<

Go Premium for a chance to win a PS4. Enter to Win

x

Command line utility to update McAfee virusscan

Published on
15,532 Points
9,332 Views
2 Endorsements
Last Modified:
I recently had to create a utility which aim is to update McAfee's Virusscan and that had to be launched from a command line.

I thought I’d share my experience with you.

Why is it useful to be able to update an Antivirus from the command line?
Because it lets you control the schedule of this process.
For instance you can decide that you want to try to update each time the computer is booted. Or when a user logs in. Or when the computer has been idling for a certain amount of time. Or even at fixed moments.

It can also be a very nice thing to be able to do that when the normal/automated update does not work. And this was my primary reason for developing this utility: Some of the users I had to support were not connecting often enough to their corporate intranet. And their “anti-virus update servers” are on said intranet. The IT/Security team for their corporate IT/network had specified to use McAfee’s public update servers at the end of the list of update servers, but for some reason, it was not working as expected. Since I was in a hurry and could not spend too much time debugging McAfee’s product, I decided to create a simple script and to make sure it was launched often enough.

I came across several sources on the web, but the one that was really helpful was:
https://community.mcafee.com/message/113439


So I created a script that should be usable on most of the Windows systems that use McAfee virusscan. You need wget for this to work:
http://gnuwin32.sourceforge.net/packages/wget.htm

Wget is used to get the SuperDAT utility that McAfee provides for free on its update servers. SuperDAT is a single .exe file, which can run silently and which updates McAfee’s antivirus systems (virus definitions AND engines).

 
cd %temp%
if not exist McAfee\nul md McAfee
cd McAfee
if exist gdeltaavv.ini del gdeltaavv.ini
wget http://update.nai.com/products/commonupdater/gdeltaavv.ini
if not exist gdeltaavv.ini goto error1
for /F "usebackq skip=2 delims== tokens=1,2*" %%m in (`Find /I  "CurrentVersion" gdeltaavv.ini`) do set Curr=%%n
if exist sdat%Curr%.exe goto fin
del *.exe
wget http://download.nai.com/products/licensed/superdat/english/intel/sdat%Curr%.exe
if not exist sdat%Curr%.exe goto error2
sdat%Curr%.exe /silent
goto fin
:error1
echo Cannot retrieve gdeltaavv.ini
goto fin
:error2
echo Cannot retrieve sdat%Curr%.exe
goto fin
:fin

Open in new window


As you can see, this script is very simple. Even too simple: It will download SuperDAT even if the current virus signature is already installed on the computer running the script.

So I decided that it was better to check for the current version level of the virus signature (that McAfee calls DAT files) and to compare it with the “newer” one that McAfee provides on its site.

Retrieving the current version level of the DAT file is quite easy, with some registry mining.
In my case (VirusScan 8.7 I think), this is the binary value stored here:
HKLM\SOFTWARE\McAfee\AVEngine\AVDatVersion

Note that this may not be the actual value for YOUR version of VirusScan…

This is a DWord value that reg.exe will display as some Hexadecimal number. But I had to compare it to a decimal value and both are in environment variables, which are character strings. At first, I created a VB script on the fly (using echo commands) that I then invoked, just to be able to convert an hex to a decimal value. I’ll let you have it if you want that, but it’s a little too complex for this simple task. Which can be done a simpler way: Then, I remembered that you can use SET /A MyEnvVar = 0xFFFF (for instance) and that this will store the decimal equivalent of 0xFFFF in the environment variable “MyEnvVar”. So this is what I did. And now, I have a smarter command line script that I can use to fetch the latest and greatest McAfee’s SuperDAT utility only if you can actually update (and never if you are already up to date), and to run this utility silently.

Here is the latest version of the script I deployed:

 
cd %temp%
if not exist McAfee\nul md McAfee
cd McAfee
if exist gdeltaavv.ini del gdeltaavv.ini

rem We get the .ini file where the newest version of DAT file is stored

wget http://update.nai.com/products/commonupdater/gdeltaavv.ini
if not exist gdeltaavv.ini goto error1

rem We extract the newest version level from that file, as a decimal number
for /F "usebackq skip=2 delims== tokens=1,2*" %%m in (`Find /I  "CurrentVersion" gdeltaavv.ini`) do set Curr=%%n
echo Newest DAT level on McAfee's site is %Curr%

rem We get the current version of DAT file on the local computer (from its registry)
reg query HKLM\SOFTWARE\McAfee\AVEngine /v AVDatVersion > %temp%\McAfee\regqvv.txt

rem We extract the actual version as a decimal number and store it in "LocCurrDec" environment variable
for /F "skip=4 delims=x tokens=2,*" %%m in (regqvv.txt) do set /A LocCurrDec = 0x%%m

if %LocCurrDec% == %Curr% goto fin

if exist sdat%Curr%.exe goto fin
del *.exe

wget http://download.nai.com/products/licensed/superdat/english/intel/sdat%Curr%.exe
if not exist sdat%Curr%.exe goto error2
sdat%Curr%.exe /silent

goto fin

:error1
echo Cannot retrieve gdeltaavv.ini
goto fin
:error2
echo Cannot retrieve sdat%Curr%.exe
goto fin


:fin

Open in new window


If you found this article useful, please remember to click the "Yes" button.
2
Comment
Author:vivigatt
0 Comments

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Join & Write a Comment

Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month