Acquiring Virus Definitions Using a Local Repository

This article describes how to download the latest virus definition updates from McAfee's HTTP server for use with Powertech Antivirus for IBM i. 

There are two methods described below. The first employs HelpSystems Insite's local DAT file repository. The second does not require a HelpSystems Insite server.

Acquiring Virus Definitions with HelpSystems Insite's Local Repository

These instructions describe how to download the latest virus definitions (DAT files) from McAfee onto an internal intermediate server running HelpSystems Insite, and configure Powertech Antivirus for IBM i to update the virus definitions from that server. This method employs Insite's Local DAT File Repository feature. 

This method requires a HelpSystems Insite server including the Powertech Antivirus module. HelpSystems Insite is a free browser-based console used to manage many HelpSystems products. For a general product overview, see HelpSystems Insite on www.helpsystems.com. 

Insite Requirements

If you intend to use an existing Insite server, it must be version of 3.0.4 or higher. In Insite, the installed version is listed under Account > Getting Started > HelpSystems Insite. 

To confirm the Powertech Antivirus module is installed, click   (upper left) and ensure "Powertech Antivirus" is listed.

To acquire the latest version of HelpSystems Insite, download the installation file from the HelpSystems Insite Download page on the Customer Portal. This page also includes the system requirements as well as instructions for installing, licensing, and configuring Insite. During the installation procedure, you will have the option to include the Powertech Antivirus module as part of the Insite installation wizard. 

Communications Requirements

If Internet access from the Insite server is controlled by a firewall, the firewall must allow that server to access the Internet over the URLs specified in the "Powertech Antivirus" section of Ports and URLs Used by HelpSystems Insite. 

If a firewall controls communication between the IBM i system(s) and the Insite server, configure the firewall to allow the following communication for each IBM i that Powertech Antivirus for IBM i will be used on:

• Source: IBM i
• Destination: Insite server
• Protocol: FTP

If the Windows or Linux Insite server is already running an FTP server (for example, the Windows IIS FTP server), that FTP server must be ended and disabled/removed, or a different server must be used. This is because Insite implements its own server in order to provide virus definitions to the IBM i. When both Insite's FTP server and a different FTP server are active, Powertech Antivirus for IBM i cannot reliably connect to Insite's FTP server, and as a result, may not be able to download the virus definitions.

Configuring the Insite DAT File Repository

1. In Insite, click   (upper left) and select Powertech Antivirus.
2. Choose Settings. The Powertech Antivirus Settings screen appears. Configure these settings as follows:
   • Set the top option (under the heading "Virus Definition (DAT) Repository Common Settings") to On. This instructs the Powertech Antivirus service to download the DAT files.
   • Set Use HTTPS to On if your organization only supports HTTPS access but not HTTP access.
   • Set DAT Update Frequency to 60 (minutes).
   • If an HTTP Proxy Server is used, set the HTTP Proxy Server option to On and specify the proxy server URL. Example: http://my_proxy_server_name_or_ip_address:8080
   • If Powertech Antivirus for Linux/AIX is being used in addition to Powertech Antivirus for IBM i in this environment, set Automatically Update Endpoints when DAT Updates are Available to On. Otherwise, leave it Off.
   • Set Virus Definition (DAT) Repository FTP Service Settings to On.
3. Click Save.

   Note: It is not necessary to configure a Powertech Antivirus license or IBM i Product Connection in Insite.

4. To confirm the latest DAT files are being downloaded, go to Powertech Antivirus > Home. In the Endpoint Status section, under Outdated DAT Level, the Current DAT date, shown in parenthesis, should be the current date. (The date is displayed in YYYY-MM-DD format.) For Last DAT Check, the date shown should also be the current date.

Updating DAT Files   

1. On all IBM i systems that will download DAT updates from the Insite server, configure the DAT update process as follows:

   ADDLIBLE STANDGUARD 
   AVCHGUPDA FROM(*FTP) FTP('your_Insite_server_name_or_IP_address/current') FTPUSER('*ANONYMOUS')

2. On the IBM i, run the command AVRUNUPD. One of the following messages should appear:
   • "No update required, local and remote versions are [version number]"
   • "Virus definitions successfully updated to version [version number]"

     It can take several minutes for Powertech Antivirus for IBM i to display this message. If any other message appears, the test is not successful. In that case, double-check that the system requirements have been met. If a proxy server is used, ensure that its URL was entered correctly. If you have confirmed the settings, retested, and not achieved a successful result, please contact HelpSystems Support.

Acquiring Virus Definitions without HelpSystems Insite

Use this method if you prefer an alternative to using HelpSystems Insite's DAT file repository that allow you to use an FTP server, a local path, or a network path.

The following example uses a Windows server, but an AIX or Linux server could be used instead.

Firewall Configuration

When using a local repository for virus updates, the local endpoints running Powertech Antivirus for IBM i acquire the virus definition files (DAT files) from a server configured to host the virus definitions for the local network. The local server that hosts the latest virus definitions, the repository server, must be configured to allow downloads from McAfee’s remote virus definition server over HTTP (http://update.nai.com). Previously, McAfee used an FTP server for this purpose instead of the current HTTP server. If a firewall rule exclusion previously allowed FTP to be used with update.nai.com, that rule should be removed from the firewall.

Download the DAT Files Using a Windows PC

You can use a PowerShell script to download the DAT files (PowerShell is built into Windows 10). 

1. Copy the following text into Notepad and save the file as “getdats.ps1” into an empty directory:

   $url = 'http://update.nai.com/products/commonupdater/'
   Invoke-WebRequest $url'oem.ini' -OutFile 'oem.ini'
   Invoke-WebRequest $url'gdeltaavv.ini' -OutFile 'gdeltaavv.ini'
   $site = Invoke-WebRequest -UseBasicParsing -Uri $url
   $table = $site.links | ?{ $_.href.ToLower().Contains('avvdat-') } | sort href -desc | select href -first 1
   $filename = $table.href.ToString()
   Invoke-WebRequest $url$filename -OutFile $filename
   Expand-Archive -Force $filename .
   Get-ChildItem $Path -Recurse | Where-Object {($_.Name -like '*-*') -and ($_.LastWriteTime -lt (Get-Date).AddDays(-2))} | Remove-Item -Recurse
   

2. Copy the following text into Notepad and save the file as “getdats.bat”:

   @ECHO OFF
   PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command "& './getdats.ps1'"

3. Open a command window and execute the batch file getdats.bat. This will execute the PowerShell script to download and extract the appropriate .zip file from McAfee’s HTTP server into the current directory. Once completed the directory will be as follows:

   06/19/2019  08:25 AM    <DIR>          .
   06/19/2019  08:25 AM    <DIR>          ..
   06/19/2019  07:00 AM           833,041 avvclean.dat
   06/19/2019  08:24 AM       121,669,129 avvdat-9292.zip
   06/19/2019  08:24 AM           730,425 avvnames.dat
   06/19/2019  07:00 AM       102,055,422 avvscan.dat
   06/19/2019  08:23 AM             2,151 gdeltaavv.ini
   04/29/2019  12:22 PM                89 getdats.bat 
   06/19/2019  08:40 AM               606 getdats.ps1
   06/19/2019  07:00 AM             8,170 legal.txt
   06/19/2019  08:23 AM             2,034 oem.ini
   		7 File(s)    243,301,067 bytes

4. Schedule the batch file to be executed once a day, every day. You can use any scheduler to do this, including the Windows Task Scheduler included with Windows.

   Ensure the working directory of the action is set to the directory of the getdats.bat file. For example, if the getdats.bat file's full path is C:\HelpSystems\PTAV-i\getdats.bat, specify C:\HelpSystems\PTAV-i as the working directory.

   If you use Windows Task Scheduler, you can configure the working directory as follows:

   1. Double-click the task to display its Properties.
   2. Choose the Actions tab.
   3. Select the 'Start a program' action and click Edit.
   4. Enter the working directory in the field 'Start in (optional)'. (Note: Do not put the value in quotation marks.)
   5. Click OK, then OK again.

Note: A method of monitoring the above process to ensure it is continuously running is recommended.

Make the DAT Files Available to Powertech Antivirus for IBM i

Now that you have the virus definition files in a directory on your network, the next step is to configure Powertech Antivirus for IBM i to retrieve the files from an alternate source. There are two main methods:

• Set the endpoints running Powertech Antivirus for IBM i to download them via FTP.
• Share the files over a file share from a Windows server, configure the QNTC file system on the IBM i to include the file share, and configure Powertech Antivirus for IBM i to download them via the *PATH method.

These methods are described below.

Using FTP

1. Identify an internal system that is configured as an FTP server.
2. Verify that you can connect from the IBM i to that server using FTP using the command ftp xx.xx.xx, where "xx.xx.xx.xx" is the IP address of the server. If you can connect, so can Powertech Antivirus for IBM i.
3. Identify the folder on the server that is shared via FTP. There is at least one directory that the FTP server shares (for example, a "C:\FTP Files" directory).
4. Use the STANDGUARD/AVCHGUPDA command to set the Transfer Method to *FTP, change the FTP Location to the address of the FTP server, and to specify the FTP user and password.

Example:

AVCHGUPDA FROM(*FTP) FTP(IP-address/directory) FTPUSER(user) FTPPWD(password)

Be sure to add the path to the end of the server's address. If the DAT files are located in the user's home or root directory, then specify / after the address.

Using a Windows File Share

1. Identify an internal Windows PC or Windows server that is configured to share files.
2. Configure the QNTC file system on the IBM i so that the file share from the Windows system is mounted. The QNTC file system makes shared files on a Windows system visible in an IFS. The configuration of the QNTC file system is described in the following IBM document: https://www.ibm.com/support/pages/how-access-file-shares-ibm-i-using-qntc.
3. Once the QNTC file system has been configured, determine the directory (path) of the Windows file share in the IFS of the IBM i.
4. Use the STANDGUARD/AVCHGUPDA command to change the Transfer Method to *PATH and the Path to the IFS path that you determined in the preceding step.

Example:

AVCHGUPDA FROM(*PATH) PATH(/QNTC/server-name/share-name)

Other Methods 

You can also automate the transfer of the virus definitions to an internal server, the transfer of the virus definitions from an internal server to the IBM i, or both using a managed file transfer solution such as GoAnywhere Managed File Transfer or Globalscape’s Enhanced File Transfer, or an automation solution such as Automate.