Updating NetShield Virus Patterns on NetMail
Novell Cool Solutions: Tip
By Mitch Mitchell
Digg This -
Posted: 17 Jun 2002
NetMail does a great job at catching and stopping e-mail borne viruses. However, in order for it to catch all the latest and greatest viruses, the virus scanning engine you are using with it has to have current virus signature patterns. Some of the virus engines support updating the virus patterns on the fly, without having to take NetMail down. However, if you are using McAfee's NetShield, there's no built-in way to have the pattern files updated without taking NetMail down. NetShield has the ability to update its own pattern files, but not while NetMail is running as NetMail keeps the scanning engine locked.
There is a solution to this problem, and it's probably easier than you think.
First, configure NetShield to update its pattern files at say, 6:31am (or any time when your mail server has low usage). Now, set up a CRON job to unload AVIRUS.NLM at 6:30am and reload it at 6:32am. You may need to adjust the time that AVIRUS is unloaded if you have a slow Internet connection. However, NetShield will typically take only 20 or 30 seconds to update its pattern files. As long as AVIRUS is unloaded, NetShield is able to update its pattern files.
Don't worry, NetMail will continue to accept connections and while AVIRUS is unloaded and it won't let any viruses through. The mail will stay in the queue until AVIRUS reloads. After AVIRUS reloads, all the mail that is in the queue is scanned for viruses and sent on its way. You won't let any mail thru the system that has not been scanned while AVIRUS is unloaded.
Don't forget to add this to your AUTOEXEC.NCF file, it loads the CRON scheduler:
And, create a CRONTAB file in the SYS:ETC directory of your NetMail server running NetShield with the following contents:
30 6 * * * unload avirus
32 6 * * * load avirus
This will unload AVIRUS everyday at 6:30am so NetShield can do its thing. You will need to adjust the crontab settings based on when and how long you will need to unload AVIRUS. See the CRON readme for detailed info on its usage.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com