP SETUP

• If you provide one of your real e-mail addresses and your DShield UserID, they can send you a confirmation when they receive and validate your reports;
• If you provide a fake e-mail address, it may or may not work, and you may or may not get an error message.  You certainly won't get confirmations from DShield;
• If you omit the e-mail address entirely, W2D will generate a fake one that probably will work.  However, if DSHIELD.ORG doesn't like this, they probably won't accept your reports.  It's best to include your e-mail address.
• You can find your SMTP Server address in your e-mail program's setup.  You cannot use a web-mail server for this (no Hotmail servers, for example, but you can use a Hotmail e-mail address with your ISP's SMTP Server.)  Don't try to use a fake SMTP server name: it won't work;
• If you omit the SMTP Server, you may be able to submit actual reports to DShield, but you will not be able to send Tests to yourself (the program will use DSHIELD.ORG's SMTP server).
• If W2D can't submit a report through your own MailServer nor by leaving the SMTP field blank, please see EMail Alternatives;
• DO NOT ENTER AN "ID" OR "PASSWORD" unless you know for sure that your SMTP (email) Server requires them.  (Run a TEST without them; if it fails, try it with them; if it still fails, remove them and determine what the problem really is.)  W2D stores a "weakly encrypted" version of those values in the Registry, but not in its INI file.  This does not provide the kind of protection that Windows offers, so if you aren't comfortable with the risk involved, please do not use these options; just use DShield's server;
• If W2D still cannot send e-mail, try using the address of your POP SERVER instead of your SMTP server; some people have reported success with that approach.  If it does work, you may not need the ID and Password;
• You can use the "CC" option to send a copy of each report to yourself as well as to DShield.
• You must provide your real e-mail address (the one your ISP assigned) and your ISP's SMTP Server for this to work;
• If you omit the SMTP Server, an original report should go to DSHIELD.ORG, but not to you; and W2D will tell you the entire attempt failed (that's just the way SNDMAIL works; W2D has no control over it).
• If you omit your e-mail address, the cc is ignored; the only copy will go to DSHIELD.ORG;
• If you don't use your real ISP-based e-mail address, you probably will not receive a copy.  For example, a Hotmail address may not work.
• You can use the "History" option to add each successfully submitted report to "Ww2DShieldHist.txt".
• This History file will be in the same folder as the program;
• Tests and failed submissions will not be added to the history;
• All reports will be in the same history file; each report will begin with a time-stamped separator line;
• Over time, this file may become quite large, so you may want to erase, edit, or archive it occasionally.
• If your ISP's mail system rejects your SMTP setup, try leaving the field blank (if you had something in it), or putting your real SMTP Server address into it (if it had been left blank).  Apparently, different ISP's have different requirements;
• If you have to leave the SMTP field blank, "cc" and "Test" options will not work.  After sending a real report, wait a while, then check to see whether DShield accepted it.

EMAIL ALTERNATIVES

    W2D may be unable to contact the SMTP Server or receive a response from it for several reasons, most of which are security and spam-related: ISP's try to prevent unauthorized use of their MailServers, firewalls try to filter out spam (outgoing as well as incoming), and some routers block certain kinds of communications.

• In most cases, you should be able to use your normal SMTP Server name (the same one your regular email program uses).  You originally were given this by your ISP or Network Administrator.  You may have to tell your software firewall and/or anti-virus program that it's OK for WW2DSHIELD.EXE to send emails.
• If you omit the SMTP name, W2D will try to use DShield's own mail server (mail.dshield.org).  That server only accepts emails containing DShield reports and will not relay emails elsewhere.  If W2D doesn't get a response from the MailServer within about a minute, it will ask you whether it should keep waiting or just quit (shut itself down).  If you look at WallWatcher's Events List while this endless delay is in progress, you may see that an attempt to contact the MailServer occurred and that the MailServer responded, but the router blocked the response.  In that case, you can try these alternatives:
1. go back to using your normal SMTP server;
2. see whether you can configure the router to not block those responses;
3. submit the report through a dial-up connection. DO NOT consider this alternative unless you have a good software firewall running at the time.  Connecting to the Internet without a firewall, even for less than a minute, will expose your computer to virus infections;
4. submit the reports through your browser, by using the "Submit at website" option n W2D's Setup area.

OTHER FEATURES

DUPLICATE RECORDS

DSHIELD.ORG has asked all of us to avoid submitting the same record more than once.  W2D does this by keeping track of the latest timestamp in each report it successfully submits (the 'threshold').  Only records later than the threshold will be included in subsequent reports. W2D updates the threshold after each successful submission and shows it in its window.

You can temporarily bypass this safeguard by unchecking "Only use records dated after".  It will turn itself back on after each successful report submission.

The current threshold timestamp is stored in a file named WW2DSHIELD_DATEGUARD.INI. If you erase that file, the threshold will revert to 2000-01-01.

The threshold resolution is 1/100 second.  The report resolution is one second.

W2D does not use or update the threshold when you're running the self-test, only when you're actually submitting reports to DSHIELD.ORG.
 

This is like the "Replace All" feature in a word processor.  It lets you tell W2D to search every log record for a certain text string, and to replace every occurrence of that text with other text.  Neither may be blank or null, and only one pair of text strings may be used.  The values will be included in any "Saved Setup."  This replacement is separate from the "Privacy" feature.

Use this at your own risk!  You can create invalid records (bad IP Addresses, etc).  This feature has been added because a couple of people have asked for something like it.  Please test it by sending an email to yourself and examining the result.

VERSION HISTORY
 

Please send feedback, questions, and problem reports to: support@wallwatcher.com . Please include a name such as "WW2DShield" or "W2D" in the SUBJECT line to bypass the spam filters.