Novell Home

Auto Updating McAfee on Workstations

Novell Cool Solutions: Trench
By Wayne Campbell

Digg This - Slashdot This

Posted: 28 Jul 2004
 

Updated with instructions for a java-based FTP Client.

I have read all of the ideas in Cool Solutions about keeping McAfee updated on the workstations, and many of them are great. But none did exactly what I wanted. Here is a cool solution for keeping McAfee Antivirus updated on your workstations.

Required

FYI- If you install this solution on a NW 5.1 server then upgrade to 6.0 + you will need to reinstall the GETFTP command line FTP client.

Quick Breakdown

1. Set up your own anonymous FTP server and create a directory to download Dat updates to. (This does not have to be public and can exist solely in your network.)

2. Use GETFTP.nlm or any Command Line FTP program for NetWare to download the DAT's to the FTP site you just created. (I use the Superdat's - sdatxxxx.exe)

3. Use CRON to schedule the GETFTP download every morning.

4. Setup your McAfee VirusScan Console Schedule to download from YOUR FTP site, AT STARTUP. OR, if you downloaded the superdat you can run it from your login script.

In Depth

I started by loading nwftpd.nlm and setting up an anonymous FTP directory on my NetWare 5.1 server, using the Novonyx Administration Screen. This can be loaded with nvxadmup.ncf and taken back down with nvxadmdn.ncf. You must access the Administration screen with your Web Browser by pointing to the IP address of that server and port 2200. Example: https://10.3.1.1:2200 or with whatever name resolves to your IP address. You must log in with your administrator account.

Below is an example of how I set it up. Yours may need to be different.
NOTE: Be sure to create the Directories that you specify below, the program won't create them for you.

Use FTP for Web publishing to this server using tools 
such as FrontPage(R) 2000?     <no>

Default user home server    < Leave Blank>
Default home directory    <Make this a Directory on your volume 
Example-  sys:\public\FTP >
Ignore NDS user home directory and stay in default FTP Server 
directory    <yes>
Ignore NDS user home directory if it's on a remote 
NetWare server    <yes>
FTP user restrictions file    < sys:/etc/ftprest.txt >
Search List    < If you have to search for users in 
different contexts, 
put them here >
FTP Catalog object name    < ftpcat >

FTP Server Anonymous Users
Allow anonymous access    < Yes >
Anonymous users home directory    < a Subdirectory under the 
Home directory you created above.> 
Example- sys:\public\FTP\update
Require e-mail address for password    < no >

After I finished setting up my FTP server, I downloaded getftp.nlm from http://www.novell.com/coolsolutions/tools/1083.html . This is a Command line FTP client for NetWare. It will let you download the Sdatxxxx.exe or whatever you need to the Anonymous Directory you created above.

Once you have installed getftp.nlm as per the directions that are included with it, you can set up a cron job to execute the download everyday (TID 10024685). The Command in your crontab file will look something like:

35 3 * * * getftp ftp.nai.com/pub/antivirus/ superdat/intel/sdat*.exe sys:\public\FTP\update

Ok, we setup our own Anonymous FTP server and we are automatically downloading the sdat's everyday to it. Now all you have to do is configure your Workstations McAfee auto-update settings to FTP from your Server instead of NAI's.

Some things to remember

1. You will have to create an anonymous user object in your NDS in the same context as your server. Make sure the Anonymous user has RF rights to the anonymous FTP directory and no rights anywhere else.

2. If you are running DNS and only resolve names external to your network and you are using the same server for serving a web site, don't use the domain name for that server to pull up the FTP server. Oh, it will work, but will be wasting almost as much bandwidth as if your workstations were updating directly from NAI. Just use the Internal IP's or machine names for your Internal network. If you have people on the road that need to update, they can use the domain name for your site, or pull directly from NAI.

3. If the auto-update configuration on the workstations let you create multiple locations to download from, and you have more then one 5.1 server, you can do this on multiple servers for redundancy.

4. VERY IMPORTANT - as you download new DAT's from NAI, you will not be deleting the old ones from your anonymous FTP directory, because they will not have the same names. This is where TOOLBOX.nlm comes in. With toolbox.nlm loaded you can run the delete command as a CRON job, just before your scheduled download, so you delete the old one and download the new one in a matter of minutes. Be sure to use the "y" switch as indicated below. This prevents the "Are you Sure?" prompt from popping up. Note the "*" used below, this deletes anything with sdat in the name.

Example- 30 3 * * * del sys:\public\ftp\update\sdat*.exe y

5. You will also need to download the update.ini file and put it in your anonymous FTP directory. This can be found on NAI's FTP site. This file changes every time the superdats change, but it is always, update.ini. This means you can use another CRON job to download it everyday, but you shouldn't have to delete it, as it will be overwritten every time you download it.

As you can see, I use the sdatxxxx.exe (superdats), but this will work just as good with the incremental dat's or any of the other flavors of dat's that McAfee puts out. Why do I download the superdats everyday, when they are only updated weekly? Well that's a good question. I guess I just like the redundancy of downloading it every day. If I scheduled it to download only on the day that McAfee updates the superdat and there was a problem of some kind, I'd have to wait a week before the download took place again. The way I have it set up, if there is a problem with the download it will do it again the next day.

Using a Java-based FTP Client

It's been a while since I have updated this article and I would like to do so now as I have made a significant change.

I have been experiencing some difficulties with the GETFTP program so I have switched to a Java-based FTP client for NetWare. The NWFTPCLU package is a bit more involved then GetFTP and lacks one feature that was handy in GetFTP: it doesn't allow you to use wildcard filenames. But that is OK, as it will let me download entire directories which is about as good. As I said, this program is a bit more extensive then GetFTP was, and it will take you a few minutes to figure it out, but the documentation is pretty good. NOTE: the README file that is included in the package will not be available until you actually install the package on your server. The NWFTPCLU suite is really slick and I am hoping that it will be more stable and cause me less problems.

Here is an example of how I am using it: (after the installation)

1. I created a file called datfiles.ncf containing the following command:

java -classpath sys:\ftpjava\ftp.jar;sys:\ftpjava\com.xaro.NWFTPCLU.jar NWFTPGET 
ftp.nai.com anonymous email@ /pub/antivirus/datfiles/4.x/* sys:\public\ftp\defupd\ 
binary pasv

After you install the program and look at the README you will have a good idea of what all of that means, but I'll tell you a little bit about it starting with the ftp.nai.com portion of the command:

ftp.nai.com - the host server. you can also use the IP address and port #

anonymous - user name (would be a real user name if you need to authenticate)

email@ - most anonymous ftp servers want an e-mail address for a password

/pub/antivirus/datfiles/4.x/* - the source that I am copying from.. Since I have all 4.x versions of McAfee at my school, I am just downloading the entire directory which apparently includes the superdats and the incrementals as well as the update.ini file.

sys:\public\ftp\defupd\ - the destination, which is my private anonymous FTP server

2. Then I just use a cron job, as before, to call the datfiles.ncf a few times a day. I also, using the delete command in toolbox, delete the entire contents of my sys:\public\ftp\defupd\, once early in the morning. This way, my anonymous FTP server will always be an identical mirror of the /4.x directory at NAI.

That about it. It's not all that different than before, just a different FTP client.

If you have any questions you may contact Wayne at tech447@usd447.org


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell