Security Basics mailing list archives

Re: Antivirus on intranet network

From: Charalabidis Theodoros <labmice.list () googlemail com>
Date: Wed, 30 Nov 2005 17:29:04 +0200

Steven Meyer wrote:

hello,
I have a "Working" network who is totally disconnected (physically)
from the Internet.
people do the "search" on the "Internet " computers and then go on the
"work" computers for analyse and the store the data.
The Question is: I would need a anti virus on the "work" computers and
I should be able to update the virus database daily without connecting
any computer to the Internet.
Which anti virus should I use and How could I do the update.
Thanks for any help.
Steven Meyer

Dear Steven.....

I had exactly the same problem with "offline-updating" my intranet network.
I found many solutions with AV products (...well.... not with
"home-user" versions")
I will try to describe my solutions using the following products:
    1) McAfee VirusScan Enterprise ver 8.0i                           
   (near 11 MB)
    2) Symantec Antivirus Corporate Edition  ver  9.x or 10.x      (near
28 MB for ver 10.0.2)
    3) F-Secure Antivirus Client Security ver
6.01                        (near 39 MB)

*1st solution*: McAfee VirusScan Enterprise ver 8.0i
(http://www.mcafee.com/us/products/mcafee/antivirus/desktop/vs.htm)
*-For a Workgroup:*
  (Notes: before installing the McAfee VirusScan Enterprise ver 8.0i in
your Workgroup you might want to install McAfee Installation Designer
(sold separately) to make an installation that suites your needs
(password-protected,settings etc) and also McAfee Alert Manager (sold
separately) to receive alerts to a single computer)

    a)Install AV to all the computers you want to protect (manually or
with remote control). I don't recall if the installation ships with .msi
files (u can convert .exe to .msi with other programs)
    b)Install (if you want) the McAfee module which offers Antispyware
protection to the main AV (sold separately)
    c)Download the signatures update file from
http://www.mcafee.com/us/downloads/updates/default.asp
       it is a single exe file (for example 4400eng.exe from
http://download.nai.com/products/licensed/superdat/engine/intel/4400/4400eng.exe
    d)Run this single exe file to every computer.This update file (from
mcafee) support command line parametres for silent installation (no user
interaction).I update
        my intranet  running this file to every computer in the network
with freeware command-line psexec from www.sysinternals.com (or GFI
N.S.S which supports software distribution with no user interaction)
    e)DONE

*-For a Domain:
  *(Notes: You can still use all the above steps in your domain and have
the desired result. The following steps are only another method that
works in a domain env.)

    a)Install McAfee ePolicy Orchestrator 3.x.x from
http://www.mcafee.com/us/products/mcafee/mgmt_solutions/epo.htm (sold
separately) in one of your servers in the domain. With ePo (short for
ePolicy Orchestrator) you can pre-config and distribute the installation
to all your computers.
    b)Get the signatures update file from the McAfee site (see above)
    c)Distribute the update to the domain with ePo (and scan all
computers,get reports,change settings....whatever)
    d)DONE

*2nd solution: *Symantec Antivirus Corporate Edition
(http://enterprisesecurity.symantec.com/products/products.cfm?productid=155)

    a)Install product to computers
    b)Get the updates from Symantec site
(http://securityresponse.symantec.com/avcenter/download/pages/US-SAVCE.html)
        You can download either the file that looks like vd1efa10.xdb or
the one that looks like 20051129-016-x86.exe
    c)Install the signatures update file in all your computers. (The
.exe file is easier imho. I use psexec from sysinternals.com for
"destributing".Worked fine.)
    d)DONE

    You can also install Symantec Client Security 3.x and have a central
console for reports,alerts,signatures updating (offline,once you get the
.exe file) and more.
    These methods work both in workgroup and domain env.

*3rd solution:* F-Secure Antivirus Client Security ver 6.x (or earlier) 
(http://www.f-secure.com/products/anti-virus/fsavcs).You also will need
to get F-Secure Policy Manager 5.x or 6.x (sold separately) (gives you
reports,alerts, etc,etc)

    a)Install product to computers.
    b)Get the av signatures update file from F-Secure site
(http://download.f-secure.com/latest/latest.zip) and/or the latest
anti-spyware
       signatures (http://download.f-secure.com/latest/asw-latest.zip)
    c)Import the new signatures to F-Secure Policy Manager and
destribute the updates to all your computers.
    d)DONE

Works for both workgroups and domains.

ps: For prices, installation, how-tos, documentation, configuration and
other questions please see the sites of each company :-)
ps2:Sorry for my bad english

This is my little experience from different companies I have worked with
I hope you didn't fall asleep from my big e-mail

Charalabidis Theodoros

Current thread:

Re: Antivirus on intranet network Charalabidis Theodoros (Dec 01)
- Re: Antivirus on intranet network shrek-m () gmx de (Dec 02)
  - RE: Antivirus on intranet network Ryan Kubiak (Dec 02)
- <Possible follow-ups>
- Re: Antivirus on intranet network Mircea MITU (Dec 01)
  - RE: Antivirus on intranet network Hartmann (Dec 02)
- RE: Antivirus on intranet network Avila, David J (Dec 02)