Hello list,
Because i install pc's just for friends and family i don't have a
Symantec update server. Because i got tired of those annoying messages
of 'old virus definition files' i decided to do something about it.
I found a few docs on symantec and MSFN in which is explained how the
installation can be updated with the latest virus definition files using
the *.xdb technique.
I took the liberty to modify the script of jftuga (John Taylor) found at
http://www.msfn.org/board/lofiversion/index.php/t50679.html
for my linux environment. Also i modified the symav.bat file.
symav.bat (also attached as text-file)
----------
:: OPTIONAL: Install Symantec Anti-Virus Corporate Edition Client
@Echo off
todo.pl "msiexec /qn /l* %SystemDrive%\netinst\logs\sav.txt /i \"%Z%
\packages\sav-9.0\Symantec AntiVirus.msi\"
ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient ENABLEAUTOPROTECT=1
RUNLIVEUPDATE=0 REBOOT=ReallySuppress"
XCOPY /Y %Z%\packages\sav-9.0\update\*.xdb "%ALLUSERSPROFILE%
\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\"
---------
All it does is copy the file to its location. Because of the rebooting
using other scripts the symantec service is reloaded and discovers the
file and starts updating. See
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005040711404048?Open&dtype=corp
for details.
The script for automatically updating the virus definition file to the
latest one available is too large to post. So i have attached it. You
only have to cron it (for example) daily!
The only side-note to the script is that it always will download the
file even if the newest file is already present. I am on DSL and don't
have a download limit so don't care about it.
Have fun with it and i hope it will be added to the cvs-repository or
somewhere else.
Sander
#!/usr/bin/python
"""
Symantec Antivirus 8.x, 9.x, 10.x Coporate Edition XDB Definition Updater
Mar-17-2005
-John Taylor
Automatically updates XDB virus definitions from Symantec's web site.
Also, restarts services so that the new definition file will take effect.
"""
import sys,re,urllib,urllib2,md5,os.path,os,shutil,time,glob
WEBPAGE="http://securityresponse.symantec.com/avcenter/download/pages/US-SAVCE.html";
TMPPATH=r'/tmp/'
AVPATH=r'/install/packages/sav-9.0/update/'
URLRE = re.compile("""href="(http://definitions.symantec.com/defs/xdb/.*?)">""",re.IGNORECASE)
MD5RE = re.compile("""href="/avcenter/refa.html#md5">MD5</a>:(.*?)<a""",re.IGNORECASE|re.MULTILINE)
#############################################################################################
def main():
print
print "Retrieving:"
print WEBPAGE
local_only = 0 # Just for script development & debugging
def_file = None
if 1 != local_only:
try:
url = urllib2.urlopen( WEBPAGE )
page = url.read()
except urllib2.HTTPError, e:
print
print e
print
sys.exit()
except:
print
print "Error retrieving url:", WEBPAGE
print
sys.exit()
data = page.split()
for line in data:
match = URLRE.match(line)
if None != match:
def_file_url = match.group(1)
break
print
print "def_file_url:", def_file_url
slots = def_file_url.split( "/" )
def_file = slots[-1:][0]
def_file = TMPPATH + def_file
print "def_file:", def_file
match = MD5RE.search(page)
md5sum = match.groups(1)[0].strip()
print "md5sum:", md5sum
print
if os.path.isfile( def_file ):
print "File already exists:", def_file
print "Deleting."
os.unlink( def_file )
print "Downloading:", def_file_url
urllib.urlretrieve( def_file_url, def_file )
else:
# Just for debugging
def_file = "vd1cd412.xdb"
md5sum="52D5B99589D4D2C01E4E29A2ED2EC3B4"
print "Checking md5:",
fp = open(def_file,"rb")
def_file_data = fp.read()
fp.close()
m = md5.new()
m.update( def_file_data )
digest = m.hexdigest().upper()
print digest
if digest == md5sum:
print "MD5 Hashes match."
else:
print "MD5 Hashes DO NOT MATCH."
print "\t expected: ", md5sum
print "\t received: ", digest
sys.exit()
# stop services
#srv="DefWatch"
#print "Stopping", srv, "service: ",
#cmd = r'C:\WINDOWS\system32\net.exe'
#cmd = '%s stop "%s"' % (cmd,srv)
#rc = os.system( cmd )
#time.sleep(10)
#print rc
#srv="Symantec Antivirus"
#print "Stopping", srv, "service: ",
#cmd = r'C:\WINDOWS\system32\net.exe'
#cmd = '%s stop "%s"' % (cmd,srv)
#rc = os.system( cmd )
#time.sleep(20)
#print rc
# remove any older .xdb files
old_xdb_list = AVPATH + r'*.xdb'
rm_list = glob.glob( old_xdb_list )
if len(rm_list) > 0:
for fname in rm_list:
try:
print "Removing old .xdb file:", fname
os.remove( fname )
except IOError, e:
print "IO Error:", e
print "While attempting to remove %s" % ( fname )
print
# move def file to it's final destination
try:
shutil.move(def_file, AVPATH)
time.sleep(2)
except IOError, e:
print "IO Error:", e
print "While attempting to move %s to %s" % (def_file,AVPATH)
print
except:
print "Unknown error while attempting to move %s to %s" % (def_file,AVPATH)
print
# restart services
#print
#srv="DefWatch"
#print "Starting", srv, "service: ",
#cmd = r'C:\WINDOWS\system32\net.exe'
#cmd = '%s start "%s"' % (cmd,srv)
#rc = os.system( cmd )
#time.sleep(10)
#print rc
#srv="Symantec Antivirus"
#print "Starting", srv, "service: ",
#cmd = r'C:\WINDOWS\system32\net.exe'
#cmd = '%s start "%s"' % (cmd,srv)
#rc = os.system( cmd )
#time.sleep(2)
#print rc
print
print "Program finished!"
print
#############################################################################################
main()
# End of Script
:: OPTIONAL: Install Symantec Anti-Virus Corporate Edition Client
@Echo off
todo.pl "msiexec /qn /l* %SystemDrive%\netinst\logs\sav.txt /i
\"%Z%\packages\sav-9.0\Symantec AntiVirus.msi\"
ADDLOCAL=SAVMain,SAVUI,SAVHelp,QClient ENABLEAUTOPROTECT=1 RUNLIVEUPDATE=0
REBOOT=ReallySuppress"
XCOPY /Y %Z%\packages\sav-9.0\update\*.xdb "%ALLUSERSPROFILE%\Application
Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\"
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
unattended-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/unattended-devel
