Solved

eTrust antivirus signature updates

Posted on 2004-10-08
8
6,423 Views
Last Modified: 2008-01-09
Computer Associates (CA) eTrust product allows for scheduled virus signature updates from either CA's ftp server or from a redistribution server ie internal server downloads virus signatures and workstations are updated over the network. The manuals make a big play about this scheduling and that it can be set to convenient time. From a security point of view I am trying to ensure that signature updates are downloaded to each client upon login. This is particularly import in my environment as I have a lot of mobile laptop users with direct internet connections.
Can anyone help with regard to how to force a signature update upon login???

Thanks
0
Comment
Question by:wsmyth
  • 4
  • 2
8 Comments
 
LVL 1

Expert Comment

by:Mr_C_Obvious
ID: 12260509
i have ours setup in early a.m.
so it kicks in no matter when they sign on
0
 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12273974
Hi wsmyth,

We do at work exactly what you're wanted to do to your network.

We have access to a simple Visual Basic application that will compare the current virus signatures you have on your server to that on CA's ftp.  If the ones on your server are older then it'll pull down the required files to bring it up to date.

What I'm suggesting you do is have this app run once a day on your server then have the client PC's InoculateIT software look to your server for updates and if necessary download them and bring the client machine up to date.

This may sound a little complicated but really, it's not.

If you're interested then let me know and I'll upload the app to a public ftp server for you to try out.

What will you need to do to get it going?

Getting the latest updates using the app
1/ Download the VB app
2/ Set the .ini file that comes with the app
    2a/ All you'll need in the .ini is where you want the files downloaded from the ftp to go
3/ Download the latest signature updates using our VB app by simply running it.

Updating clients
1/ You'll need to update the Inodist.ini file on each client machine which will tell them where to look to download the updates from (this will be a location on your server) and what type of download it will be (i.e., scheduled and UNC)
2/ To do the above I'd reccommend blowing out the Inodist.ini file using a login script
3/ Once you'd completed the above everything should go smoothly

Let me know if you're interested.

-Edit
0
 

Author Comment

by:wsmyth
ID: 12274830
Hello Edit-HTS
Thanks for the information. I am very interested in taking you up on your kind offer. Am I right in saying that you are downloading and distibuting the executable version of the signature? Its sounds as though you have completely bypassed the facilities provided in the actual software in favour of this level of control.

Since the client software obviously execute a particular program via the scheduled update routine I had originally hoped to be able to run this program via say, a login script. Unfortunately I cannot seem to find any reference to the actual program to run.

In the absence of being able to use the inbuilt facilities your method sounds good.

Thanks
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12280211
You're absolutely correct in saying I'm distributing the executable signature file - there are two text files in the public ftp directory on ca's website, siglist.txt and siglist2.txt.  The former is a list of major updates and the latter is minor (or incremental) updates - these files contain dates and version numbers, etc.

Basically it'll check the two files against the two on your server and sort rip down the appropriate executables.

Sit tight and when I get to work this afternoon I'll post some detailed instructions and upload the app.

-Edit

0
 
LVL 1

Expert Comment

by:Edit-HTS
ID: 12284449
wsymth,

I've been pissing around here at work for a while and have managed to get your app zipped and ready to roll.  There are a few things that you must do and have in place because of the nature of the code of the thing.

1/ Download the zip from ftp://203.241.84.12/pub/AVUpdate.zip
2/ Unzip to (You can choose this as long as the later settings pointing to this location) C:\Sigs\ on your server.  Make this directory shared and accessible by all users
3/ Open AVUpdate.ini
4/ Where it says "Local Path=" add "C:\Sigs\" after it so the whole line will look like: Local Path=C:\Sigs\
4a/ Make sure you put the last \ in as it will download to the root of the C:\ otherwise.
5/ You need to log directory so make sure you don't delete it
6/ Run the executable AVUpdate.exe
6a/ Note: This is a pretty shitty executable, the code is badly written etc, but it does work.  When it's downloading the updates from CA's ftp it'll look as if it's not responding and it may freeze your system while downloading.  Don't panic though - it will work if it starts.

If it doesn't start then let me know and I'll help you troubleshoot.

Now that you've got the executable to a state where it'll download the latest updates when you execute it.

Now here's the hard part.

You'll need to set the client machines to look for the updates in the C:\Sigs\ directory on the server.  The settings for this are in the inodist.ini file in the root of each ETrust's installation folder on the clients.

Right now, go to a client, login, and bring up the inodist.ini file.  Here's an example of our inodist.ini file here at work:

********
[SOURCES]
1=UNC_0
[UNC_0]
Method=UNC
Path=\\rslprd1\sys\inoc7\sigs
UserName=ca-user
UserPassword=ca-pword
RedistGui=0
[GET]
[POLICY]
UpdateLocalSignatures=1
SignatureHoldTime=0
MakeIncDownloading=1
IsDistributionServer=0
[OSID]
Linux (Intel)=8
Sun Solaris=9
Windows 9x/ME=3
Windows NT/2000 (x86)=4
[ENGINEID]
INOCULATEIT=1
VET=2
*******

Where it says: Path=\\rslprd1\sys\inoc7\sigs you'll need to change it to the path of your sigs directory on your server.  E.g., \\ServerName\ShareName (To the file C:\Sigs\)

You probably wont (or will you?) have a Username or Password in your ini file if you're running a Windows Based Server Platform, we use Novell so that's why we've got a username and password.

Let me know if you're using Novell cause if you are it'll be a different story.

So, in the login scripts of each user you'll have to blow out an updated inodist.ini file.  Do this on one machine first to make sure it works, if it doesn't let me know and I'll help you troubleshoot.

Hopefully that's what you wanted.

You can use the scheduler in the client machines to check the server for updates maybe 3 or 4 times a day - you can check at login but that gets a litte more complicated for me to explain - why don't we get it working to the point where I've tried to explain then we'll go from there?

Luck to you.

-Edit
0
 

Author Comment

by:wsmyth
ID: 12306755
Thanks for the info to-date. I have been up to my eyes in it getting a new server installed so have not had a chance to check out your solution but I definitely will! It is a test at login that I am really interested in so will post back here once I have the other elements fixed. Thanks again
0
 
LVL 1

Accepted Solution

by:
Edit-HTS earned 500 total points
ID: 12306962
No problems at all, hope it helps you out like it has us.

-Edit
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
If your app took Google’s lash recently, here are the 5 most likely reasons.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
An overview on how to enroll an hourly employee into the employee database and how to give them access into the clock in terminal.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now