Novell Home

Using McAfee and ZENworks to Fight Viruses

Novell Cool Solutions: Trench
By Mark Jacobson

Digg This - Slashdot This

Posted: 20 Nov 2003
 

Note: This was submitted to the Virus Busting contest, and we are printing it here separately because of its length. To read the other entries, see this article.

This one's kind of long, but pretty trouble free.

Here is what I do for McAfee Virusscan 4.51 and probably can be re-engineered for any virus software that allows updates via ftp.

  1. Install NetWare FTP on any NetWare server in your tree.
  2. Create a user called virusscan or whatever you want.
  3. Set the user's home directory to the server, volume and subfolder where you internal virus definition repository will be.
  4. Export the following registry keys from a workstation that you have setup the schedule and the ftp parameters on and tested.

The data provided below is just an example to update 5 minutes after login. NOTE: The password line definitely must be exported from the registry because it is encrypted. So don't freeform the real password in this spot.

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared
Components\McUpdate\CurrentVersion\Update\General Options]
"bForceUpdate"=dword:00000000
"bRenameExisting"=dword:00000000
"bRetrieveNewerEngine"=dword:00000001
"uNumberOfSites"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared
Components\McUpdate\CurrentVersion\Update\Update Site1]
"bAnonymousLogin"=dword:00000000
"bPassiveFTP"=dword:00000001
"bProxy"=dword:00000000
"bSiteEnabled"=dword:00000001
"szFTPLocation"="nwftp.yourdomain.com/" <- The forward slash at the end is important.
"szFtpPassword"="XyzAbc" <- encrypted password
"szFtpUserName"="virusscan"
"szSiteName"="NWFTP"
"uUpdateFrom"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\Vshield\System Scan\General]
"bCanBeDisabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Network
Associates\TVD\VirusScan\AVConsol\ScanTasks\item_2]
"bEnabled"=dword:00000001
"dwStartupDelayMins"=dword:0000012c <- 5 minutes represented in the number
of seconds in hexidecimal.
"uType"=dword:00000005

=============================
  1. Next create an application object with the above registry settings set to create always.
  2. In pre distribution script enter #net stop "avsync manager"
  3. In post distribution script enter #net start "avsync manager" Avsync must be stopped before updating the settings because McAfee rewrites the working parameters to the registry when the computer is shutdown.
  4. Set path to executable file to: C:\Program Files\Common Files\Network Associates\McUpdate\mcupdate.exe
  5. Set parameters to /quiet
  6. Set environment to secure system user.
  7. Set to run once.

Now update the version number any time you want to do an on-demand update, otherwise the workstation will check at every login. Bases are covered.

To get extra fancy, on a Windows 2000 server or workstation, create a scheduled event to run Thursday morning. I recommend running it several times because sometimes NAI FTP site is busy or down.

Example commandline: c:\winnt\system32\ftp.EXE -s:c:\ftpscript.txt

Create a directory to deposit virus definitions. In the example it is called virus.

Here is an example script. It FTPs to Network Associates, downloads the latest virus definitions to the directory on the Microsoft server. Then ftps to NetWare ftp server and deposits it and the update.ini in the repository that your McAfee Virusscan clients are checking. Keeps your Internet bandwidth down because only this one server is downloading updates from the Internet.

Make sure your user has write access to the repository and this example assumes its home directory is set to the repository.

lcd c:\virus
!del sdat*
open ftp.nai.com 
anonymous
anon@yourdomain.com
cd /virusdefs/4.x
bin
prompt
mget sdat*
mget update.ini
mget dat*.zip
close

open nwftp.yourdomain.com
username
password
bin
lcd c:\virus
delete update.ini
mput sdat*
mput dat*.zip
put update.ini
close
Quit


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell