Using McAfee and ZENworks to Fight Viruses
Novell Cool Solutions: Trench
By Mark Jacobson
Digg This -
Posted: 20 Nov 2003
Note: This was submitted to the Virus Busting contest, and we are printing it here separately because of its length. To read the other entries, see this article.
This one's kind of long, but pretty trouble free.
Here is what I do for McAfee Virusscan 4.51 and probably can be re-engineered for any virus software that allows updates via ftp.
- Install NetWare FTP on any NetWare server in your tree.
- Create a user called virusscan or whatever you want.
- Set the user's home directory to the server, volume and subfolder where you internal virus definition repository will be.
- Export the following registry keys from a workstation that you have setup the schedule and the ftp parameters on and tested.
The data provided below is just an example to update 5 minutes after login. NOTE: The password line definitely must be exported from the registry because it is encrypted. So don't freeform the real password in this spot.
"szFTPLocation"="nwftp.yourdomain.com/" <- The forward slash at the end is important.
"szFtpPassword"="XyzAbc" <- encrypted password
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On
Access Scanner\Vshield\System Scan\General]
"dwStartupDelayMins"=dword:0000012c <- 5 minutes represented in the number
of seconds in hexidecimal.
- Next create an application object with the above registry settings set to create always.
- In pre distribution script enter #net stop "avsync manager"
- In post distribution script enter #net start "avsync manager" Avsync must be stopped before updating the settings because McAfee rewrites the working parameters to the registry when the computer is shutdown.
- Set path to executable file to: C:\Program Files\Common Files\Network Associates\McUpdate\mcupdate.exe
- Set parameters to /quiet
- Set environment to secure system user.
- Set to run once.
Now update the version number any time you want to do an on-demand update, otherwise the workstation will check at every login. Bases are covered.
To get extra fancy, on a Windows 2000 server or workstation, create a scheduled event to run Thursday morning. I recommend running it several times because sometimes NAI FTP site is busy or down.
Example commandline: c:\winnt\system32\ftp.EXE -s:c:\ftpscript.txt
Create a directory to deposit virus definitions. In the example it is called virus.
Here is an example script. It FTPs to Network Associates, downloads the
latest virus definitions to the directory on the Microsoft server. Then
ftps to NetWare ftp server and deposits it and the update.ini in the
repository that your McAfee Virusscan clients are checking. Keeps your
Internet bandwidth down because only this one server is downloading updates
from the Internet.
Make sure your user has write access to the repository and this example assumes its home directory is set to the repository.
lcd c:\virus !del sdat* open ftp.nai.com anonymous firstname.lastname@example.org cd /virusdefs/4.x bin prompt mget sdat* mget update.ini mget dat*.zip close open nwftp.yourdomain.com username password bin lcd c:\virus delete update.ini mput sdat* mput dat*.zip put update.ini close Quit
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com