NAU

NAU - Norton Automatic Updater

 
What it is
What it isn't
Features
Basic requirements
Download
How to setup
Know bugs
Supported antivirus
Thanks



Norton Automatic Updater - by Alceu Rodrigues de Freitas Junior (glasswalk3r@yahoo.com.br), based on NAI VirusScan DAT file auto updater criated by Bas Rijniersce (bas@brijn.nu)



Changelog: Please, check the links "Notes" and "Change" in the download page for more information about the new version


What it is

Norton Automatic Updater is a Perl script that looks for solving a common issue in Microsoft Windows networks: update workstations with Norton Antivirus from a single point in the network.

The advantages in doing this:
  1. The workstation will be forced to update Norton Antivirus, through a logon script from any user who logs in the network using it.
  2. You will avoid wasting bandwidth of the link to the Internet, since the download will be done just once from Symantec website, and this file will be shared in the intranet.
NAU will check for newer versions of Intelligent Updater and will download them from Symantec if the website version is newer than the version that is being used in the site. Once downloaded, the file will have its integrity checked with MD5sum and, if it is ok, NAU will generate a a batch file (MS Windows user logon script) to update all workstations of the LAN.

Symantec already has a product that manages all workstations updating from a Windows NT server: NAU idea is to provide a choice with free software to this issue and be avaiable to UNIX server running Samba as the local PDC.

NAU is avaiable for free distribuition under the GNU GPL license (see more information about the license in http://www.fsf.org).

What it isn't

NAU will not execute any activity directly in the workstations: it will use a batch file to execute the Intelligent Updater in these machines.
It will not look for virus in these machines as well.

Features

At the newer version, NAU will present the following features:

Basic requirements

NAU will need to run:
  1. An authentication server as PDC (both Microsoft Windows NT and Samba);
  2. Perl;
  3. the Perl module LWP;
  4. the Perl module Digest::MD5;

PDC server

It's possible to use a Windows NT server or a UNIX server with Samba installed, if they are setup as PDC server, so users can do authentication on it.
NAU will use the file sharing and authentication capabilities from the PDC server to garantee that the antivirus software updating in a LAN.

Perl

Well, considering that NAU was written in Perl, and this a interpreted programming language, it's quite natural that Perl must be installed in the server. Any decent UNIX like OS (Linux, FreeBSD, Solaris, AIX, etc) has Perl installed by default. You can have more information about Perl at http://www.perl.com.
If you use Microsoft Windows NT, so you'll need to look for the Perl version to this OS, located at http://www.activestate.com.

LWP.pm

LWP is a Perl module that offers functions to access http, https and ftp. Since version 1.6, NAU will use this module to substitute programs like Wget and Lynx to check the webpage for updates and get the Intelligent Updater file. The use of this module permits that NAU will not be dependent of external aplications and can be multiplataform software, since Perl and Samba are avaiable to many operational systems. The minimun version to use of this modules is 5.66: older versions will not be work with NAU.

Digest::MD5.pm

This Perl module substitute the program md5sum, responsable in version prior to 1.6 to check Intelligent Update file integrity after downloaded from Symantec.

Download

If you use PGP, you can check the signature of the file for download. My public key here.

How to setup

The configuration of NAU is very simple.
First, you must have a directory that will be shared by the PDC server and, for security reasons, as readonly permissions.
After that, you must setup the options to use logon script depending aboth the server you're using (Microsoft NT or Samba).

After that, decompress the download file, as shown in the command bellow:
tar -xzvf nau-1.6.tar.gz /
This will expand NAU in /etc/ and /usr/sbin. The file nau.pl must be put in /usr/sbin (for security reasons, the access to the script must be hold to root only), and the configuration file nau.conf at /etc/. A NAU client, for Microsoft Windows OS, will be decompressed at the directory /nau_client. Copy this program to the same directory that you be shared, as the Intelligent Updater file and this client will be copied from here through the logon script.

All the NAU configuration of NAU must be done by the file /etc/nau.conf. Read carefully the instructions given as comments in the file.

Once executed, NAU will connect to the Internet and check for newer version of Intelligent Updater file, comparing the release date in te website and the local file definition creation date. If the Intelligent Updater is newer, it will be copied to the server, check about file integrity, and then be put avaiable for users; the logon script will be updated with the new values as well the local database (with the date of creation of the Intelligent Update file last downloaded). Bellow is a example of how the logon script, named as netlogon.bat will look like:
@echo off
c:
if exist 2300141.lock goto ok
del *.lock
echo Running Norton Update file...
copy \\SERVER\NAU\naudb.exe /y
start /w naudb.exe /q
del naudb.exe
echo Dat file from: 1082601696 > 2300141.lock
:ok
echo Norton AntiVirus is up to date.
exit
NAU will generate a randomic number and create a file in the workstation at c:\ using a file extension .lock. Everytime somebody logs in the PDC server, the logon script will be executed, and if the script found this file on C:\, it means the workstation is already updated. Otherwise, the Intelligent Updater file will be copied to the workstation hard disk, be executed, and the logon script will create a .lock file.

Since version 1.5, NAU permits the use of batch files templates. Generally, these files are used by administrators to execute regular system administration tasks. NAU will used these commands as a base to create the batch file, and after will include the commands necessary to update the workstation. To use this function, simple include the existing logon script at the directory where the update will be saved, renamed to netlogon.template. These commands will be inserted in a new file, called netlogon.bat. This allow commands that are executed regularly in the logon process of each user can be maintened.

You will have to install the Perl modules LWP and Digest::MD5 as they are part of the minimum requirements to NAU works.
This can be done by three manners, and despite I explain only the installation of LWP module, the procedures are exactly the same to Digest::MD5:

These modules are largely used and are avaiable in the major UNIX flavor. Some of them, as FreeBSD and Debian GNU Linux uses packages to install software, and Perl is not different in this case. So on, it's very possible that you will find a package about Perl and these modules to make the installation. Generally, the packages are called LWP (or libwww) and perl-digest-md5. Well, the procedures will vary, so I will not list all of them here. Please, check you UNIX documentation about this option.

This is the simplest method to install any module of Perl. CPAN is a repository with hundred of Perl modules, the module CPAN.pm is shipped by default to all newer version of Perl, making the installation of other modules very easy.

To install the LWP module, just execute the command bellow (in the shell):

perl -MCPAN -e shell

The first time you execute this module, it will make some questions to you, as about the Internet connection avaiable (directly or through a proxy, since CPAN will download the module from CPAN website, or a mirror). After this little setup, CPAN will show you a new shell. Just type:

install LWP

It will make some new questions about LWP installation. If ou are in doubt, just choose the default answers. If you're using a proxy server, it may be possible that you get some test errors. If this happens, just type:

force install LWP

The test will be executed anyway, but LWP will be installed even if one or more of them fail. Beware that these tests may be crucial, so maybe LWP will not work! Pay attention to the messages, and allways reply YES to resolve the dependencies (there are some).

To install Digest::MD5 just repeat the steps given above, changing the initial command to:

install Digest::MD5

You can make the download from CPAN of LWP and Digest::MD5 at http://www.cpan.org.Generally the file will be compressed with tar and gzip programs, so you just have to follow the sequence bellow after the download in done:

mv lwp.tar.gz /usr/local
tar xzvf lwp.tar.gz
cd lwp
perl Makefile.PL
make
make test
make install

This method is a little trick, since you will need to solve all dependences alone, downloading and installing modules that LWP and Digest::MD5 may ask for. Pay attention to the installation of them to check these modules.

Finally, to run NAU, will must type at the shell:

nau.pl /path/nau.conf
Where path is a parameter, showing the location of the configuration file nau.conf.
You should use a program as CRON to schedule searchs for new versions of Intelligent Updater daily, or twice a day (at he beggining and at the end of the day).

Know bugs

Besides bugs that may happen (despite NAU is very stable nowadays), once the Intelligent Updater is executed, a dialog box in the workstation is opened asking for user interaction (to accept or not the updating). If the user push the CANCEL button, there is nothing NAU could do about it.

This used to be a problem in versions before 1.5: NAU is shipped with a Visual Basic client that push the OK button, allowing a really automatic update, without user interaction. Since the client is written in such proprietary program language, it's not portable to other systems like Mac OS. The client must be put in the same directory that will be shared the Intelligent Updater: the batch file will copy the program if it does not exists in the workstation.

Despite that, recently I received an email reporting that the use of the VB program was not necessary: the executable file of Intelligent Updater accepts an parameter ("/q") that allows the update to be executed without user interaction. So on, newer version of NAU (17.1 and newer) will not be distribuited with the VB client. The logon script was changed too, to attend this new demand.

Using a Windows NT server

Maybe you already have a Windows NT server running as a PDC in your LAN. In theory you can run NAU in this OS, since you install Perl on it, considering that Perl is not native in these systems. I made some testing with version 5.6.1 build 631 of Active Perl (a port from Active State company), but I had some problem with it. This version includes the module 5.51 of LWP, used in NAU since version 1.6, and the minimum version of LWP to run NAU sucessfully is 5.66.

Until the date of creation of this page, there was not a package in the site http://www.activestate.com to update of LWP module, nowaday at version 5.62. This update could be done manually or though CPAN module, but I have not tested it in a Windows NT server with Active Perl installed. If you had sucess with it, please let me know.

A better idea, otherwise, is to install Cygwin (http://www.redhat.com/downloads) in the Windows NT server or install the Active Perl version 5.8, which includes version 5.68 of LWP. I strongly recomend that you update your version of Active Perl, if you use it.
You may use AT program from Windows NT to schedule NAU execution, or use CRON , if you're using Cygwin.

Supported antivirus


This is possible, if the program uses the same process as Symantec to update its systems: downloading the update file from the website, copying it to a directory and/or executing it on the workstation.

The programs that I know that work like this:
I created a version of NAU to check and download updates from Mcafee website, still in BETA version. You can download MAU (Mcafee Automatic Updater) checking the link in the download section.

Thanks

I would like to thank the following persons who helped me to write NAU:

Programming Republic of Perl SourceForge.net Logo Valid HTML 4.01 Transitional