Updating Virus Definitions

Virus Definitions (DAT files) from McAfee can be downloaded onto a single local server (DAT file repository) and deployed automatically or manually via HTTP to endpoints on your network via HelpSystems Insite. Insite also allows you to schedule updates and monitor the status of connected endpoints. Endpoints without a connection to Insite can also be configured to acquire DAT file updates from the local repository.

The following instructions guide you through the process of configuring a local DAT file repository and keeping endpoints updated with the latest virus definitions from McAfee.

Updating virus definitions using a local DAT file repository

This method of updating virus definitions allows you to update the latest DAT files onto a local server, and then use the HelpSystems Insite PTAV Service to distribute the DAT files to endpoints on your network via HTTP. Only the single server running the Insite PTAV Service needs access to McAfee for downloading DAT Files.

Install the Insite PTAV Service on the server you would like to use as the DAT file repository, and connect the endpoints you intend to scan. See Connecting Powertech Antivirus to HelpSystems Insite for details on installing and connecting Insite, and adding endpoints.

Once configured, the status of endpoints can be monitored on Powertech Antivirus for Insite's Home screen.

The following instructions guide you through the process of:

  • Configuring a local DAT file repository with automatic updates
  • Configuring a signed Certificate Authority (if required)
  • Updating DAT files on endpoints manually using Insite

To configure a local DAT file repository and schedule updates

  1. Open HelpSystems Insite.
  2. In the Navigation Pane, choose Settings to open the Powertech Antivirus Settings screen.
  3. Toggle Insite PTAV Service Repository to On. On this screen, also indicate:
    • The frequency of updates
    • Whether to automatically update endpoints
    • The maximum number of endpoints to be updated concurrently
    • The port

    See also: Powertech Antivirus Settings screen.

    4. IMPORTANT: The port specified for the HTTP service must be accessible by all endpoints.
  4. Click Save.

Configuring a signed certificate authority for DAT file updates

By default, the PTAV Service uses a self-signed certificate to ensure secure TLS data transfer between the repository and endpoints. Alternatively, you can use your own trusted certificate issued by a third-party certificate authority (CA) to secure the DAT repository HTTP file server.

If you do not have a signed certificate, the Powertech Antivirus service generates a self-signed certificate.

NOTE: A certificate should only be provided if you are using your signed certificate authority. Do not provide a self-signed certificate.
  1. Locate your certificate and key files.
  2. If the certificate and key both have ".pem" file name suffixes, rename the certificate to "cert.pem" and the key to "key.pem". (If the certificate and key file name suffixes are ".crt" and ".key", no file renaming is required.)
  3. Place the certificate and key files into following folder, replacing the existing files:
    1. Windows: \Help Systems\HelpSystems Insite\PTAVService\certs
    2. Linux: /opt/insite/PTAVService/certs
  4. Restart the Insite Powertech Antivirus Service.
    1. Windows: "InsitePTAVService"
    2. Linux: "HelpSystemsInsitePTAVServer"

To update DAT files on endpoints manually using Insite

If you set the Powertech Antivirus Settings to update endpoints automatically when DAT files are available, connected endpoints will be updated automatically based on your settings. You can also use the following method to update DAT files on endpoints manually.

  1. On the Powertech Antivirus navigation pane, click Endpoints.
  2. Check the endpoints you would like to update.
  3. Click Update DAT Files.

    NOTE: Alternatively, to update a single endpoint, you can also choose > Update DAT Files.


Updating virus definitions from endpoints directly

If endpoints on your network do not allow Insite Integration Service connections to the Insite service (for example, for unregistered and/or older/unsupported operating systems) you can still download the latest DAT updates from your local DAT file repository by specifying the "current" folder with the avupdate command.

To use this method, you must configure the HTTP file server with a genuine certificate because the HTTP download process (curl/wget) for legacy endpoints does not allow self-signed certificates in avupdate. (See Configuring a signed certificate authority for DAT file updates.)

McAfee updates virus definitions every day and you should schedule the update process to run daily. To start the update, either change to the product directory or type the full path to the avupdate command, and specify the current folder:

EXAMPLE:
cd /opt/sgav
./avupdate --curl https://yourserver.yourco.com:8023/current
or
/opt/sgav/avupdate --curl https://yourserver.yourco.com:8023/current

The update process must be run by a root user. This is to prevent the product from accidentally (or maliciously) being disabled by deleting its files.

Notes

McAfee updates virus definitions every day and you should run avupdate every day. To schedule using cron, run command crontab -e to edit the crontab file using the vi editor. Position the cursor to the end and type i to insert a line.

Type the following (on one line) to schedule the job to run every day at 6pm (18): 

0 18 * * * /opt/sgav/avupdate --curl https://yourserver.yourco.com:8023/current > /opt/sgav/log/avupdate.out

On AIX, to see the cron log, run tail /var/adm/cron/log.

On Linux, to see the cron log, run tail /var/log/syslog.

For more information about scheduling using cron, run man crontab. See also Scheduling Updates and Scans.

exit status

This command returns the following exit values:

0 Process completed successfully.

1 An error occurred.