Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

eTrust antivirus signature updates

Posted on 2004-10-08
8
6,450 Views
Last Modified: 2008-01-09
Computer Associates (CA) eTrust product allows for scheduled virus signature updates from either CA's ftp server or from a redistribution server ie internal server downloads virus signatures and workstations are updated over the network. The manuals make a big play about this scheduling and that it can be set to convenient time. From a security point of view I am trying to ensure that signature updates are downloaded to each client upon login. This is particularly import in my environment as I have a lot of mobile laptop users with direct internet connections.
Can anyone help with regard to how to force a signature update upon login???

Thanks
0
Comment
Question by:wsmyth
  • 4
  • 2
8 Comments
 
LVL 1

Expert Comment

by:Mr_C_Obvious
ID: 12260509
i have ours setup in early a.m.
so it kicks in no matter when they sign on
0
 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12273974
Hi wsmyth,

We do at work exactly what you're wanted to do to your network.

We have access to a simple Visual Basic application that will compare the current virus signatures you have on your server to that on CA's ftp.  If the ones on your server are older then it'll pull down the required files to bring it up to date.

What I'm suggesting you do is have this app run once a day on your server then have the client PC's InoculateIT software look to your server for updates and if necessary download them and bring the client machine up to date.

This may sound a little complicated but really, it's not.

If you're interested then let me know and I'll upload the app to a public ftp server for you to try out.

What will you need to do to get it going?

Getting the latest updates using the app
1/ Download the VB app
2/ Set the .ini file that comes with the app
    2a/ All you'll need in the .ini is where you want the files downloaded from the ftp to go
3/ Download the latest signature updates using our VB app by simply running it.

Updating clients
1/ You'll need to update the Inodist.ini file on each client machine which will tell them where to look to download the updates from (this will be a location on your server) and what type of download it will be (i.e., scheduled and UNC)
2/ To do the above I'd reccommend blowing out the Inodist.ini file using a login script
3/ Once you'd completed the above everything should go smoothly

Let me know if you're interested.

-Edit
0
 

Author Comment

by:wsmyth
ID: 12274830
Hello Edit-HTS
Thanks for the information. I am very interested in taking you up on your kind offer. Am I right in saying that you are downloading and distibuting the executable version of the signature? Its sounds as though you have completely bypassed the facilities provided in the actual software in favour of this level of control.

Since the client software obviously execute a particular program via the scheduled update routine I had originally hoped to be able to run this program via say, a login script. Unfortunately I cannot seem to find any reference to the actual program to run.

In the absence of being able to use the inbuilt facilities your method sounds good.

Thanks
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12280211
You're absolutely correct in saying I'm distributing the executable signature file - there are two text files in the public ftp directory on ca's website, siglist.txt and siglist2.txt.  The former is a list of major updates and the latter is minor (or incremental) updates - these files contain dates and version numbers, etc.

Basically it'll check the two files against the two on your server and sort rip down the appropriate executables.

Sit tight and when I get to work this afternoon I'll post some detailed instructions and upload the app.

-Edit

0
 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12284449
wsymth,

I've been pissing around here at work for a while and have managed to get your app zipped and ready to roll.  There are a few things that you must do and have in place because of the nature of the code of the thing.

1/ Download the zip from ftp://203.241.84.12/pub/AVUpdate.zip
2/ Unzip to (You can choose this as long as the later settings pointing to this location) C:\Sigs\ on your server.  Make this directory shared and accessible by all users
3/ Open AVUpdate.ini
4/ Where it says "Local Path=" add "C:\Sigs\" after it so the whole line will look like: Local Path=C:\Sigs\
4a/ Make sure you put the last \ in as it will download to the root of the C:\ otherwise.
5/ You need to log directory so make sure you don't delete it
6/ Run the executable AVUpdate.exe
6a/ Note: This is a pretty shitty executable, the code is badly written etc, but it does work.  When it's downloading the updates from CA's ftp it'll look as if it's not responding and it may freeze your system while downloading.  Don't panic though - it will work if it starts.

If it doesn't start then let me know and I'll help you troubleshoot.

Now that you've got the executable to a state where it'll download the latest updates when you execute it.

Now here's the hard part.

You'll need to set the client machines to look for the updates in the C:\Sigs\ directory on the server.  The settings for this are in the inodist.ini file in the root of each ETrust's installation folder on the clients.

Right now, go to a client, login, and bring up the inodist.ini file.  Here's an example of our inodist.ini file here at work:

********
[SOURCES]
1=UNC_0
[UNC_0]
Method=UNC
Path=\\rslprd1\sys\inoc7\sigs
UserName=ca-user
UserPassword=ca-pword
RedistGui=0
[GET]
[POLICY]
UpdateLocalSignatures=1
SignatureHoldTime=0
MakeIncDownloading=1
IsDistributionServer=0
[OSID]
Linux (Intel)=8
Sun Solaris=9
Windows 9x/ME=3
Windows NT/2000 (x86)=4
[ENGINEID]
INOCULATEIT=1
VET=2
*******

Where it says: Path=\\rslprd1\sys\inoc7\sigs you'll need to change it to the path of your sigs directory on your server.  E.g., \\ServerName\ShareName (To the file C:\Sigs\)

You probably wont (or will you?) have a Username or Password in your ini file if you're running a Windows Based Server Platform, we use Novell so that's why we've got a username and password.

Let me know if you're using Novell cause if you are it'll be a different story.

So, in the login scripts of each user you'll have to blow out an updated inodist.ini file.  Do this on one machine first to make sure it works, if it doesn't let me know and I'll help you troubleshoot.

Hopefully that's what you wanted.

You can use the scheduler in the client machines to check the server for updates maybe 3 or 4 times a day - you can check at login but that gets a litte more complicated for me to explain - why don't we get it working to the point where I've tried to explain then we'll go from there?

Luck to you.

-Edit
0
 

Author Comment

by:wsmyth
ID: 12306755
Thanks for the info to-date. I have been up to my eyes in it getting a new server installed so have not had a chance to check out your solution but I definitely will! It is a test at login that I am really interested in so will post back here once I have the other elements fixed. Thanks again
0
 
LVL 1

Accepted Solution

by:
Edit-HTS earned 500 total points
ID: 12306962
No problems at all, hope it helps you out like it has us.

-Edit
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PDF to Word 25 172
Software - Posting same reply on multiple forums. 4 99
PCAnywhere 2 134
How do I take a large (100MB) FLV file and break it into 20MB chunks on a MAC? 4 34
This article describes how to use the timestamp of existing data in a database to allow Tableau to calculate the prior work day instead of relying on case statements or if statements to calculate the days of the week.
Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question