• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 6581
  • Last Modified:

eTrust antivirus signature updates

Computer Associates (CA) eTrust product allows for scheduled virus signature updates from either CA's ftp server or from a redistribution server ie internal server downloads virus signatures and workstations are updated over the network. The manuals make a big play about this scheduling and that it can be set to convenient time. From a security point of view I am trying to ensure that signature updates are downloaded to each client upon login. This is particularly import in my environment as I have a lot of mobile laptop users with direct internet connections.
Can anyone help with regard to how to force a signature update upon login???

Thanks
0
wsmyth
Asked:
wsmyth
  • 4
  • 2
1 Solution
 
Mr_C_ObviousCommented:
i have ours setup in early a.m.
so it kicks in no matter when they sign on
0
 
Edit-HTSCommented:
Hi wsmyth,

We do at work exactly what you're wanted to do to your network.

We have access to a simple Visual Basic application that will compare the current virus signatures you have on your server to that on CA's ftp.  If the ones on your server are older then it'll pull down the required files to bring it up to date.

What I'm suggesting you do is have this app run once a day on your server then have the client PC's InoculateIT software look to your server for updates and if necessary download them and bring the client machine up to date.

This may sound a little complicated but really, it's not.

If you're interested then let me know and I'll upload the app to a public ftp server for you to try out.

What will you need to do to get it going?

Getting the latest updates using the app
1/ Download the VB app
2/ Set the .ini file that comes with the app
    2a/ All you'll need in the .ini is where you want the files downloaded from the ftp to go
3/ Download the latest signature updates using our VB app by simply running it.

Updating clients
1/ You'll need to update the Inodist.ini file on each client machine which will tell them where to look to download the updates from (this will be a location on your server) and what type of download it will be (i.e., scheduled and UNC)
2/ To do the above I'd reccommend blowing out the Inodist.ini file using a login script
3/ Once you'd completed the above everything should go smoothly

Let me know if you're interested.

-Edit
0
 
wsmythAuthor Commented:
Hello Edit-HTS
Thanks for the information. I am very interested in taking you up on your kind offer. Am I right in saying that you are downloading and distibuting the executable version of the signature? Its sounds as though you have completely bypassed the facilities provided in the actual software in favour of this level of control.

Since the client software obviously execute a particular program via the scheduled update routine I had originally hoped to be able to run this program via say, a login script. Unfortunately I cannot seem to find any reference to the actual program to run.

In the absence of being able to use the inbuilt facilities your method sounds good.

Thanks
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Edit-HTSCommented:
You're absolutely correct in saying I'm distributing the executable signature file - there are two text files in the public ftp directory on ca's website, siglist.txt and siglist2.txt.  The former is a list of major updates and the latter is minor (or incremental) updates - these files contain dates and version numbers, etc.

Basically it'll check the two files against the two on your server and sort rip down the appropriate executables.

Sit tight and when I get to work this afternoon I'll post some detailed instructions and upload the app.

-Edit

0
 
Edit-HTSCommented:
wsymth,

I've been pissing around here at work for a while and have managed to get your app zipped and ready to roll.  There are a few things that you must do and have in place because of the nature of the code of the thing.

1/ Download the zip from ftp://203.241.84.12/pub/AVUpdate.zip
2/ Unzip to (You can choose this as long as the later settings pointing to this location) C:\Sigs\ on your server.  Make this directory shared and accessible by all users
3/ Open AVUpdate.ini
4/ Where it says "Local Path=" add "C:\Sigs\" after it so the whole line will look like: Local Path=C:\Sigs\
4a/ Make sure you put the last \ in as it will download to the root of the C:\ otherwise.
5/ You need to log directory so make sure you don't delete it
6/ Run the executable AVUpdate.exe
6a/ Note: This is a pretty shitty executable, the code is badly written etc, but it does work.  When it's downloading the updates from CA's ftp it'll look as if it's not responding and it may freeze your system while downloading.  Don't panic though - it will work if it starts.

If it doesn't start then let me know and I'll help you troubleshoot.

Now that you've got the executable to a state where it'll download the latest updates when you execute it.

Now here's the hard part.

You'll need to set the client machines to look for the updates in the C:\Sigs\ directory on the server.  The settings for this are in the inodist.ini file in the root of each ETrust's installation folder on the clients.

Right now, go to a client, login, and bring up the inodist.ini file.  Here's an example of our inodist.ini file here at work:

********
[SOURCES]
1=UNC_0
[UNC_0]
Method=UNC
Path=\\rslprd1\sys\inoc7\sigs
UserName=ca-user
UserPassword=ca-pword
RedistGui=0
[GET]
[POLICY]
UpdateLocalSignatures=1
SignatureHoldTime=0
MakeIncDownloading=1
IsDistributionServer=0
[OSID]
Linux (Intel)=8
Sun Solaris=9
Windows 9x/ME=3
Windows NT/2000 (x86)=4
[ENGINEID]
INOCULATEIT=1
VET=2
*******

Where it says: Path=\\rslprd1\sys\inoc7\sigs you'll need to change it to the path of your sigs directory on your server.  E.g., \\ServerName\ShareName (To the file C:\Sigs\)

You probably wont (or will you?) have a Username or Password in your ini file if you're running a Windows Based Server Platform, we use Novell so that's why we've got a username and password.

Let me know if you're using Novell cause if you are it'll be a different story.

So, in the login scripts of each user you'll have to blow out an updated inodist.ini file.  Do this on one machine first to make sure it works, if it doesn't let me know and I'll help you troubleshoot.

Hopefully that's what you wanted.

You can use the scheduler in the client machines to check the server for updates maybe 3 or 4 times a day - you can check at login but that gets a litte more complicated for me to explain - why don't we get it working to the point where I've tried to explain then we'll go from there?

Luck to you.

-Edit
0
 
wsmythAuthor Commented:
Thanks for the info to-date. I have been up to my eyes in it getting a new server installed so have not had a chance to check out your solution but I definitely will! It is a test at login that I am really interested in so will post back here once I have the other elements fixed. Thanks again
0
 
Edit-HTSCommented:
No problems at all, hope it helps you out like it has us.

-Edit
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now