Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

McAfee VirusScan and Autoupdate

by OzzyOsbourne (Chaplain)
on Oct 06, 2000 at 20:50 UTC ( [id://35605]=CUFP: print w/replies, xml ) Need Help??

If you use McAfee VirusScan on NT servers (is this post a little limited in audience, or what?), then you probably use autoupdate to retrieve the new dats on a weekly basis (if you don't, you should...). Say your servers are scheduled to update on Monday, but a new virus comes out on Friday, and you don't have the latest dats.

You can either manually update them all through the McAfee console, which takes a little bit of time, or you can hack 2 registry keys that tell autoupdate when to run. Then you stop and restart the VirusScan TaskManager service. It is pointless to do this manually, because it's no faster than remoting in and running mcupdate.

But through the magic of Perl, many servers take only seconds. I have run this code with a time interval of less than a minute from when the scheduled update was to occur.

The code I provide only provides for the input of one server, but it can be easily modified to do a list of them by replacing the server <STDIN> with a simple array and for each loop.

use strict;
use Win32::TieRegistry;
use Win32::Service;

#define variables
my %days=('sun'=>0x0401,'mon'=>0x0402,'tue'=>0x0404,'wed'=>0x0408,'thu
+'=>0x0410,'fri'=>0x0420,'sat'=>0x0440);
my %statcodeHash = ('1' => 'stopped.','2' => 'start pending.','3' => '
+stop pending.','4' => 'running.','5' => 'continue pending.','6' => 'p
+ause pending.','7' => 'paused.');
my ($server, $time, $hours, $minutes, $day, $xtime, $xday, %statusHash
+);

#get the input
print "\n\nSun\nMon\nTue\nWed\nThu\nFri\nSat\n\n";
print "Enter the server name (do not use \\\\):";
chomp($server=<STDIN>);

while(){
    print "Enter the time in 24 hour format(e\.g\. 16:21):";
    chomp($time=<STDIN>);
    ($hours,$minutes)=split /:/, $time;
    if ($hours>24||$minutes>60||length("$hours")>2||length("$minutes")
+!=2){
        print "invalid time\n";
        next;
    }else{
        last;
    }
}

while(){    
    print "Enter the 3 LETTER day code:";
    chomp($day=lc <STDIN>);
    if (!exists $days{$day}){
        next;
    }else{
        last;
    }
}

#prep the data
$xtime=pack("L",(($minutes/256)+$hours)*256); 
$xday=pack("L",$days{$day});

#modify the registry
$Registry->Delimiter("/");
    $Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa
+tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wtime"}=[$xtime,"RE
+G_DWORD"] or die "Can\'t access registry on $server\n";
    $Registry->{"//$server/HKEY_LOCAL_MACHINE/Software/Network Associa
+tes/TVD/NetShield NT/CurrentVersion/Tasks/Update//wflags"}=[$xday,"RE
+G_DWORD"] or die "Can\'t access registry on $server\n";
print "Registry keys modified\.\.\.\n";

#Stop/start the services
Win32::Service::StopService("$server","McTaskManager");
&getstatus();
Win32::Service::StartService("$server","McTaskManager");
&getstatus();

print "Task complete.  VirusScan  on $server will update on $day $time
+.";

sub getstatus{
    Win32::Service::GetStatus("$server", "McTaskManager", \%statusHash
+);
    print 'McTaskManager '.$statcodeHash{$statusHash{"CurrentState"}}.
+"\n";
}

[download]

Thanks,
-OzzyOsbourne

Replies are listed 'Best First'.
RE: McAfee VirusScan and Autoupdate
by royalanjr (Chaplain) on Oct 07, 2000 at 01:07 UTC
    I use the TVD Suite also, and have the same thing as you, going about and updating the files all the time. You've made a nice solution to the problem.

    Roy Alan

[reply]
      I should know this, but does McUpdate get any of the emergency DATs for you? If not, then you're stuck with the usual weekly update which I believe is officially there on Wedsnday morning.
[reply]
        If you are talking about the utility that comes standard with the McAfee software then the answer is yes, it will pick up the incremental dats if there are any out since the last time it updated.

        Roy Alan

[reply]
Re: McAfee VirusScan and Autoupdate
by danielk (Initiate) on Nov 02, 2008 at 19:47 UTC
    Hi, I have been having problems with mcafee 8.5i autoupdate for some time now, we use perl to push registry fix to change the autoupdate schedule. I made the needed changes and capture the registry key responsible for autoupdate. When the .reg file is executed on our Pcs the schedule changes in the console, but the autoupdate runs according to the previous schedule. Please advise
[reply]
      Did you restart the service after the reg fix was put into place?

      -OzzyOsbourne

[reply]

Back to Cool Uses for Perl

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: CUFP [id://35605]
Approved by root
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (1)
As of 2024-04-18 23:46 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found