Re: NAI AntiVirus Update Problem

• To: NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
• Subject: Re: NAI AntiVirus Update Problem
• From: Ryan Hill <ryanTVW.ORG>
• Date: Thu, 6 May 1999 10:14:54 -0700
• Approved-By: Russ.CooperRC.ON.CA
• Reply-To: Ryan Hill <ryanTVW.ORG>
• Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>

The latest release 4.0.3.345 build also has known issues using the Internet
AutoUpdate feature for updating dat files.  During Internet AutoUpdate
sessions, the message "could not connect to AutoUpdate server" is displayed
and the virus signature datfiles are *not* upgraded, despite correct
configuration in the registry.

The current configuration key for Internet update is:

HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\Update\ScriptLoc

It is of type REG_SZ and correctly reports the update location of
"/pub/antivirus/datfiles/4.x".
The current workaround is to manually download dat file updates and to
update the files locally from the Exchange Server.  My tests attempting to
update the datfiles remotely from another workstation with updated dat files
have not been successful.

If you choose to NOT install client scanning features of the product, an
error will occur when you attempt to access the Anti-Virus settings for any
mailbox.  The message reads: "ERROR: The mailbox for notifications cannot be
resolved.  Please reselect the mailbox."  This error message is also a known
issue and while cryptic, will probably be fixed in the next service pack or
build.  It does not have any adverse affects that I have noticed (other than
confusing Exchange Admins).

The incorrect version reporting has been corrected in this release.

There is also and incorrect version key created in the registry during the
install:
"HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\4.0.2" should read 4.0.3 but
this bug does not have any obvious affects on server operation and is not
reported in the release notes for the product.  This bug has been reported
to NAI tech support by myself during a previously opened support incident.

Finally, a few notes on the installation of this product.  GroupShield 4.x
installations are VERY picky about account permissions and in addition to
the very specific installation line items mentioned in the release notes,
the following are also required but not mentioned (probably assumed).

1.) Administrative shares must be active on the drive where Groupshield is
to be installed.
2.) The Exchange Service Account (also used for installation) must have FULL
CONTROL permissions to all Exchange related shares.
3.) The Exchange Service Account must also have FULL CONTROL NTFS
permissions to all Exchange Server operating directories.

This bug has also been reported to NAI tech support by myself during a
previously opened support incident.

Regards,
Ryan

_____________
Ryan Hill
CIC, MCP + I
TVW, Washington State's Public Affairs Network
e-mail: ryantvw.org   phone: (360) 586-5555
http://www.tvw.org

PGP Key available from standard keyservers.

> A couple of people have pointed out the correct location is
> ftp://ftp.nai.com/pub/antivirus/datfiles/4.x. Silly me, I was
> going by a
> whatsnew.txt file stating that this was the location.
>
> Oh and sorry about the date on the last message, playing with
> intrusion
> detection and replay attacks and was monkeying with the date.
>
>     Simple Nomad    //
>  thegnomenmrc.org  //  ....no rest for the Wicca'd....
>     www.nmrc.org    //
>

• Prev by Date: NET USE to 16 Character Dotted-DNS Name May Fail
• Next by Date: Re: REPORT: Profile problems & solution
• Prev by thread: NAI AntiVirus Update Problem
• Next by thread: NTFixes page back on-line
• Index(es):
  • Date
  • Thread