Updater - by Alceu
Rodrigues de Freitas Junior (firstname.lastname@example.org), based on NAI
VirusScan DAT file auto updater criated by Bas Rijniersce (email@example.com)
Changelog: Please, check the links "Notes"
and "Change" in the download page
for more information about the new version
Norton Automatic Updater is a Perl script that looks for solving a
in Microsoft Windows networks: update workstations with Norton
Antivirus from a single point in the network.
The advantages in doing this:
NAU will check for newer versions of Intelligent Updater and will
download them from Symantec if the website version is newer than the
version that is being used in the site. Once downloaded, the file will
have its integrity checked with MD5sum and, if it is ok, NAU will
generate a a batch file (MS Windows user logon script) to update all
workstations of the LAN.
- The workstation will be forced to update Norton Antivirus,
through a logon script
from any user who logs in the network using it.
- You will avoid wasting bandwidth of the link to the
Internet, since the download will be done just once from Symantec
website, and this file will be shared in the intranet.
Symantec already has a product that manages all workstations updating
from a Windows NT server: NAU idea is to provide a choice with free
software to this issue and be avaiable to UNIX server running Samba as
the local PDC.
NAU is avaiable for free distribuition under the GNU GPL license (see
more information about the license in http://www.fsf.org).
NAU will not execute any activity directly in the workstations: it will
use a batch file to execute the Intelligent Updater in these machines.
It will not look for virus in these machines as well.
At the newer version, NAU will present the following features:
- Criate a log file, keeping all tasks executaded and it's
- MD5 integrity checking before putting the Inteligent
Updater file avaiable to the workstations.
- It creates a logon script independent to force Norton
Antivirus to be update in the workstations, or it can use a already
existent template, just including the newer comands after the template
NAU will need to run:
- An authentication server as PDC (both Microsoft Windows NT
- the Perl module LWP;
- the Perl module Digest::MD5;
It's possible to use a Windows NT server or a UNIX server with Samba
installed, if they are setup as PDC server, so users can do
authentication on it.
NAU will use the file sharing and authentication capabilities from the
PDC server to garantee that the antivirus software updating in a LAN.
Well, considering that NAU was written in Perl, and this a interpreted
programming language, it's quite natural that Perl must be installed in
Any decent UNIX like OS (Linux, FreeBSD, Solaris, AIX, etc) has Perl
installed by default. You can have more information about Perl at http://www.perl.com.
If you use Microsoft Windows NT, so you'll need to look for the Perl
version to this OS, located at http://www.activestate.com.
LWP is a Perl module that offers functions to access http, https and
ftp. Since version 1.6, NAU will use this module to substitute programs
like Wget and Lynx to check the webpage for updates and get the
Intelligent Updater file.
The use of this module permits that NAU will not be dependent of
external aplications and can be multiplataform software, since Perl and
Samba are avaiable to many operational systems.
The minimun version to use of this modules is 5.66: older
versions will not be work with NAU.
This Perl module substitute the program md5sum, responsable in version
prior to 1.6 to check Intelligent Update file integrity after
downloaded from Symantec.
If you use PGP, you can check the signature of the file for download.
My public key here.
The configuration of NAU is very simple.
First, you must have a directory that will be shared by the PDC server
and, for security reasons, as readonly permissions.
After that, you must setup the options to use logon script depending
aboth the server you're using (Microsoft NT or Samba).
After that, decompress the download file, as shown in the command
tar -xzvf nau-1.6.tar.gz /
This will expand NAU in /etc/ and /usr/sbin. The file nau.pl must be
put in /usr/sbin (for security reasons, the access to the script must
be hold to root only), and the configuration file nau.conf at /etc/.
A NAU client, for Microsoft Windows OS, will be decompressed at the
directory /nau_client. Copy this program to the same directory that you
be shared, as the Intelligent Updater file and this client will be
copied from here through the logon script.
All the NAU configuration of NAU must be done by the file
/etc/nau.conf. Read carefully the instructions given as comments in the
Once executed, NAU will connect to the Internet and check for newer
version of Intelligent Updater file, comparing the release date in te
website and the local file definition creation date. If the Intelligent
Updater is newer, it will be copied to the server, check about file
integrity, and then be put avaiable for users; the logon script will be
updated with the new values as well the local database (with the date
of creation of the Intelligent Update file last downloaded).
Bellow is a example of how the logon script, named as netlogon.bat
will look like:
NAU will generate a randomic number and create a file in the
workstation at c:\ using a file extension .lock.
Everytime somebody logs in the PDC server, the logon script will be
executed, and if the script found this file on C:\, it means the
workstation is already updated. Otherwise, the Intelligent Updater file
will be copied to the workstation hard disk, be executed, and the logon
script will create a .lock file.
if exist 2300141.lock goto ok
echo Running Norton Update file...
copy \\SERVER\NAU\naudb.exe /y
start /w naudb.exe /q
echo Dat file from: 1082601696 > 2300141.lock
echo Norton AntiVirus is up to date.
Since version 1.5, NAU permits the use of batch files templates.
Generally, these files are used by administrators to execute regular
system administration tasks. NAU will used these commands as a base to
create the batch file, and after will
include the commands necessary to update the workstation.
To use this function, simple include the existing logon script at the
directory where the update will be saved, renamed to netlogon.template.
These commands will be inserted in a new file, called netlogon.bat.
This allow commands that are executed regularly in the logon process of
each user can be maintened.
You will have to install the Perl modules LWP and Digest::MD5 as they
are part of the minimum requirements to NAU works.
This can be done by three manners, and despite I explain only the
installation of LWP module, the procedures are exactly the same to
- Through packages installation
These modules are largely used and are avaiable in the major
flavor. Some of them, as FreeBSD and Debian GNU Linux uses packages to
install software, and Perl is not different in this case. So on, it's
very possible that you will find a package about Perl and these modules
to make the installation. Generally, the packages are called LWP (or
libwww) and perl-digest-md5.
Well, the procedures will vary, so I will not list all of them here.
Please, check you UNIX documentation about this option.
This is the simplest method to install any module of Perl.
CPAN is a
repository with hundred of Perl modules, the module CPAN.pm is shipped
by default to all newer version of Perl, making the installation of
other modules very easy.
To install the LWP module, just execute the command bellow (in
perl -MCPAN -e shell
The first time you execute this module, it will make some
you, as about the Internet connection avaiable (directly or through a
proxy, since CPAN will download the module from CPAN website, or a
mirror). After this little setup, CPAN will show you a new shell. Just
It will make some new questions about LWP installation. If ou
doubt, just choose the default answers. If you're using a proxy server,
it may be possible that you get some test errors. If this happens, just
force install LWP
The test will be executed anyway, but LWP will be installed
even if one
or more of them fail. Beware that these tests may be crucial, so maybe
LWP will not work! Pay attention to the messages, and allways reply YES
to resolve the dependencies (there are some).
To install Digest::MD5 just repeat the steps given above,
initial command to:
- Through a direct download from CPAN
You can make the download from CPAN of LWP and Digest::MD5 at http://www.cpan.org.Generally
the file will be compressed with tar and gzip programs, so you just
have to follow the sequence bellow after the download in done:
mv lwp.tar.gz /usr/local
tar xzvf lwp.tar.gz
This method is a little trick, since you will need to solve
dependences alone, downloading and installing modules that LWP and
Digest::MD5 may ask for. Pay attention to the installation of them to
check these modules.
Finally, to run NAU, will must type at the shell:
Where path is a parameter, showing the location of
the configuration file nau.conf.
You should use a program as CRON to schedule searchs for new versions
of Intelligent Updater daily, or twice a day (at he beggining and at
the end of the day).
Besides bugs that may happen (despite NAU is very stable nowadays),
once the Intelligent Updater is executed, a dialog box in the
workstation is opened asking for user interaction (to accept or not the
updating). If the user push the CANCEL button, there is nothing NAU
could do about it.
This used to be a problem in versions before 1.5: NAU is shipped with a
Visual Basic client that push the OK button, allowing a really
automatic update, without user interaction. Since the client is written
in such proprietary program language, it's not portable to other
systems like Mac OS.
The client must be put in the same directory that will be shared the
Intelligent Updater: the batch file will copy the program if it does
not exists in the workstation.
Despite that, recently I received an email reporting that the use of
the VB program was not necessary: the executable file of Intelligent
Updater accepts an parameter ("/q") that allows the update to be
executed without user interaction. So on, newer version of NAU (17.1
and newer) will not be distribuited with the VB client. The logon
script was changed too, to attend this new demand.
Using a Windows NT server
Maybe you already have a Windows NT server running as a PDC in your
LAN. In theory you can run NAU in this OS, since you install Perl on
it, considering that Perl is not native in these systems.
I made some testing with version 5.6.1 build 631
of Active Perl (a port from Active State company), but I had some
problem with it. This version includes the module 5.51 of LWP, used in
NAU since version 1.6, and the minimum version of LWP to run NAU
sucessfully is 5.66.
Until the date of creation of this page, there was not a package in the
to update of LWP module, nowaday at version 5.62. This update could be
done manually or though CPAN module, but I have not tested it in a
Windows NT server with Active Perl installed. If you had sucess with
it, please let me know.
A better idea, otherwise, is to install Cygwin (http://www.redhat.com/downloads)
in the Windows NT server or install the Active Perl version 5.8, which
includes version 5.68 of LWP. I strongly recomend that you update your
version of Active Perl, if you use it.
You may use AT program from Windows NT to schedule NAU execution, or
use CRON , if you're using Cygwin.
This is possible, if the program uses the same process as Symantec to
update its systems: downloading the update file from the website,
copying it to a directory and/or executing it on the workstation.
The programs that I know that work like this:
I created a version of NAU to check and download updates from Mcafee
website, still in BETA version. You can
download MAU (Mcafee Automatic Updater) checking the link in the
I would like to thank the following persons who helped me to write NAU:
- Mauricio Kucaniz, who helped me testing all versions until
1.4, reporting me all the bugs that he founded
- Alex Esteves Jaccoud Falcão for creating the NAU
client for Microsoft OS.
- Thanks also to Lutfi (lutfi_arab at yahoo.com) for
reporting bugs in the version 1.7 and helping with these corrections