This article describes how to download the latest virus definition updates from McAfee's HTTP server for use with Powertech Antivirus for IBM i.
There are two methods described below. The first employs HelpSystems Insite's local DAT file repository. The second does not require a HelpSystems Insite server.
These instructions describe how to download the latest virus definitions (DAT files) from McAfee onto an internal intermediate server running HelpSystems Insite, and configure Powertech Antivirus for IBM i to update the virus definitions from that server. This method employs Insite's Local DAT File Repository feature.
This method requires a HelpSystems Insite server including the Powertech Antivirus module. HelpSystems Insite is a free browser-based console used to manage many HelpSystems products. For a general product overview, see HelpSystems Insite on www.helpsystems.com.
If you intend to use an existing Insite server, it must be version of 3.0.4 or higher. In Insite, the installed version is listed under Account > Getting Started > HelpSystems Insite.
To confirm the Powertech Antivirus module is installed, click (upper left) and ensure "Powertech Antivirus" is listed.
To acquire the latest version of HelpSystems Insite, download the installation file from the HelpSystems Insite Download page on the Customer Portal. This page also includes the system requirements as well as instructions for installing, licensing, and configuring Insite. During the installation procedure, you will have the option to include the Powertech Antivirus module as part of the Insite installation wizard.
If Internet access from the Insite server is controlled by a firewall, the firewall must allow that server to access the Internet over the URLs specified in the "Powertech Antivirus" section of Ports and URLs Used by HelpSystems Insite.
If a firewall controls communication between the IBM i system(s) and the Insite server, configure the firewall to allow the following communication for each IBM i that Powertech Antivirus for IBM i will be used on:
If the Windows or Linux Insite server is already running an FTP server (for example, the Windows IIS FTP server), that FTP server must be ended and disabled/removed, or a different server must be used. This is because Insite implements its own server in order to provide virus definitions to the IBM i. When both Insite's FTP server and a different FTP server are active, Powertech Antivirus for IBM i cannot reliably connect to Insite's FTP server, and as a result, may not be able to download the virus definitions.
Note: It is not necessary to configure a Powertech Antivirus license or IBM i Product Connection in Insite.
ADDLIBLE STANDGUARD
AVCHGUPDA FROM(*FTP) FTP('your_Insite_server_name_or_IP_address/current') FTPUSER('*ANONYMOUS')
It can take several minutes for Powertech Antivirus for IBM i to display this message. If any other message appears, the test is not successful. In that case, double-check that the system requirements have been met. If a proxy server is used, ensure that its URL was entered correctly. If you have confirmed the settings, retested, and not achieved a successful result, please contact HelpSystems Support.
Use this method if you prefer an alternative to using HelpSystems Insite's DAT file repository that allow you to use an FTP server, a local path, or a network path.
The following example uses a Windows server, but an AIX or Linux server could be used instead.
When using a local repository for virus updates, the local endpoints running Powertech Antivirus for IBM i acquire the virus definition files (DAT files) from a server configured to host the virus definitions for the local network. The local server that hosts the latest virus definitions, the repository server, must be configured to allow downloads from McAfee’s remote virus definition server over HTTP (http://update.nai.com). Previously, McAfee used an FTP server for this purpose instead of the current HTTP server. If a firewall rule exclusion previously allowed FTP to be used with update.nai.com, that rule should be removed from the firewall.
You can use a PowerShell script to download the DAT files (PowerShell is built into Windows 10).
$url = 'http://update.nai.com/products/commonupdater/'
Invoke-WebRequest $url'oem.ini' -OutFile 'oem.ini'
Invoke-WebRequest $url'gdeltaavv.ini' -OutFile 'gdeltaavv.ini'
$site = Invoke-WebRequest -UseBasicParsing -Uri $url
$table = $site.links | ?{ $_.href.ToLower().Contains('avvdat-') } | sort href -desc | select href -first 1
$filename = $table.href.ToString()
Invoke-WebRequest $url$filename -OutFile $filename
Expand-Archive -Force $filename .
Get-ChildItem $Path -Recurse | Where-Object {($_.Name -like '*-*') -and ($_.LastWriteTime -lt (Get-Date).AddDays(-2))} | Remove-Item -Recurse
@ECHO OFF PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command "& './getdats.ps1'"
06/19/2019 08:25 AM <DIR> . 06/19/2019 08:25 AM <DIR> .. 06/19/2019 07:00 AM 833,041 avvclean.dat 06/19/2019 08:24 AM 121,669,129 avvdat-9292.zip
06/19/2019 08:24 AM 730,425 avvnames.dat 06/19/2019 07:00 AM 102,055,422 avvscan.dat 06/19/2019 08:23 AM 2,151 gdeltaavv.ini 04/29/2019 12:22 PM 89 getdats.bat
06/19/2019 08:40 AM 606 getdats.ps1 06/19/2019 07:00 AM 8,170 legal.txt 06/19/2019 08:23 AM 2,034 oem.ini 7 File(s) 243,301,067 bytes
Ensure the working directory of the action is set to the directory of the getdats.bat file. For example, if the getdats.bat file's full path is C:\HelpSystems\PTAV-i\getdats.bat
, specify C:\HelpSystems\PTAV-i
as the working directory.
If you use Windows Task Scheduler, you can configure the working directory as follows:
Note: A method of monitoring the above process to ensure it is continuously running is recommended.
Now that you have the virus definition files in a directory on your network, the next step is to configure Powertech Antivirus for IBM i to retrieve the files from an alternate source. There are two main methods:
These methods are described below.
ftp xx.xx.xx
, where "xx.xx.xx.xx" is the IP address of the server. If you can connect, so can Powertech Antivirus for IBM i.Example:
AVCHGUPDA FROM(*FTP) FTP(IP-address/directory) FTPUSER(user) FTPPWD(password)
Be sure to add the path to the end of the server's address. If the DAT files are located in the user's home or root directory, then specify / after the address.
Example:
AVCHGUPDA FROM(*PATH) PATH(/QNTC/server-name/share-name)
You can also automate the transfer of the virus definitions to an internal server, the transfer of the virus definitions from an internal server to the IBM i, or both using a managed file transfer solution such as GoAnywhere Managed File Transfer or Globalscape’s Enhanced File Transfer, or an automation solution such as Automate.
Still have questions? We can help. Submit a case to Technical Support.