cancel
Showing results for 
Search instead for 
Did you mean: 
gravey80
Level 7

Command Line Scanner DAT Update Script

Jump to solution

Hi All,

I am using Command Line Scanner on one of my windows servers and was wondering if anyone has a script that will download the latest avdat-XXXX.zip file, unzip it to the command line scanner directory and decompress the files?

Thanks,

Gravey

0 Kudos
1 Solution

Accepted Solutions
rackroyd
Level 16

Re: Command Line Scanner DAT Update Script

Jump to solution

Note that in a Windows environment all you need to do is copy the local dats from VirusScan if it's installed on the same machine.

The files would be: avvscan.dat, avvnames.dat & avvclean.dat.

Not sure why you would want to use a command line scan over the VirusScan on-demand scanner though !

Or you could download the daily xdat from the McAfee update site and run it with the /e switch to extract the same files.

You could automate the download using something like Wget.

Rgds,

Rob.

0 Kudos
14 Replies
obelicks
Level 9

Re: Command Line Scanner DAT Update Script

Jump to solution

I saw nice script within rapier tools

http://code.google.com/p/rapier/

maybe you can take a look on mcafee script included.

0 Kudos
gravey80
Level 7

Re: Command Line Scanner DAT Update Script

Jump to solution

thanks but I dont think it is really what I am looking for, I'd need to hack that script to bits to get it to work.

Surely someone has done this before.....I cant imagine people manually updating every day?

0 Kudos
obelicks
Level 9

Re: Command Line Scanner DAT Update Script

Jump to solution

if you're updating it everyday then i think should find a way to incremental update instead..

smaller than you download the full blown whole av-dat which may need you to download 8+mb everyday

to be honest i;m not sure how incremental DAT works.

or another method

if you having local computer with updated DAT normally reside on C:\Program Files\Common Files\McAfee\Engine

maybe you can just shared the DAT location and you can copied over to you command line server.

Simple script can be writen to copy over right?

0 Kudos
rackroyd
Level 16

Re: Command Line Scanner DAT Update Script

Jump to solution

Incremental dats will not work with the command line scanner.

For an example ftp script to use with the Unix command line scanner see support article: KB67513 - Downloading the AVV-Dat package for use with VirusScan Command Line 6.0 (VSCL)

Rgds,

Rob.

0 Kudos
rackroyd
Level 16

Re: Command Line Scanner DAT Update Script

Jump to solution

Note that in a Windows environment all you need to do is copy the local dats from VirusScan if it's installed on the same machine.

The files would be: avvscan.dat, avvnames.dat & avvclean.dat.

Not sure why you would want to use a command line scan over the VirusScan on-demand scanner though !

Or you could download the daily xdat from the McAfee update site and run it with the /e switch to extract the same files.

You could automate the download using something like Wget.

Rgds,

Rob.

0 Kudos
gravey80
Level 7

Re: Command Line Scanner DAT Update Script

Jump to solution

Thanks Rob/Obelicks,

this seems to be the answer.

As to why I am using Command Line Scanner on a windows box - I use it for our mail filtering software.

Currently I am not running VirusScan 8.7 on the mail gateway as during my testing it stopped mail flow, so I need to find out what settings I need to tweak on VirusScan to ensure it doesnt affect mail flow - I havent gotten around to doing this yet.

I will work on getting the On-Access Scanner working and then schedule a copy of the files each day.

Thanks!

Message was edited by: gravey80 on 6/10/10 6:43:40 PM
0 Kudos
rackroyd
Level 16

Re: Command Line Scanner DAT Update Script

Jump to solution

If it's used for mail filtering you should take a look at KB69097 - 'Statement for VirusScan Command Line Scanner 6 when integrated with email or gateway scanning.'

The Current Command Line Scanner is not necessarily suited to be used in this manner i'm afraid.

0 Kudos
rmetzger
Level 14

Re: Command Line Scanner DAT Update Script

Jump to solution

gravey80 wrote:

Thanks Rob/Obelicks,

this seems to be the answer.

As to why I am using Command Line Scanner on a windows box - I use it for our mail filtering software.

Currently I am not running VirusScan 8.7 on the mail gateway as during my testing it stopped mail flow, so I need to find out what settings I need to tweak on VirusScan to ensure it doesnt affect mail flow - I havent gotten around to doing this yet.

I will work on getting the On-Access Scanner working and then schedule a copy of the files each day.

Thanks!

Message was edited by: gravey80 on 6/10/10 6:43:40 PM

Hi,

As Rob and Obelicks have already stated, the command line scanner is not necessarily the best for email scanning. However, if you need to do this, I would suggest optimizing the DAT file into the Runtime version so that after an update is done, you convert to the Runtime environment to speed the scanning significantly.

Normal DAT filess vs Runtime DAT files (KB69862):


Solution



















Normal DAT filesRuntime DAT files
The Normal copy of DAT files are much simpler in format  with optimization designed for downloads of daily incremental files  (signatures). So, downloading the normal DAT updates has a priority of  using as little bandwidth as needed, but is not well optimized for local  performance.The Runtime DAT is optimized for high local performance.  It is a rebuild (as some might say) of the normal DAT files, so that  the memory and CPU resources needed to operate are balanced for best  performance.
Advantage: Faster download

Advantage: Faster system



This can be done for the Command Line Scanner as well, and save between 5 to 10 seconds for ever email that is scanned.

Once the updated DAT files are in your prescribed Scanner directory, issue the command from that directory:

Scan /DECOMPRESS

which creates new versions of avvscan.dat, avvnames.dat, avvclean.dat, and runtime.dat.

VirusScan Command Line Scanner (Windows or Unix) does not start immediately (KB68023):


Cause



When scanning with the VirusScan Command Line Scanner (scan.exe for Windows, or uvscan for Unix), the scan can be delayed for 5 to 10 seconds every time a new scan is launched.

NOTE: This delay only occurs at the beginning of  the scan and does not affect the scan times of files. As with previous  versions of the scanner, individual files require a few milliseconds per  file scanned. When scanning multiple files, this delay is only seen  when the scan is being initialized and not throughout the entire scan.

This initialization delay means that using the VirusScan Command Line Scanner for multiple consecutive scans of individual files might take longer than expected.




Problem 1


Unlike previous versions of the scanner, VirusScan Command Line Scanner 6.0 uses V2 DATs.

By default, V2 DATs are compressed and must be decompressed in memory  before they can be used in the scan. This  required decompression increases the initialization time at the start of  a scan.




Solution


This is expected because of the V2 DAT file architecture .

Where possible, McAfee recommends scanning files in batches with the  VirusScan Command Line Scanner. In this scenario, the extra  decompression time occurs only once at the beginning of the scan.





Workaround


As a workaround, you can speed up the scan time by pre-processing the V2 DATs with the DECOMPRESS switch. To do this:


  • In Windows, extract the AVVDat files to the install folder then type scan.exe /decompress and press ENTER

  • In Unix, extract the AVVDat files to the install folder then type uvscan --decompress and press ENTER


This extracts and rewrite the AVVDat files so that the initialization times for a scan will be improved.

NOTE: You must do this decompression after each DAT update.

Hopefully this will help improve otherwise bad performance when scanning email messages individually.

Let us know if this helps.

Ron Metzger

0 Kudos
gravey80
Level 7

Re: Command Line Scanner DAT Update Script

Jump to solution

Hi Guys,

thanks for the useful information.  I have already been running the /decompress switch after I have been updating the DATS and have also give the scanner more cache when decompressing archive files using the /AFC switch, to mitigate the performance issues.  I have been using this for a month or two now and all seems fine.  We only send and receive about 500 messages per day, so this seems fine for our needs so far.

I have now installed VirusScan 8.7 (disabling the mass mailer policy) and have scheduled a job to copy the DATS daily and then decompress them, which works very well.

Thanks again for all your input, it is much appreciated

0 Kudos