Help - Search - Members - Calendar
Full Version: Pe Builder Mcafee Change To Newest Virus Def.
The CD Forum > Bart's PE Builder > Plugins
richtertheo
PE Builder is working fine for me.
In Mcafee-plugin from time to time I want to change only the virus definitions to newest sdatxxxx.exe /e.
Is there a way to change only these files in an existing image and not do the whole procedure creating a complete new iso?
I tried Ultra-ISO to simply change the files, but got bluescreen when booting with this CD.

Regards
richtertheo
backfolder
Hi richtertheo,
I think that keeping the main structure as a back-up, i.e: in your hard disk or partition, may help. So you only need to update newest files before create the image in the Bartīs way (no Nero or something). Use a Cd-RW.
Itīs my idea.

backfolder,
richtertheo
For better understanding.
I am looking for a comfortable way, to change only the plugin Mcafee files inside the image and then burn the same ISO with updated virus defintions.
I donīt want to do always the same long procedure and create the whole image complete new everytime. Ultra-ISo donīt work, Isobuster can only extract out of an image, not backwards.
Maybe somebody knows a working software for this?

Regards
richtertheo
DigiWiz
smile.gif

Rebuilding the ISO using ISO apps has met with limited success for many - so I took a different approach, which is at least as fast if not faster than using ISOBuster, et. al.

First, I copied mkisofs.exe & cygwin1.dll to my winPE folder (probably PEBuilder for you). This is to rebuild the ISO after you've updated the virus defs. Please note that these are the folders that PEBuilder has newly BUILT, NOT the original folders which contain the plugins, etc.

Note my directory structure is modified from the original - if placed on c:\, yours likely looks similar to:

pebldr
---|---Documents and Settings
---|---i386
---|---Programs
---|------mcafee
---|------f-prot
---|------stinger
---|------adaware

etc.

My structure is:

winPE
---PE-f
------|---Documents and Settings
------|---i386
------|---Programs
------|------mcafee
------|------f-prot
------|------stinger
------|------adaware
---VirusDefs
---winPE-ISOs

(I also have a PE-m subfolder - PE-f for FULL CD version, PE-m for a mini-CD version, but the principles are the same...)

So to update my virus defs, I simply download all the latest files into my VirusDefs folder, and extract all the zips to this same folder (leaving stinger alone of course)

I then execute this small .bat file I made which copies ONLY the necessary files (that is, only the files which already exist in the mcafee (etc.) folder from the VirusDefs folder)... it looks like this for my folder structure - modify for your own:

xcopy /u/y C:\winPE\VirusDefs\*.* C:\winPE\PE-f\Programs\f-prot
xcopy /u/y C:\winPE\VirusDefs\*.* C:\winPE\PE-f\Programs\mcafee
xcopy /u/y C:\winPE\VirusDefs\*.* C:\winPE\PE-f\Programs\adaware
xcopy /u/y C:\winPE\VirusDefs\*.* C:\winPE\PE-f\Programs\stinger

This takes a fraction of a second. Next I just execute another .bat file which contains the commands to rebuild the ISO... mine looks like:

C:\winPE\mkisofs.exe -iso-level 4 -volid "DigiWIz-PE" -A DigiWiz-PE -sysid "Win32" -b bootsect.bin -no-emul-boot -boot-load-size 4 -hide bootsect.bin -hide boot.catalog -o "C:\winPE\winPE-ISOs\winPE.iso" "C:\winPE\PE-f"

This re-builds the ISO with the latest updates and places the ISO in a sub-folder called winPE-ISOs. I keep the two .bat files in my VirusDefs folder, so I can execute them one after the other.

So, when I update my virus defs (mostly using mini-CDRWs), I simply:

1) download virus defs to the VirusDefs folder
2) extract all the zips
3) execute the CopyAntiVirusUpdates.bat file
4) execute the MakeWinPE-ISO.bat file

Your ISO is now updated and ready to burn

Of course, you'll have to modify the commands slightly to account for your directory structure, but this should be easy...

You can also combine the .bat files into one file which will copy your updates AND rebuild your ISO in one step in a few seconds.

DW

Ad-aware:
http://www.lavasoft.de/update/refs/reflist.zip

F-prot:
ftp://us-1.updates.f-prot.com/pub/fp-def.zip
ftp://us-1.updates.f-prot.com/pub/macrdef2.zip

McAfee Stinger:
http://download.nai.com/products/mcafee-av...ert/stinger.exe

McAfee AntiVirus
ftp://ftp.nai.com/CommonUpdater/

At the McAfee AntiVirus FTP site, you'll see a file with the naming convention dat-43xx.zip (for example dat-4305.zip). It contains all you'll need to update your winPE virus defs... saving about 2.2mb vs the sdat43xx.exe file


smile.gif
backfolder
hi DigiWiz,
Thanx for your wide explain. I wonder if I need to install the whole McAfee AV (which consist of 20 or 30 mb) or there is another smaller stand-alone prog.
Any advices?

Iīve just found this small file engmin.zip in the NAI ftp site youīve listed before, should this work as a scanner?

Thanx again!
Trey
Posted in Plugin repository, but still waiting for moderator approval....

After reading Jman's Auto Updating Stinger. I decided to do the same thing with Mcafee Commandline Antivirus. Great idea Jman! One problem though. I use the "/extra parameter with scan.exe to specify including the new dat file when scanning. However, my virus dat files are still too new, so in the results.txt file that is created after scan, it says 0 new viruses will be detected using the newly downloaded scan.dat in ramdrive. I try again next week to see if it's actually detected new viruses. But in case you wanted to try it here's what you do.

Copy wget.exe to plugins\mcafee\files
Create and place update.cmd in plugins\mcafee\files

update.cmd

CODE
@Echo off
REM Had to copy wget.ext to ramdrive because ftp list are saved in the
REM directory where wget.exe resides. Maybe there's a way to specify
REM saving list files in ramdrive but I haven't figured that out yet.
REM Maybe we can CD into %ramdrv% then from there, call
REM wget.exe.  This is assuming that the ftp list file gets saved in the
REM currect working directory.  I'll try that later and post results.
copy %systemdrive%\programs\mcafee\wget.exe %ramdrv%

REM You must be in the ramdrive to execute wget.exe otherwise it will use
REM the currect drive:\directory to save list data
%ramdrv%

REM Get latest Mcafee virus dats from ftp
wget.exe --output-document=%ramdrv%\sdat.exe ftp://ftp.nai.com/CommonUpdater/sdat*.exe
if errorlevel 1 goto :ERROR
goto :EXTRACT

:ERROR
ECHO.
ECHO Could not download latest virus definitions, please check internet connection
ECHO.
got :END

:EXTRACT
REM Extract files to ramdrive
%ramdrv%\sdat.exe /e %ramdrv%\~scandat
ECHO Dat files have been extracted
ECHO Try running mcafee scan now.
goto :END

:END
REM Clean up unnecessary files in ramdrive
del %ramdrv%\sdat.exe > nul
del %ramdrv%\wget.exe > nul
REM Copy the dat files and delete the rest
md scandat
cd %ramdrv%\~scandat
copy *.dat %ramdrv%\scandat > nul
echo Y | del *.* > nul
cd..
rd ~scandat
ECHO.
ECHO FINISHED!
PAUSE



new mcafee.inf

CODE
; mcafee.inf
; PE Builder v3 plug-in INF file for McAfee commandline virus scanner
; Created by Bart Lagerweij
; added update support by Trey Tesoro

[Version]
Signature= "$Windows NT$"

[PEBuilder]
Name="McAfee VirusScan for Win32"
Enable=1
Help="mcafee.htm"

[WinntDirectories]
a="Programs\mcafee",2

[SourceDisksFiles]
files\sdat*.exe=a,,1
files\avparam.dll=a,,1
files\bootscan.exe=a,,1
files\clean.dat=a,,1
files\license.dat=a,,1
files\mcscan32.dll=a,,1
files\mctool.exe=a,,1
files\messages.dat=a,,1
files\names.dat=a,,1
files\rwabs16.dll=a,,1
files\rwabs32.dll=a,,1
files\scan.dat=a,,1
files\scan.exe=a,,1
files\scan86.exe=a,,1
files\scanpm.exe=a,,1
files\signlic.txt=a,,1
files\update.cmd=a,,1
files\wget.exe=a,,1

[Append]
nu2menu.xml, mcafee_nu2menu.xml



new mcafee_nu2menu.xml

CODE
<!-- Nu2Menu entry for McAfee Command Line VirScan -->
<NU2MENU>
    <MENU ID="Programs">      
 <MITEM TYPE="POPUP" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\*.*))" MENUID="Virus">McAfee Anti-Virus scanner</MITEM>
    </MENU>

    <MENU ID="Virus">
 <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\scan.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\mcafee\scan.exe /extra @GetEnvVar('temp')\scandat\scan.dat /adl /noexpire /rpterr /report @GetEnvVar('temp')\scan.txt">Scan all drives (report)</MITEM>
 <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\scan.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\mcafee\scan.exe /extra @GetEnvVar('temp')\scandat\scan.dat /adl /all /noexpire /rpterr /report @GetEnvVar('temp')\scan.txt">Scan all drives, all files (report)</MITEM>
 <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\scan.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\mcafee\scan.exe /extra @GetEnvVar('temp')\scandat\scan.dat /adl /noexpire /clean /rpterr /report @GetEnvVar('temp')\scan.txt">Scan all drives, clean (report)</MITEM>
 <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\scan.exe))" CMD="RUN" FUNC="@GetProgramDrive()\Programs\mcafee\scan.exe /extra @GetEnvVar('temp')\scandat\scan.dat /adl /all /noexpire /clean /rpterr /report @GetEnvVar('temp')\scan.txt">Scan all drives, all files, clean (report)</MITEM>
 <MITEM TYPE="SEPARATOR"></MITEM>
 <MITEM TYPE="ITEM" CMD="RUN" PARM="3" FUNC="@GetWinDir()\system32\notepad.exe @GetEnvVar('temp')\scan.txt">View report</MITEM>
 <MITEM TYPE="SEPARATOR"></MITEM>
 <MITEM TYPE="ITEM" CMD="RUN" FUNC="@GetEnvVar('ComSpec') /c del @GetEnvVar('temp')\scan.txt">Delete report file</MITEM>
 <MITEM TYPE="SEPARATOR"></MITEM>
 <MITEM TYPE="ITEM" DISABLED="@Not(@FileExists(@GetProgramDrive()\Programs\mcafee\update.cmd))"CMD="RUN" FUNC="@GetProgramDrive()\Programs\mcafee\update.cmd">Download latest virus dat</MITEM>
    </MENU>
</NU2MENU>



Please read the remarks in the batch file. It explains why I did what I did with wget.exe and somethings I'll try different which you can try.

Enjoy.
Svenska
QUOTE (Trey @ Nov 22 2003, 02:37 PM)
Posted in Plugin repository, but still waiting for moderator approval....

There are already several McAfee plugins out there with auto updaters & the works. Also as far as rebuilding the ISO goes one just has to download the dat & put it in the temp working folder that the ISO is built from & let PE Builder rebuild the ISO which is the bottom radio button on the 1st screen when PE Builder 1st starts up.

There are many PE Builder websites out there with many plugins so before you go on building any more why don't you save yourself some time & look around.
DigiWiz
QUOTE (Svenska @ Nov 23 2003, 02:33 PM)
QUOTE (Trey @ Nov 22 2003, 02:37 PM)
Posted in Plugin repository, but still waiting for moderator approval....

There are already several McAfee plugins out there with auto updaters & the works. Also as far as rebuilding the ISO goes one just has to download the dat & put it in the temp working folder that the ISO is built from & let PE Builder rebuild the ISO which is the bottom radio button on the 1st screen when PE Builder 1st starts up.

There are many PE Builder websites out there with many plugins so before you go on building any more why don't you save yourself some time & look around.

I actually had a reason for updating and rebuilding the way I did - it is three-fold:

1) This method can be easily used by users who do not have XP or 2003, or access to either one;

2) I have (as perhaps do many others) dialup, so auto-updating is not an option.

3) This method does not require a complete rebuild by PEBuilder, having it go through all it's gyrations - which on my older machine takes about 5 minutes. I can build a new antivirus-updated ISO in about 15 seconds this way. Just one more way to "skin a cat."

wink.gif
Dogboy75024
I must be lucky , I have been able to change and update files inside the ISO with UltraISO v6.5 . I delete the files from the ISO first, then insert the new ones and save file. I tried Magic ISO before but it would truncate long file names and things wouldn't work.
Svenska
QUOTE (DigiWiz @ Nov 23 2003, 04:09 PM)
QUOTE (Svenska @ Nov 23 2003, 02:33 PM)
QUOTE (Trey @ Nov 22 2003, 02:37 PM)
Posted in Plugin repository, but still waiting for moderator approval....

There are already several McAfee plugins out there with auto updaters & the works. Also as far as rebuilding the ISO goes one just has to download the dat & put it in the temp working folder that the ISO is built from & let PE Builder rebuild the ISO which is the bottom radio button on the 1st screen when PE Builder 1st starts up.

There are many PE Builder websites out there with many plugins so before you go on building any more why don't you save yourself some time & look around.


3) This method does not require a complete rebuild by PEBuilder, having it go through all it's gyrations - which on my older machine takes about 5 minutes. I can build a new antivirus-updated ISO in about 15 seconds this way. Just one more way to "skin a cat."

wink.gif

No REBUILDING is required just recreate the ISO after you drop the sdat*.exe in your temp working folder and create the ISO.

I can't see how it can get any easier than this and apparently Bart agree's as it's already included in PE Builder v3.0.16 and above.

The following is quoted from Bart's page

> Updated mcafee plugin, now also adding the superdat (sdat*.exe) file.

You can go ahead & keep reinventing the wheel if you like.
evilvoice
actually, svenska, what that means is that the sdat*.exe is included in your iso, not in pebuilder. He cant include sdat until mcaffee says so.
DigiWiz
smile.gif

Svenska et. al. :

Not really trying to reinvent the wheel - just trying something that might be useful to those of us dolts who still have to live with dialup, and can't auto-update using broadband.

Yes, using UltraISO will work if you delete everything inside, and re-add the files, then re-save. It is not much trouble to do so, and works well. But lets' examine which is faster and simpler.

We'll use the example of a dialup user (for whom this method is geared) who must manually download the virus defs (McAfee dat-43xx.zip, McAfee Stinger, F-Prot (2 files), and Ad-aware. Once the files are placed in the VirusDefs folder, this is where the philosophy diverges (though in the end accomplishes the same thing).

Once those five files (4 zips and an exe) are in the VirusDefs Folder - I execute ONE .bat file which 1) unzips all the zips, 2) copies ONLY the necessary files from VirusDefs to the appropriate Programs folder, and 3) builds the ISO all in ONE step. I used my mouse once (double-clicked) to extract/move/&build the ISO with updated virus defs using the All-In-One .bat file.

Using the UltraISO method, you have to:

01) Extract the zips
02) identify which files belong in which folders (not all files belong or are necessary in the McAfee folder for example)
03) move them to their individual folders
04) open UltraISO
05) navigate your way through the buttons and dialogue windows to open the ISO
06) delete the files
07) drill down to where the new files are in the directory structure
08) select them all
09) drag them to the top portion
10) then save...

all in all, at least 20 mouse clicks.

Not all files contained in sdat*.exe or the 40% smaller dat-43xx.zip (contains all the necessary virus defs) by any means belong in the respective antivirus folders, and though do no harm, I'm a stickler when it comes to having extra garbage files which serve no purpose taking up space, especially when I've geared much of my winPE disc building to using mini-CDs... so the .bat files ONLY copy the files absolutely necessary for the AV to function...

Then, I took a stop watch and timed each procedure:

To build the ISO using msisofs.exe and my All-In-One bat file (includes extracting ZIPs and copying files) took anywhere from 37-55 seconds.

To build the ISO using UltraISO took consistently 95 seconds (I have a slow 500mHz machine but the comparison is useful in a relative sense). The 95 seconds did include the time it took to open UltraISO, navigate to the ISO, open it, delete, navigate to where the new files/folders reside, add them, then save... at a pace I considered to be normal. It did not include the time to extract the zips, identify and move the appropriate files.

So, if I had a choice between accomplishing the identical task using one-step vs twenty or more steps, and it was also faster - I'm opting for the one-click option.

And yes, I'm anal.

OK, enough about updating AV defs! wink.gif

rolleyes.gif
Rickj
Try this mcafee plugin. It uses wget to download the latest sdat from mcafee to your ramdisk, extracts it, and scans the pc. It works great!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.