Using a PC to Download Virus Definitions
Powertech Antivirus for IBM i provides everything you need to reliably download virus definitions automatically from Trellix's HTTP server. The process utilizes "micro-updates" to minimize the size and time required to download the full virus definition files. However if you would rather implement you own procedures for supplying the virus definition files then you will need to do the following:
- Download the required files from Trellix's HTTP server.
- Make the files available to Powertech Antivirus for IBM i. Files can br retrieved from an FTP server, a local path, or a network path.
- Some method of monitoring the process to ensure it is always working (recommended).
Firewall Configuration
In order to acquire Trellix virus definition updates, the system's firewall must be configured to allow them. Virus updates are acquired either directly from Trellix, or from a server configured to host the virus definitions for the local network. In either, you must configure the firewall of the system receiving the virus definitions from Trellix to allow HTTP downloads from http://update.nai.com.
Download DAT files using A Windows PC
You can use a PowerShell script to download the DAT files (PowerShell is built into Windows 10).
- Copy the following text into Notepad and save the file as “getdats.ps1” into an empty directory:
$url = 'http://update.nai.com/products/commonupdater/' Invoke-WebRequest $url'oem.ini' -OutFile 'oem.ini' Invoke-WebRequest $url'gdeltaavv.ini' -OutFile 'gdeltaavv.ini' $site = Invoke-WebRequest -UseBasicParsing -Uri $url $table = $site.links | ?{ $_.href.ToLower().Contains('avvdat-') } | sort href -desc | select href -first 1 $filename = $table.href.ToString() Invoke-WebRequest $url$filename -OutFile $filename Expand-Archive -Force $filename . Get-ChildItem $Path -Recurse | Where-Object {($_.Name -like '*-*') -and ($_.LastWriteTime -lt (Get-Date).AddDays(-2))} | Remove-Item -Recurse - Copy the following text into Notepad and save the file as “getdats.bat”
@ECHO OFF PowerShell.exe -NoProfile -ExecutionPolicy Bypass -Command "& './getdats.ps1'" - Open a command window and execute the batch file getdats.bat. This will execute the Powershell script to download and extract the appropriate .zip file from Trellix’s HTTP server into the current directory. Once completed the directory will be as follows:
06/19/2019 08:25 AM <DIR> . 06/19/2019 08:25 AM <DIR> .. 06/19/2019 07:00 AM 833,041 avvclean.dat 06/19/2019 08:24 AM 121,669,129 avvdat-9292.zip 06/19/2019 08:24 AM 730,425 avvnames.dat 06/19/2019 07:00 AM 102,055,422 avvscan.dat 06/19/2019 08:23 AM 2,151 gdeltaavv.ini 04/29/2019 12:22 PM 89 getdats.bat 06/19/2019 08:40 AM 606 getdats.ps1 06/19/2019 07:00 AM 8,170 legal.txt 06/19/2019 08:23 AM 2,034 oem.ini 7 File(s) 104,520,459 bytes - Schedule the batch file to be executed once a day, every day. You can use any scheduler to do this, including the Windows Task Scheduler included with Windows.
Ensure the working directory of the action is set to the directory of the getdats.bat file. For example, if the getdats.bat file's full path is C:\Fortra\PTAV-i\getdats.bat, specify C:\Fortra\PTAV-i as the working directory.
If you use Windows Task Scheduler, you can configure the working directory as follows:- Double-click the task to display its Properties.
- Choose the Actions tab.
- Select the 'Start a program' action and click Edit.
- Enter the working directory in the field 'Start in (optional)'. (Note: Do not put the value in quotation marks.)
- Click OK, then OK again.
Making DAT files available to Powertech Antivirus for IBM i
Now that you have the virus definition files listed on the previous page in a directory on your network, the next step is to configure Powertech Antivirus for IBM i to retrieve the files from an alternate source. There are two main methods:
- Put the files onto an internal FTP server, and set Powertech Antivirus for IBM i to download them via FTP.
- Share the files over a file share from a Windows server, configure the QNTC file system on the IBM i to include the file share, and configure Powertech Antivirus for IBM i to download them via the *PATH method.
These methods are described below.
Using FTP
- Identify an internal Windows or Linux system that is configured as an FTP server.
- Verify that you can connect from the IBM i to that server using FTP using the command ftp xx.xx.xx.xx, where "xx.xx.xx.xx" is the IP address of the server. If you can connect, so can Powertech Antivirus for IBM i.
- Identify the folder on the server that is shared via FTP. There is at least one directory that the FTP server shares (for example, a "C:\FTP Files" directory).
- Place the files that you downloaded previously into that directory.
- Use the STANDGUARD/AVCHGUPDA command to set the Transfer Method to *FTP, change the FTP Location to the address of the FTP server, and to specify the FTP user and password.
AVCHGUPDA FROM(*FTP) FTP(IP-address/directory) FTPUSER(user) FTPPWD(password).
Be sure to add the path to the end of the server's address. If the DAT files are located in the user's home or root directory, then specify / after the address.
Retrieving the DAT Files Using a Network Share
- Identify an internal Windows PC or Windows server that is configured to share files.
- Place the files that you downloaded previously into the shared directory on the Windows system.
- Configure the QNTC file system on the IBM i so that the file share from the Windows system is mounted. The QNTC file system makes shared files on a Windows system visible in an IFS. The configuration of the QNTC file system is described in the following IBM document: How to access file shares from IBM i using QNTC.
- Once the QNTC file system has been configured, determine the directory (path) of the Windows file share in the IFS of the IBM i.
- Use the STANDGUARD/AVCHGUPDA command to change the Transfer Method to *PATH and the Path to the IFS path that you determined in the preceding step.
AVCHGUPDA FROM(*PATH) PATH(/QNTC/server-name/share-name)