Acquiring Virus Definitions Using a Local Repository

The following procedure describes one way to download the required files from McAfee's HTTP server, then make them available to Powertech Antivirus using an FTP server, a local path, or a network path. (This example uses a Windows server, but an AIX or Linux server could be used instead.)

Firewall Configuration

When using a local repository for virus updates, the local endpoints running Powertech Antivirus for IBM i acquire the virus definition files (DAT files) from a server configured to host the virus definitions for the local network. The local server that hosts the latest virus definitions, the repository server, must be configured to allow downloads from McAfee’s remote virus definition server over HTTP (http://update.nai.com). Previously, McAfee used an FTP server for this purpose instead of the current HTTP server. If a firewall rule exclusion previously allowed FTP to be used with update.nai.com, that rule should be removed from the firewall.

Download the DAT Files Using a Windows PC

You can use a PowerShell script to download the DAT files (PowerShell is built into Windows 10). 

1. Copy the following text into Notepad and save the file as “getdats.ps1” into an empty directory:

   $url = 'http://update.nai.com/products/commonupdater/'
   Invoke-WebRequest $url'oem.ini' -OutFile 'oem.ini'
   Invoke-WebRequest $url'gdeltaavv.ini' -OutFile 'gdeltaavv.ini'
   $site = Invoke-WebRequest -UseBasicParsing -Uri $url
   $table = $site.links | ?{ $_.href.ToLower().Contains('avvdat-') } | sort href -desc | select href -first 1
   $filename = $table.href.ToString()
   Invoke-WebRequest $url$filename -OutFile $filename
   Expand-Archive -Force $filename .
   Get-ChildItem $Path -Recurse | Where-Object {($_.Name -like '*-*') -and ($_.LastWriteTime -lt (Get-Date).AddDays(-2))} | Remove-Item -Recurse
   

2. Copy the following text into Notepad and save the file as “getdats.bat”:

   @ECHO OFF
   PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command "& './getdats.ps1'"

3. Open a command window and execute the batch file getdats.bat. This will execute the PowerShell script to download and extract the appropriate .zip file from McAfee’s HTTP server into the current directory. Once completed the directory will be as follows:

   06/19/2019  08:25 AM    <DIR>          .
   06/19/2019  08:25 AM    <DIR>          ..
   06/19/2019  07:00 AM           833,041 avvclean.dat
   06/19/2019  08:24 AM       121,669,129 avvdat-9292.zip
   06/19/2019  08:24 AM           730,425 avvnames.dat
   06/19/2019  07:00 AM       102,055,422 avvscan.dat
   06/19/2019  08:23 AM             2,151 gdeltaavv.ini
   04/29/2019  12:22 PM                89 getdats.bat 
   06/19/2019  08:40 AM               606 getdats.ps1
   06/19/2019  07:00 AM             8,170 legal.txt
   06/19/2019  08:23 AM             2,034 oem.ini
   		7 File(s)    243,301,067 bytes

4. Schedule the batch file to be executed once a day, every day. You can use any scheduler to do this, including the Windows Task Scheduler included with Windows.

   Ensure the working directory of the action is set to the directory of the getdats.bat file. For example, if the getdats.bat file's full path is C:\HelpSystems\PTAV-i\getdats.bat, specify C:\HelpSystems\PTAV-i as the working directory.

   If you use Windows Task Scheduler, you can configure the working directory as follows:

   1. Double-click the task to display its Properties.
   2. Choose the Actions tab.
   3. Select the 'Start a program' action and click Edit.
   4. Enter the working directory in the field 'Start in (optional)'. (Note: Do not put the value in quotation marks.)
   5. Click OK, then OK again.

Note: A method of monitoring the above process to ensure it is continuously running is recommended.

Make the DAT Files Available to Powertech Antivirus for IBM i

Now that you have the virus definition files in a directory on your network, the next step is to configure Powertech Antivirus for IBM i to retrieve the files from an alternate source. There are two main methods:

• Set the endpoints running Powertech Antivirus for IBM i to download them via FTP.
• Share the files over a file share from a Windows server, configure the QNTC file system on the IBM i to include the file share, and configure Powertech Antivirus for IBM i to download them via the *PATH method.

These methods are described below.

Using FTP

1. Identify an internal system that is configured as an FTP server.
2. Verify that you can connect from the IBM i to that server using FTP using the command ftp xx.xx.xx, where "xx.xx.xx.xx" is the IP address of the server. If you can connect, so can Powertech Antivirus for IBM i.
3. Identify the folder on the server that is shared via FTP. There is at least one directory that the FTP server shares (for example, a "C:\FTP Files" directory).
4. Use the STANDGUARD/AVCHGUPDA command to set the Transfer Method to *FTP, change the FTP Location to the address of the FTP server, and to specify the FTP user and password.

Example:

AVCHGUPDA FROM(*FTP) FTP(IP-address/directory) FTPUSER(user) FTPPWD(password)

Be sure to add the path to the end of the server's address. If the DAT files are located in the user's home or root directory, then specify / after the address.

Using a Windows File Share

1. Identify an internal Windows PC or Windows server that is configured to share files.
2. Configure the QNTC file system on the IBM i so that the file share from the Windows system is mounted. The QNTC file system makes shared files on a Windows system visible in an IFS. The configuration of the QNTC file system is described in the following IBM document: https://www.ibm.com/support/pages/how-access-file-shares-ibm-i-using-qntc.
3. Once the QNTC file system has been configured, determine the directory (path) of the Windows file share in the IFS of the IBM i.
4. Use the STANDGUARD/AVCHGUPDA command to change the Transfer Method to *PATH and the Path to the IFS path that you determined in the preceding step.

Example:

AVCHGUPDA FROM(*PATH) PATH(/QNTC/server-name/share-name)

Other Methods 

You can also automate one or both of the above procedures using a managed file transfer solution such as GoAnywhere Managed File Transfer or Globalscape’s Enhanced File Transfer, or an automation solution such as Automate.