Endpoint Analysis Antivirus Scan Package Autoupdate Scripts

Endpoint Analysis Antivirus Scan Package Autoupdate Scripts

Created: January 3, 2006

Updated: October 9, 2006

Description

The Access Gateway Advanced Edition features a command line executable called CtxEpaParamUpdate.exe, which can be used to update existing Scan Rule values. A practical application of this tool is the update of existing Endpoint Analysis Scan Rules defined for antivirus engine and/or virus signature (DAT) file versions.

A collection of Visual Basic scripts is provided in this article as an example of how to retrieve antivirus engine and DAT values from local installations or publicly accessible vendor Web sites, then automate the value retrieval as well as the Endpoint Analysis scan rule values using the aforementioned application and the Microsoft Windows Task Scheduler.

Prerequisites

Advanced Access Control version 4.0, 4.2, or 4.5 installed on Windows 2000 Server or Windows Server 2003.
All scripts are written in Visual Basic and utilize the Windows Script Host (WSH) provider.
Automation is provided for the update of Symantec, McAfee, or Trend EPA Package scan rules. These rules must be predefined as they are referenced by the scripts. If you are planning on retrieving antivirus values locally, the respective antivirus application for which you are creating Endpoint Analysis scan rules for must be installed locally.
An internet connection may be required to access the public Web repositories of specific antivirus vendors for value retrieval if local installation of the respective antivirus application is not desirable.

Installing the Antivirus Scan Package Autoupdate Scripts

Extract the attached .zip files that correspond to your version of Advanced Access Control to a temporary location on the Advanced Access Control server (this must be done on each Advanced Access Control server on the server farm) or choose the default extraction path of C:\Program Files\Citrix\Access Gateway\MSAMExtensions\Automation\AV\
Before you can use these automation scripts, you must create Endpoint Analysis scan rules for the antivirus software you are using with your deployment.
Refer to the Advanced Access Control Administrator’s Guide for more information on how to create Endpoint Analysis scans and corresponding rules in the Access Management Console. Make note of the scan name and the rule name you use as these values must be updated in the script constants.
There are several optional flags and constants that must be updated prior to script use. Please read through the description and the constants sections of the scripts to understand their functions and related requirements.

How to Use Endpoint Analysis Antivirus Scan Package Autoupdate Scripts

These scripts have two main functions:

• Retrieve update values from a local installation or remote antivirus vendor Web repository

• Update the Endpoint Analysis scan rule values utilizing the CtxEpaParamUpdate.exe utility

The syntax and parameters of this command are as follows:

CtxEpaParamUpdate <package_uri> <package_version> <scan_name> <rule_name> <param_name> <new_value>

CtxEpaParamUpdate Parameters:

<package uri> <package_version> - These values can be obtained by selecting the Scan Package in the Navigation pane and the Properties view in the Details pane while in the Advanced Access Control Access Suite Console. The URI is the full path as shown in the following graphic:

<scan_name> <rule_name> - These values represent the names of the configured Endpoint Analysis antivirus scan and respective rule. Copy the names of these entities (shown next to the red arrows in the following graphic) from the Access Suite Console to the script.

<param_name> <new_value> - To get these values, highlight the scan rule in the Navigation tree and change the Details pane view to Properties. The <new_value> should be the value you wish to update the specified parameter to.

Note: With the exception of the <package uri> and <package_version> parameters, all parameters must be enclosed in quotes. Below is an example execution string:

CtxEpaParamUpdate.exe http://www.citrix.com/EndPointAnalysisPackages/CitrixVSEMcAfee.cab 1.0 “Scan 1” “Rule 1” “PatternVersion” “4481”

-Or-

CtxEpaParamUpdate.exe http://www.citrix.com/EndPointAnalysisPackages/CitrixVSEMcAfee.cab 1.0 “Scan 1” “Rule 1” “EngineVersion” “4.4.00”

To automate the execution of these scripts, a scheduled task must be created with the Microsoft Windows Task Scheduler. Use the following procedure:

Go to Start > All Programs > Accessories > System Tools > Scheduled Tasks.

To create a scheduled task to run the script, browse to the location of the .vbs file.
Set the desired frequency interval.
Specify an account that the process context should run under. This account should be a local administrator account.

After the scripts have run once, a log file and a checkpoint file are created in the same directory the scripts are located in. The log displays the status of the execution and whether or not an update to the antivirus scan rule was made.

The checkpoint file is referenced by the script each time it runs to compare what the last retrieved value was to that on the repository source. If the latter is newer, the antivirus scan rule values are updated accordingly.

Note: If you are monitoring values in the Access Suite Console while running the scripts to ensure your rule values are updating properly, you must run Discovery on the Endpoint Analysis node of the Navigation tree by selecting this option in the Tasks pane.

Access Gateway Advanced Edition service packs, hotfixes, or version updates may contain newer versions of the Endpoint Analysis antivirus scan packages. Since the version numbers change when this occurs, the scripts must be updated to reflect that change because those values are currently hard-coded in the script.

Uninstalling Antivirus Scan Package Autoupdate Scripts

To remove the autoupdate scripts, remove the scheduled task entry for that script and delete the directory or files. You can also disable the script from running by clearing the Enabled check box in the task’s properties dialog in the Windows Task Scheduler (as shown in the following graphic):

Disclaimer

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support of ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the code.