If you use McAfee VirusScan on NT servers (is this post a little limited in audience, or what?), then you probably use autoupdate to retrieve the new dats on a weekly basis (if you don't, you should...). Say your servers are scheduled to update on Monday, but a new virus comes out on Friday, and you don't have the latest dats.
You can either manually update them all through the McAfee console, which takes a little bit of time, or you can hack 2 registry keys that tell autoupdate when to run. Then you stop and restart the VirusScan TaskManager service. It is pointless to do this manually, because it's no faster than remoting in and running mcupdate.
But through the magic of Perl, many servers take only seconds. I have run this code with a time interval of less than a minute from when the scheduled update was to occur.
The code I provide only provides for the input of one server, but it can be easily modified to do a list of them by replacing the server <STDIN> with a simple array and for each loop.
use strict;
use Win32::TieRegistry;
use Win32::Service;
#define variables
my %days=('sun'=>0x0401,'mon'=>0x0402,'tue'=>0x0404,'wed'=>0x0408,'thu
+'=>0x0410,'fri'=>0x0420,'sat'=>0x0440);
my %statcodeHash = ('1' => 'stopped.','2' => 'start pending.','3' => '
+stop pending.','4' => 'running.','5' => 'continue pending.','6' => 'p
+ause pending.','7' => 'paused.');
my ($server, $time, $hours, $minutes, $day, $xtime, $xday, %statusHash
+);
#get the input
print "\n\nSun\nMon\nTue\nWed\nThu\nFri\nSat\n\n";
print "Enter the server name (do not use \\\\):";
chomp($server=<STDIN>);
while(){
print "Enter the time in 24 hour format(e\.g\. 16:21):";
chomp($time=<STDIN>);
($hours,$minutes)=split /:/, $time;
if ($hours>24||$minutes>60||length("$hours")>2||length("$minutes")
+!=2){
print "invalid time\n";
next;
}else{
last;
}
}
while(){
print "Enter the 3 LETTER day code:";
chomp($day=lc <STDIN>);
if (!exists $days{$day}){
next;
}else{
last;
}
}
#prep the data
$xtime=pack("L",(($minutes/256)+$hours)*256);
$xday=pack("L",$days{$day});
#modify the registry
$Registry->Delimiter("/");
$Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa
+tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wtime"}=[$xtime,"RE
+G_DWORD"] or die "Can\'t access registry on $server\n";
$Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa
+tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wflags"}=[$xday,"RE
+G_DWORD"] or die "Can\'t access registry on $server\n";
print "Registry keys modified\.\.\.\n";
#Stop/start the services
Win32::Service::StopService("$server","McTaskManager");
&getstatus();
Win32::Service::StartService("$server","McTaskManager");
&getstatus();
print "Task complete. VirusScan on $server will update on $day $time
+.";
sub getstatus{
Win32::Service::GetStatus("$server", "McTaskManager", \%statusHash
+);
print 'McTaskManager '.$statcodeHash{$statusHash{"CurrentState"}}.
+"\n";
}
Thanks,
-OzzyOsbourne