Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

McAfee VirusScan and Autoupdate

by OzzyOsbourne (Chaplain)
on Oct 06, 2000 at 20:50 UTC ( #35605=CUFP: print w/replies, xml ) Need Help??

If you use McAfee VirusScan on NT servers (is this post a little limited in audience, or what?), then you probably use autoupdate to retrieve the new dats on a weekly basis (if you don't, you should...). Say your servers are scheduled to update on Monday, but a new virus comes out on Friday, and you don't have the latest dats.

You can either manually update them all through the McAfee console, which takes a little bit of time, or you can hack 2 registry keys that tell autoupdate when to run. Then you stop and restart the VirusScan TaskManager service. It is pointless to do this manually, because it's no faster than remoting in and running mcupdate.

But through the magic of Perl, many servers take only seconds. I have run this code with a time interval of less than a minute from when the scheduled update was to occur.

The code I provide only provides for the input of one server, but it can be easily modified to do a list of them by replacing the server <STDIN> with a simple array and for each loop.

use strict; use Win32::TieRegistry; use Win32::Service; #define variables my %days=('sun'=>0x0401,'mon'=>0x0402,'tue'=>0x0404,'wed'=>0x0408,'thu +'=>0x0410,'fri'=>0x0420,'sat'=>0x0440); my %statcodeHash = ('1' => 'stopped.','2' => 'start pending.','3' => ' +stop pending.','4' => 'running.','5' => 'continue pending.','6' => 'p +ause pending.','7' => 'paused.'); my ($server, $time, $hours, $minutes, $day, $xtime, $xday, %statusHash +); #get the input print "\n\nSun\nMon\nTue\nWed\nThu\nFri\nSat\n\n"; print "Enter the server name (do not use \\\\):"; chomp($server=<STDIN>); while(){ print "Enter the time in 24 hour format(e\.g\. 16:21):"; chomp($time=<STDIN>); ($hours,$minutes)=split /:/, $time; if ($hours>24||$minutes>60||length("$hours")>2||length("$minutes") +!=2){ print "invalid time\n"; next; }else{ last; } } while(){ print "Enter the 3 LETTER day code:"; chomp($day=lc <STDIN>); if (!exists $days{$day}){ next; }else{ last; } } #prep the data $xtime=pack("L",(($minutes/256)+$hours)*256); $xday=pack("L",$days{$day}); #modify the registry $Registry->Delimiter("/"); $Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa +tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wtime"}=[$xtime,"RE +G_DWORD"] or die "Can\'t access registry on $server\n"; $Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa +tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wflags"}=[$xday,"RE +G_DWORD"] or die "Can\'t access registry on $server\n"; print "Registry keys modified\.\.\.\n"; #Stop/start the services Win32::Service::StopService("$server","McTaskManager"); &getstatus(); Win32::Service::StartService("$server","McTaskManager"); &getstatus(); print "Task complete. VirusScan on $server will update on $day $time +."; sub getstatus{ Win32::Service::GetStatus("$server", "McTaskManager", \%statusHash +); print 'McTaskManager '.$statcodeHash{$statusHash{"CurrentState"}}. +"\n"; }

Thanks,
-OzzyOsbourne

Replies are listed 'Best First'.
RE: McAfee VirusScan and Autoupdate
by royalanjr (Chaplain) on Oct 07, 2000 at 01:07 UTC
    I use the TVD Suite also, and have the same thing as you, going about and updating the files all the time. You've made a nice solution to the problem.

    Roy Alan

      I should know this, but does McUpdate get any of the emergency DATs for you? If not, then you're stuck with the usual weekly update which I believe is officially there on Wedsnday morning.
        If you are talking about the utility that comes standard with the McAfee software then the answer is yes, it will pick up the incremental dats if there are any out since the last time it updated.

        Roy Alan

Re: McAfee VirusScan and Autoupdate
by danielk (Initiate) on Nov 02, 2008 at 19:47 UTC
    Hi, I have been having problems with mcafee 8.5i autoupdate for some time now, we use perl to push registry fix to change the autoupdate schedule. I made the needed changes and capture the registry key responsible for autoupdate. When the .reg file is executed on our Pcs the schedule changes in the console, but the autoupdate runs according to the previous schedule. Please advise
      Did you restart the service after the reg fix was put into place?

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: CUFP [id://35605]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others browsing the Monastery: (2)
As of 2022-09-26 10:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    I prefer my indexes to start at:




    Results (117 votes). Check out past polls.

    Notices?