Using a modified Cegetter utility for downloading Rapid Release virus definitions for Symantec AntiVirus Corporate Edition
Question/Issue:
You want to use the unsupported Cegetter utility to download Rapid Release virus definitions from the Symantec FTP server.
Solution:
Rapid Release virus definitions are created whenever Symantec Security Response receives a new virus sample. The purpose of the Rapid Release virus definitions is to aid corporate customers in the event of a new virus infection. In a networked environment, it is possible for an undetected virus to spread quickly. Using Rapid Release virus definitions is a proactive effort to prevent the spreading of a new virus.. Several times a day, all new detections are compiled into a new Rapid Release virus definition set, which is then posted to the Symantec public FTP site.
Rapid Release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The primary focus of these definitions is the rapid detection of newly emerging threats. The definitions may be augmented later with more robust detection capabilities. While Symantec Security Response makes every effort to make sure that all virus definitions function correctly, you should understand that Rapid Release-quality virus definitions do pose some risks, such as the higher potential for false positives. Rapid Release definitions are most useful for perimeter defenses or for all protection tiers as a means of mitigating fast spreading virus outbreaks.
Once a day (or as needed to respond to high level virus outbreaks), all new detections added as Rapid Release definitions go through the complete QA process, including testing for false positives and testing for all active Symantec products on all platforms. Once the Rapid Release definitions pass the full QA process, they are then posted as Intelligent Updater and LiveUpdate definitions.
When new definitions are posted, you can download the Intelligent Updater, update one computer (or use the /extract switch). After this, check for the specific definition you require in the Whatsnew.txt. For full quality assurance tested definitions, you can view the added list on the Symantec Security Response Web site.
To script the download of Rapid Release virus definitions for Symantec AntiVirus Corporate Edition
Download and modify the attached Rcegetter.bat and Rcescript.txt files, and then use the Windows Task Scheduler to schedule them to download Rapid Release virus definition updates.
Notes:
- These files are provided as an example to assist administrators in automating the download of Rapid Release virus definitions. Symantec does not provide technical support for these files, so use them at your own risk.
The location of the files downloaded by these files may change, causing the updates to fail. In this case, you may need to manually edit the files to point to the new location or refer back to this document for updated versions of the attached files.
- The attached Rcegetter files are only for use with Symantec AntiVirus 8.x and later and will not work with previous versions of the software.
Download the
Rcegetter.bat and
Rcescript.txt files.
- You must modify the Rcegetter.bat to copy definitions to the directory where Symantec AntiVirus Corporate Edition is installed on the primary Symantec AntiVirus server.
- Both the Rcegetter.bat and Rcescript.txt should be stored on the root of the Windows boot drive on the computer where it will be executed. If Windows is installed on a drive other than C:, edit the Rcescript.txt file to change the drive letter. See the section below titled "To modify the Rcescript.txt file to reflect the proper drive letter."
To modify Rcegetter.bat to run from the primary server
If you plan to schedule and execute Rcegetter.bat on the primary server, use the following procedure. If you plan to run Rcegetter.bat on a computer that is not the primary server, skip to the section "To modify Rcegetter.bat to run from a computer that is not the primary server."
- Right-click the Rcegetter.bat file, and click Edit.
- Find the following lines in the Rcegetter.bat file:
move %systemdrive%\*.xdb <path>
- Replace <path> with the path to the directory where Symantec AntiVirus Corporate Edition is installed.
The default path depends on the version of Symantec AntiVirus:
- In Symantec AntiVirus Corporate Edition 8.x, the default path is C:\Program Files\SAV.
- In Symantec AntiVirus Corporate Edition 9.x, the default path is C:\Program Files\Symantec AntiVirus.
If long path names are used, then make sure to enclose all path names in quotation marks, as shown in the Examples section.
- Test Rcegetter.bat by executing each command, line by line, from a command prompt. A DOS window shows the progress of the download.
- Schedule Rcegetter.bat to get regular definition updates. Rcegetter will download the current version of the Rapid Release .XDB file.
Examples
The Rcegetter.bat file should appear as follows if Symantec AntiVirus Corporate Edition 8.x was installed to the default path:
ftp -s:Rcescript.txt
call "%systemdrive%\navup8.exe"
move %systemdrive%\*.xdb "C:\Program Files\SAV"
del /q %systemdrive%\navup8.exe
The Rcegetter.bat file should appear as follows if Symantec AntiVirus Corporate Edition 9.x was installed to the default path:
ftp -s:Rcescript.txt
call "%systemdrive%\navup8.exe"
move %systemdrive%\*.xdb "C:\Program Files\Symantec AntiVirus"
del /q %systemdrive%\navup8.exe
To modify Rcegetter.bat to run from a computer that is not the primary server
- Right-click the Rcegetter.bat file, and click Edit.
- Find the following line in the Rcegetter.bat file:
move %systemdrive%\*.xdb <path>
- Change <path> to the directory where Symantec AntiVirus Corporate Edition is installed on the primary server. By default, this directory is shared as VPHOME.
Note: <path> can be a mapped drive to the primary server or a UNC path. Symantec recommends using short file names. For example, if the server is mapped as drive x, you could use the following line:
move %systemdrive%\*.xdb x:\VPHOME
You can also specify a UNC path such as the example below, where you replace <server name> with the name or IP address of the primary server:
move %systemdrive%\*.xdb \\<server name>\VPHOME
To copy files into the VPHOME share, change the share permissions to allow access (Full Control) to the account that Rcegetter is running under. The default permissions on that share is "Read" for "Everyone."
To modify the Rcescript.txt file to reflect the proper drive letter
- Right-click the Rcescript.txt file, and then click Edit.
- Find the following line in the Rcescript.txt file:
lcd C:\
- Change the C to the drive letter of the drive where Windows is installed.
- Save your changes.
Common problems and resolutions
- Incorrect path: Verify that the path to the directory where Symantec AntiVirus Corporate Edition is installed is correct. The file path should use short file names (DOS). If using long file names, enclose the path in quotation marks.
- Proxy or firewall issues: If you are using a proxy or firewall that blocks FTP communications, Rcegetter will not work. You must allow FTP traffic for the FTP session to succeed. If your proxy or firewall requires authentication, be sure to run the scheduled event using a user name and password that will authenticate and allow access.
- Permissions: Verify that you can copy the .xdb file into the location on the primary server under the account that Rcegetter is scheduled with.
Document ID: 2004022511314548
Last Modified: 02/15/2006
Date Created: 02/25/2004
Operating System(s): Windows 98, Windows Me, Windows NT 4.0 SP6a, Windows 2000 Professional, Windows XP Home, Windows XP Professional Edition, NetWare 5.0, NetWare 6.0, Windows Server 2003 32-bit Edition
Product(s): Symantec AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition 9.0
Release(s): SAV 8.0 [All Releases], SAV 9.0 [All Releases]
Cart
PRINT THIS PAGE