23March2009
Greetings.
Today I realized how I/one can always use
the most current McAfee superdat update with BartPE.
I copied the McAfee program directory from my Nov2008 BartPE CD
to a partition on one of my laptop harddrives;
then unpacked sdat5561 to the BartPE plugin directory;
then copied the new sdat files to the McAfee program directory;
then ran the scangui.exe from the McAfee program directory
on the harddrive after booting BartPE.
I will still put superdat on my BartPE CDs because you never know ...
but now I can always run the most recent superdat under BartPE
off a partition of the HDD on the laptop where BartPE is loaded.
It's always better to run such a scan when the HDD has no open files ...
I also discovered that this also allows me to run the superdat under BartPE
on my dinosaur laptop (PII 233mhz / 160mb RAM)
which would not run the superdat off of the BartPE CD.
Not a bad day's work ...
Regards,
AEN
Æ
Full Version: Keeping BartPE up to date with McAfee superdat
Sounds good I am going to try it.
But first I am trying to find out how to get the McAfee command line utility referred to here:
http://www.tweaksforgeeks.com/Barts_PE_McAfee_Setup.html
Is there an executable to look for?
Or is the scanner executable simply included inthe sdat file?
[downloading the dat now]
But first I am trying to find out how to get the McAfee command line utility referred to here:
http://www.tweaksforgeeks.com/Barts_PE_McAfee_Setup.html
Is there an executable to look for?
Or is the scanner executable simply included inthe sdat file?
[downloading the dat now]
Hi Rajiv
superdatxxxx.exe contains scan.exe (>sdatxxxx.exe /e to extract)
scangui.exe makes it easy to apply the various options to scan.exe
(looks like your link refers to the same version 1.03 as in the MCAfee plugin by Bart Lagerweij)
example from a batch file (not scangui.exe) below
regards
Mike Barnes
superdatxxxx.exe contains scan.exe (>sdatxxxx.exe /e to extract)
scangui.exe makes it easy to apply the various options to scan.exe
(looks like your link refers to the same version 1.03 as in the MCAfee plugin by Bart Lagerweij)
example from a batch file (not scangui.exe) below
CODE
SCAN.EXE /adl /unzip /sub /analyze /panalyze /clean /all /del /PROGRAM /mime /HTML "ScanReport.HTML"
regards
Mike Barnes
Unfortunately, the last time I looked, the latest Superdat was Jan 9 of this year....
DD
DD
Hi DD
McAfee superdat av update files are released several times a week
I check regularly for updates of this and other files at www.majorgeeks.com
regards
Mike Barnes
McAfee superdat av update files are released several times a week
I check regularly for updates of this and other files at www.majorgeeks.com
regards
Mike Barnes
QUOTE (DaDuck @ Apr 16 2009, 04:14 PM) 
Unfortunately, the last time I looked, the latest Superdat was Jan 9 of this year....
That sounds more like McAfee Avert Stinger and while it doesn't get updated frequently is was updated 4/9/09.
You're right....... I was referring to McAfee Stinger.
DD
DD
Speaking of Stinger, and it's random updating pattern, it would be very helpful if we could automate the current download.
Can anyone complete the delims and token sections of this script so it will work? I am totally inept at setting these up.
Can anyone complete the delims and token sections of this script so it will work? I am totally inept at setting these up.
CODE
setlocal ENABLEDELAYEDEXPANSION
:: Download the Stinger page
wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file number
for /f "delims=download.nai.com" %%i in ('grep.exe -i download.nai.com default.aspx') do (
for /f "delims=stinger tokens=10" %%a in ("%%i") do (
set nbr_portion=%%~na
) )
del default.aspx
if "%nbr_portion%"=="" (
echo Stinger pattern unavailable
pause
)
:: Download the current antivirus pattern
wget.exe -N -nv http://download.nai.com/products/mcafee-avert/stinger%nbr-portion%.exe
:: Download the Stinger page
wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file number
for /f "delims=download.nai.com" %%i in ('grep.exe -i download.nai.com default.aspx') do (
for /f "delims=stinger tokens=10" %%a in ("%%i") do (
set nbr_portion=%%~na
) )
del default.aspx
if "%nbr_portion%"=="" (
echo Stinger pattern unavailable
pause
)
:: Download the current antivirus pattern
wget.exe -N -nv http://download.nai.com/products/mcafee-avert/stinger%nbr-portion%.exe
Can you post the output of:
jaclaz
CODE
grep.exe -i download.nai.com default.aspx
jaclaz
Sure!! Thanks jaclaz 
Is that the actual default.aspx or the output of grep?
What should I extract from the file?
This:
i.e. this:
jaclaz
What should I extract from the file?
This:
QUOTE
Download v10.0.1.624 [4,129,799 bytes] (07/06/2009)
http://download.nai.com/products/mcafee-av...nger1001624.exe
http://download.nai.com/products/mcafee-av...nger1001624.exe
i.e. this:
CODE
<li><a href="http://download.nai.com/products/mcafee-avert/stinger1001624.exe">Download
v10.0.1.624</a> [4,129,799 bytes] (07/06/2009)</li>
v10.0.1.624</a> [4,129,799 bytes] (07/06/2009)</li>
jaclaz
QUOTE (jaclaz @ Sep 15 2009, 02:33 PM)
Is that the actual default.aspx or the output of grep?
The actual default.aspx.
QUOTE
What should I extract from the file?
What I was thinking was just the download filename's number portion. ie 1001624 But the whole file name would work also.
QUOTE
CODE
<li><a href="http://download.nai.com/products/mcafee-avert/stinger1001624.exe">Download
v10.0.1.624</a> [4,129,799 bytes] (07/06/2009)</li>
v10.0.1.624</a> [4,129,799 bytes] (07/06/2009)</li>
Yup, that's the line I was trying to trap.
Thank you for looking at this jaclaz.
The file's date could be a useful additional piece to capture if it's not too much effort.
Some possible ways:
VERSION #3 (besides being the most complex/complete) should be the best one, as it should compensate for possible changes on the home page.
There is not any need to use GREP
, default.aspx is the file you posted, default.htm is the actual page downloaded and renamed to .htm.
jaclaz
CODE
@ECHO OFF
SETLOCAL ENABLEEXTENSIONS
CLS
ECHO VERSION1:
For /F "tokens=1,2 delims==x" %%A IN ('find "download.nai.com/products/mcafee-avert/st" default.aspx') DO (
ECHO.
IF NOT %%B.==. ECHO %%Bxe"
)
PAUSE&CLS
ECHO VERSION 2:
For /F "tokens=3 delims==>" %%? IN ('find "download.nai.com/products/mcafee-avert/st" default.htm') DO (
ECHO.
IF NOT %%?.==. ECHO %%?
)
PAUSE&CLS
ECHO VERSION 3:
For /F "tokens=1,2,3,4,5,6,7,8,9 delims=<>" %%A IN (FINDSTR /R "stinger[0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.exe" default.htm') DO SET LINE=%%A%%B%%C%%D%%E%%F%%G%%H%%I
SET LINE=%Line:"=#%
For /F "tokens=2 delims=#" %%? IN ("%LINE%") DO SET LINE="%%?"
SET LINE
CALL :name %LINE%
SET NAME
SET DATE
GOTO :EOF
:name
SET NAME=%~nx1
FOR /F "tokens=2 delims=r." %%? IN ("%NAME%") DO SET DATE=%%?
GOTO :EOF
PAUSE
SETLOCAL ENABLEEXTENSIONS
CLS
ECHO VERSION1:
For /F "tokens=1,2 delims==x" %%A IN ('find "download.nai.com/products/mcafee-avert/st" default.aspx') DO (
ECHO.
IF NOT %%B.==. ECHO %%Bxe"
)
PAUSE&CLS
ECHO VERSION 2:
For /F "tokens=3 delims==>" %%? IN ('find "download.nai.com/products/mcafee-avert/st" default.htm') DO (
ECHO.
IF NOT %%?.==. ECHO %%?
)
PAUSE&CLS
ECHO VERSION 3:
For /F "tokens=1,2,3,4,5,6,7,8,9 delims=<>" %%A IN (FINDSTR /R "stinger[0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.exe" default.htm') DO SET LINE=%%A%%B%%C%%D%%E%%F%%G%%H%%I
SET LINE=%Line:"=#%
For /F "tokens=2 delims=#" %%? IN ("%LINE%") DO SET LINE="%%?"
SET LINE
CALL :name %LINE%
SET NAME
SET DATE
GOTO :EOF
:name
SET NAME=%~nx1
FOR /F "tokens=2 delims=r." %%? IN ("%NAME%") DO SET DATE=%%?
GOTO :EOF
PAUSE
VERSION #3 (besides being the most complex/complete) should be the best one, as it should compensate for possible changes on the home page.
There is not any need to use GREP
, default.aspx is the file you posted, default.htm is the actual page downloaded and renamed to .htm. jaclaz
Wow!! I can't wait to try these. THANK YOU!!
In the 1st two scripts you have double equal signs after the delim parm, is that deliberate?
As for GREP, how do you propose the script gets the current default.aspx? The file's name and link I got from the McAfee home page.
In the 1st two scripts you have double equal signs after the delim parm, is that deliberate?
QUOTE (jaclaz @ Sep 16 2009, 07:35 AM)
There is not any need to use GREP , default.aspx is the file you posted, default.htm is the actual page downloaded and renamed to .htm.
, default.aspx is the file you posted, default.htm is the actual page downloaded and renamed to .htm.As for GREP, how do you propose the script gets the current default.aspx? The file's name and link I got from the McAfee home page.
Yes in the first the delims are EQUAL and X, in the second they are EQUAL and GREATER.
There isn't a way (that I know of) to have DOUBLE QUOTES as delims.
You get the default.aspx through WGET, don't you?
jaclaz
There isn't a way (that I know of) to have DOUBLE QUOTES as delims.
You get the default.aspx through WGET, don't you?
jaclaz
QUOTE (jaclaz @ Sep 16 2009, 01:16 PM)
You get the default.aspx through WGET, don't you?
As a matter of fact I do, so why did you mention GREP??
QUOTE (Ed_P @ Sep 16 2009, 09:03 PM)
As a matter of fact I do, so why did you mention GREP??
You posted this snippet
:QUOTE
setlocal ENABLEDELAYEDEXPANSION
:: Download the Stinger page
wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file number
for /f "delims=download.nai.com" %%i in ('grep.exe -i download.nai.com default.aspx') do (
for /f "delims=stinger tokens=10" %%a in ("%%i") do (
set nbr_portion=%%~na
) )
del default.aspx
if "%nbr_portion%"=="" (
echo Stinger pattern unavailable
pause
)
:: Download the current antivirus pattern
wget.exe -N -nv http://download.nai.com/products/mcafee-av...br-portion%.exe
:: Download the Stinger page
wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file number
for /f "delims=download.nai.com" %%i in ('grep.exe -i download.nai.com default.aspx') do (
for /f "delims=stinger tokens=10" %%a in ("%%i") do (
set nbr_portion=%%~na
) )
del default.aspx
if "%nbr_portion%"=="" (
echo Stinger pattern unavailable
pause
)
:: Download the current antivirus pattern
wget.exe -N -nv http://download.nai.com/products/mcafee-av...br-portion%.exe
Where is Waldo?
jaclaz
This works.
StingerUpd.cmd
Thank you
jaclaz And now that it is working I will play with the 3rd script. Lots of new stuff there.
StingerUpd.cmd
CODE
@echo off&Title Update Stinger&Color 17&MODE CON COLS=70 LINES=44
set utils=%cd%\MyFiles\
setlocal ENABLEEXTENSIONS
:STINGER
:: Download the Virus Pattern page
%utils%wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file name
:: jaclaz http://www.911cd.net/forums//index.php?s=&showtopic=22781&view=findpost&p=158994
For /F "tokens=1,2 delims==x" %%A IN ('find "download.nai.com/products/mcafee-avert/st" default.aspx') DO (
set URL=%%Bxe"
)
del default.aspx
set file_name=%URL:~-19,-1%
if not "%file_name:~-3%"=="exe" (
echo Stinger file unavailable
echo.
goto Error )
if exist %cd%\plugin\Stinger\%file_name% (
echo Stinger file current
echo.
goto END )
:: Update the plugin file
if exist %cd%\plugin\Stinger\*.exe del %cd%\plugin\Stinger\*.exe
%utils%wget.exe -N -nv %URL%
if errorlevel==1 goto Error
move %file_name% %cd%\plugin\Stinger\
goto END
:Error
Color cf
echo Update File error
echo Press any key to exit.
pause > nul
exit
:END
::echo.
echo Update File finished.
echo.
endlocal
if %1!==! pause
set utils=%cd%\MyFiles\
setlocal ENABLEEXTENSIONS
:STINGER
:: Download the Virus Pattern page
%utils%wget -q http://vil.nai.com/vil/stinger/default.aspx
:: Find the pattern's file name
:: jaclaz http://www.911cd.net/forums//index.php?s=&showtopic=22781&view=findpost&p=158994
For /F "tokens=1,2 delims==x" %%A IN ('find "download.nai.com/products/mcafee-avert/st" default.aspx') DO (
set URL=%%Bxe"
)
del default.aspx
set file_name=%URL:~-19,-1%
if not "%file_name:~-3%"=="exe" (
echo Stinger file unavailable
echo.
goto Error )
if exist %cd%\plugin\Stinger\%file_name% (
echo Stinger file current
echo.
goto END )
:: Update the plugin file
if exist %cd%\plugin\Stinger\*.exe del %cd%\plugin\Stinger\*.exe
%utils%wget.exe -N -nv %URL%
if errorlevel==1 goto Error
move %file_name% %cd%\plugin\Stinger\
goto END
:Error
Color cf
echo Update File error
echo Press any key to exit.
pause > nul
exit
:END
::echo.
echo Update File finished.
echo.
endlocal
if %1!==! pause
Thank you
jaclaz And now that it is working I will play with the 3rd script. Lots of new stuff there.
QUOTE (Ed_P @ Sep 18 2009, 04:19 PM)
Thank you jaclaz And now that it is working I will play with the 3rd script. Lots of new stuff there.
jaclaz And now that it is working I will play with the 3rd script. Lots of new stuff there. You are welcome.
Problem with the first two is that if using FIND, we need to use it on "download.nai.com/products/mcafee-avert/st", part of the "full address":
QUOTE
http://download.nai.com/products/mcafee-avert/stinger1001624.exe
as it is the "minimum" that avoids "confusion" with other links or text on the page.
So, if for any reason macafee changes the path to something like:
QUOTE
http://download.nai.com/downloads/mcafee-avert/stinger1001624.exe
OR it introduces on the page a new link like:
QUOTE
http://download.nai.com/products/mcafee-avert/strangelove.exe
the script won't be good anymore.
Using FINDSTR we can use a regular expression:
QUOTE
stinger[0-9][0-9][0-9][0-9][0-9][0-9][0-9]\.exe
which means:
a text that has string "stinger" as the first 7 characters, followed by 7 Numeric characters, followed by a "."(dot), followed by string "exe".
This should hopefully give us more probabilities of compatibility with future versions of both the file and page.
jaclaz
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.