code:

---

$DefUpdate = '%compspec% /c "\\myserver\myshare\1101x86.exe /q"'
$RC = ""
$RC = READVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs","NAVCORP_70")
$RC = SUBSTR($RC,INSTR($RC,".")-8,8)
IF ((((@year-2000)*365)+@ydayno)-(((val(SUBSTR($RC,1,4))-2000)*365)+((val(SUBSTR($RC,5,2))-1)*30)+val(SUBSTR($RC,7,2))))>90
	RUN $DefUpdate
	$nul = MESSAGEBOX("Warning...Norton AntiVirus definition files are over 90 days old on this system.  Please wait while we attempt to update these files for you.", "Norton AntiVirus Definitions Check", 16)
ENDIF

---

[ 02 November 2001: Message edited by: NTDOC ]

My only problem with your method is the arbitrary 90 days you have set. With some of these new fast-propagating viruses, I'd want to make sure they have the most recent available. I was thinking of comparing the client pattern version to the NAV parent version.

Of course, I'd need to determine if they were managed. Since managed clients would get the update automatically after they logon, no push would be needed in the script.

I do have the odd clients that just stop getting pattern updates. I need to determine if that may be the case as well but need to allow for someone who had their PC turned off for the last few weeks. Since the server keeps the previous pattern, I thought I could check if the managed client is at the previous level, assuming that all is well and that they would be getting the update automatically. If they're further behind, I could toss a flag in an ini file. If on their next logon, the flag is there, it could indicate a problem. Postie to HelpDesk.

So far I've been relying on a public education campaign, posting the latest pattern date on our home page. This week it turned out my GM's NAV had stalled and needed a reinstall. Good thing he didn't get himself infected!

DOC, if you don't mind me digressing slightly, what if anything are you using to stop HTML based viruses from getting into your network? I mean, do you have something on your gateway or proxy? On my network, they are being stopped at the client. This does not bode well with me. I've been after corporate IT to put protection on the gateway, but they're complacent. My other option is to put some sort of appliance between my LAN and their router (WAN) or an AV product on my M$ Proxy 2 server. If I could get away with it, I'd put up a FireWall.

This is just a small piece of the puzzle. I'm at home now, but I have the code numbers from Symantec on what client settings mean.
We took a hard line approach and just say that ANYONE that connects to our network via any method MUST install and run our Managed version of NAV. No exceptions...
For Dialin I would check if they were coming in via Dialin or not and let them know. Since it is a large update I would probably only force dialin to update once every 2 weeks. The older versions did not update over a 56K modem, the new version seems to work by building up a piece of the update in the background and once it has the complete file it applies it. This could take a few dialins to complete, for those that don't work I would force it. For LAN/WAN yes, I would keep them up to the Parent Server versions. However, some clients have problems even though they are managed. On those I would FORCE the update via the script. There are too many little things that can keep a client from updating its self, thats where the script comes in.

The reason some clients fail is that somehow a GRC.DAT file gets a read only attribute, so it will never get deleted. I have a much bigger script that attempts to remedy known problems. Not done yet, I'll email you if you want, but I'm not quite ready to post the whole thing.

As far as other methods, we have a Firewall running on SUN box to all Internet traffic. has filters out the gazoo, we have a couple of different AntiVirus and filter routines on a Central mail hub that all external/Internet email must go through first. We have deleted and re-associate WSH to open with Calculator. We try to keep up our IIS Servers with the weekly patches

We do okay, but Nimda still hit a couple boxes. Can't seem to keep on top of all of the boxes out there. Some users bring in their own CD and install stuff on our Network. We often find out only after a problem arises.

Let me get some of the stuff together and I'll email you. Maybe you can help me finalize it and clean it up a little. Many SUB routines that kind of got messy.
Maybe we can work on it together offline since there appears to be at least a few others interested in this topic. Then when were ready we can post it and ask for suggestions at that time.

Let me know if your interested in helping out or not on a more complete solution.

[ 02 November 2001: Message edited by: NTDOC ]

This weekend I'm doing a pro bono Win2k AD install for a medical clinic here. It'll be my first, so wish me well. I'm an old NetWare hack.

Good luck and best wishes on AD...

I'll send you email soon.

So how did that AD stuff go?

Once they migrate their apps and data to the 2k server, we'll scrap NetWare and scrub/re-ghost the clients.

Code=============

$NavDef="1101" ;Only enter the month and day of the latest Norton definition file.
$Year="2001" ;Year used in conjuction with the Norton definition file below.
$Month = SubStr($navdef,1,2)
$Day = SubStr($navdef,3,2)

Select
Case $Month="01"
$Month="January"
Case $Month="02"
$Month="February"
Case $Month="03"
$Month="March"
Case $Month="04"
$Month="April"
Case $Month="05"
$Month="May"
Case $Month="06"
$Month="June"
Case $Month="07"
$Month="July"
Case $Month="08"
$Month="August"
Case $Month="09"
$Month="September"
Case $Month="10"
$Month="October"
Case $Month="11"
$Month="November"
Case $Month="12"
$Month="December"
EndSelect

:SIGNATURE ;Message stating current virus data information and warnings
$Selection = MessageBox("The current virus definition file date is "+$Month+" "+$Day+", "+$Year+Chr(10)+Chr(10)+"Do NOT Open, FORWARD, Or SAVE ANY E-MAIL with the following subject 'w32.magistr.24876"+Chr(64)+"mm'. Write down the sender's name and e-mail address, and the date/time stamp of the e-mail. Pass this information to the Help Desk. The e-mail must be deleted from the 'Inbox,' and also from the 'Deleted Items' folder."+Chr(10)+Chr(10)+"If you open an e-mail with this name or attachment; IMMEDIATELY DISCONNECT YOUR COMPUTER FROM THE NETWORK, (disconnect the LAN cable from the back of your computer) then contact your Workgroup Administrator/Manager and the Help Desk as soon as possible."+Chr(10)+Chr(10)+"Also be advised that the LIFESTAGES and FUNNY.TXT viruses are still being identified here at Niagara Falls and within the DOD."+Chr(10)+Chr(10)+"All AFRC PC users should be aware that they should be running a virus scan on their computers. And if they do open any virus infected e-mails, that they should contact their WGA And HelpDesk immediately. And that their system is considered infected and should be disconnected from the LAN until being sanitized and checked by the HelpDesk."+Chr(10)+Chr(10)+"DELETE THE MESSAGES IMMEDIATELY AND NOTIFY YOUR WGA AND THE HELPDESK!"+Chr(10)+Chr(10)+"Do you understand the importance of ensuring your Antivirus software is updated?","INFOCON: "+$INFOCON,4404)
If $Selection = 7
LogOff(1)
EndIf

:Virus ;This section checks for Norton Antivirus and gets the Scan Engine version.
$Norton=ExistKey ("HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Norton AntiVirus")
If $Norton<>0 ;Norton is not loaded
$Norton=1
Else
;This checks to see if the current definition is already present, when changing make sure to the the EXTENSION
;********************************************************************
If Exist ("C:\Program Files\Common Files\Symantec Shared\VirusDefs\$Year$NavDef.*") = 0
;********************************************************************

;This directory will contain the latest DAT files for Norton.
;********************************************************************
; Display some text strings
Shell @LDRIVE+"$NavDef"+"i32.EXE /q"
;********************************************************************
EndIf
EndIf

:NOANTIVIRUS ;Message stating that the antivirus software is not installed or needs to be reinstalled
;********************************************************************
If Exist ("C:\Program Files\Common Files\Symantec Shared\VirusDefs\$Year$NavDef.*") = 0
;********************************************************************

$Selection = MessageBox("WARNING... WARNING... WARNING..."+Chr(10)+Chr(10)+Chr(10)+"Your Norton Antivirus application needs to be upgraded."+Chr(10)+Chr(10)+" Contact your Workgroup Admininistrator immediately!"+Chr(10)+Chr(10)+"Click 'Yes', if you understand!","Norton Antivirus",4372)
If $Selection = 7
LogOff(1)
EndIf
EndIf

Thanks for the info and code sample. I appreciate all input on this subject. I'm looking though for a more robust method that takes action automatically without user intervention. I have probably 80% of the code completed already and Les has agreed to assist me with this off-line. When were finished we'll post the final script for further ideas or testing.

Thanks again.

code:

---

  
$SRVDEFS = ReadProfileString("\\"+$NAVSVR+"\VIRUSDEFS\Definfo.dat","DefDates","CurDefs")
$CLIDEFS = ReadProfileString("C:\Program Files\Common Files\Symantec Shared\VirusDefs\Definfo.dat","DefDates","CurDefs") 
IF $SRVDEFS <> $CLIDEFS
  $CLIENT = SUBSTR($CLIDEFS,1,LEN($CLIDEFS)-4)
  $SERVER = SUBSTR($SRVDEFS,1,LEN($SRVDEFS)-4)
  IF +$SERVER - +$CLIENT > 100
    $SYEAR = SUBSTR($SRVDEFS,1,LEN($SRVDEFS)-8)
    $SDAY = SUBSTR($SRVDEFS,7,LEN($SRVDEFS)-10)
    $SMONTH = SUBSTR($SRVDEFS,5,LEN($SRVDEFS)-10)
    $CYEAR = SUBSTR($CLIDEFS,1,LEN($CLIDEFS)-8)
    $CDAY = SUBSTR($CLIDEFS,7,LEN($CLIDEFS)-10)
    $CMONTH = SUBSTR($CLIDEFS,5,LEN($CLIDEFS)-10)
    BEEP
    BEEP
    SLEEP(1)
    BEEP
    BEEP
    SLEEP(1)
    BEEP
    BEEP
    SLEEP(1)
    $VERYOLDDEFS = MESSAGEBOX("Your antivirus definitions are several definitions behind.  The date of your definitions are $CMONTH/$CDAY/$CYEAR.  Current definitions are dated $SMONTH/$SDAY/$SYEAR.  Please open a ticket with x23000, they will need the date of your definitions and the date of the current definitions, both are listed above."+CHR(13)+ CHR(13)+"Failure to do so may cause your machine to be vulnerable to be infected by new viruses, and spreading them.  This information has been logged.","Norton AntiVirus Old Definitions Detected!!!",48)
    $OLDDEFS = REDIRECTOUTPUT("\\CONDAT02\DATABASE\LAN\LOGS\OLDDEFS.LOG",0)
    ? "@TIME @DATE @USERID @WKSTA defs dated $CMONTH/$CDAY/$CYEAR, server defs dated $SMONTH/$SDAY/$SYEAR."
    $OLDDEFS = REDIRECTOUTPUT("")
    $OLDDEFS = REDIRECTOUTPUT("%windir%\NAV.LOG",0)
    ? @DATE+" "+@TIME+" "+@USERID
    $OLDDEFS = REDIRECTOUTPUT("")
    AT ( 5,1) "Attempting to update Norton AntiVirus Definitions.  Please wait..."
  ELSE
    AT ( 5,1) "Updating Norton AntiVirus Definitions.  Please wait..."
  ENDIF
  IF @INWIN = 1
    $NAVPATH = "C:\PROGRAM FILES\NAVNT\"
  ELSE
    $NAVPATH = "C:\PROGRAM FILES\NORTON ANTIVIRUS\"
  ENDIF
  IF EXIST($NAVPATH+"VPDN_LU.EXE") <> 1  
    BEEP
    BEEP
    SLEEP(1)
    BEEP
    BEEP
    SLEEP(1)
    BEEP
    BEEP
    SLEEP(1)
    $MESSAGE = MESSAGEBOX("Unable to update your antivirus definitions due to missing files, this will cause your machine to be vulnerable to be infected by new viruses, and spreading them.  Please open a ticket with x23000 to have this issue resolved.  This information has been logged.","Norton AntiVirus Definition Update Error!!!",48)
    $LULOG = REDIRECTOUTPUT("\\CONDAT02\DATABASE\LAN\LOGS\LIVEUPDATE.LOG",0)
    ? "@TIME @DATE @USERID @WKSTA was unable to run liveupdate."
    $LULOG = REDIRECTOUTPUT("")
    COOKIE1
    EXIT
  ENDIF
  RUN CHR(34)+$NAVPATH+"VPDN_LU.EXE"+CHR(34)+"/S"
  SLEEP(1)
ELSE
  AT ( 5,1) "Virus definitions are current."
  SLEEP(1)
ENDIF

---

Things to help it be more robust...

Check if user is an Admin or not
Check if service is running or not
Path is wrong if Windows 2000 updated over the top of Win9x

This is just a small sample of things I'm working on covering in my script. Too much other work though for me to barely work on it.

@IF not exist %SYSTEMROOT%\1024i32.nav \\server\antivirus\updates\1024i32.exe
@del %systemroot%\*.nav
@copy \\server\antivirus\updates\1024i32.nav %SYSTEMROOT%\

the *.nav is a file I made

I'm sure cavemen have written more complex scripts than this one, but hey you gotta start somewhere.