Real-World Scripting: Automate the Download of Virus Definition Files

As the number of new viruses increases, so do the number of virus definition updates. With the script FTPDefs.pl, you can automatically download virus definition files to your users’ workstations.

Dick Lewis

August 23, 2000

4 Min Read
ITPro Today logo in a gray background | ITPro Today


Your boss asks you to write a script that automatically downloads Symantec virus definition files from Symantec's FTP server to users' workstations. Historically, an administrator kept the virus definition files current on the users' workstations by checking the Symantec Web site daily and downloading any new definitions. Symantec typically posts updates weekly, but when a deluge of new viruses occurs (e.g., when the VBS.LoveLetter worm and its copycat viruses hit), Symantec posts updates more frequently.

Corporate policy requires that you test any new virus definition files in the IT lab before you download them onto users' workstations. This policy rules out using the autoupdate feature that Symantec has built into its antivirus software. So, you collaborate with the administrator and determine you need to write a script that

  • Connects to the FTP site and determines whether Symantec posted a new virus definition file

  • Downloads any new file into a central directory on an administrative server

  • Notifies the server's administrator by email and pager that a downloaded file is available for testing

  • Emails and pages the administrator if a logon or other type of failure occurs in the FTP operation

  • Emails and pages the administrator if the script can't locate a file posted within the past 14 days

  • Runs as a scheduled task without any user interaction

With the script requirements in hand, you use an FTP utility to connect to the Symantec site to determine the path to the directory in which Symantec posts new virus definition files. This directory contains more than 100 files that Symantec has posted on various dates for various OSs. Each update's filename consists of the file's posting date and the OS for which Symantec wrote that file. For example, a file posted on April 10 for Win32 OSs has the filename 0410i32.exe.

With this information, you write the following pseudocode for your script. (For information about pseudocoding, see my two-part article "Getting Started in NT Shell Scripting," March and April 2000.)

  1. Connect to the Symantec Web site.

  2. Go to the download directory.

  3. Capture all the filenames in that directory with the Dir command.

  4. Filter the resulting list of filenames to determine whether it contains a filename with the current date and correct OS.

  5. If the list contains a filename with the current date and correct OS, determine whether the administrative server already has a copy of that file. If a copy exists, exit the script. If a copy doesn't exist, use the Get command to copy that file onto the administrative server and send the administrator an email and a page specifying that a downloaded file is ready for testing.

  6. If the list doesn't contain a filename with the current date and correct OS, repeat Steps 4 and 5, except use the previous day's date. Continue this process until the script either finds a file with the specified date or checks all the files posted in the past 14 days. (This threshold needs to be configurable.)

  7. If the script doesn't find a file that has been posted in the past 14 days, page the administrator with an error message. Because Symantec typically posts files weekly, a two-week gap might indicate a change in Symantec's directory structure or a script error.

Using the pseudocode, you write the script FTPDefs.pl. Listing 1 contains an excerpt that shows the code that checks filenames for the current date and correct OS. You can find the entire script in the Code Library on the Win32 Scripting Journal Web site at http://www.win32scripting.com/. FTPDefs.pl includes comments to help you understand the code.

I wrote and tested FTPDefs.pl for use on machines running Windows NT Server 4.0 Service Pack 5 (SP5) or later or machines running NT Workstation SP5 or later. To run the script, you need to install ActivePerl build 522 (http://www.activestate.com/), the Net::FTP extension (http://www.activestate.com/), and the Mail::Sendmail extension (http://www.cpan.org/) on the machine on which you'll execute the script.

Here are the steps to customize FTPDefs.pl for your system:

  1. Configure the SMTP server that will handle sending the pages and emails.

  2. Configure the maximum number of dates you want to check before the script sends an error message to the administrator. (FTPDefs.pl is currently set to 14.)

  3. Configure the email and pager addresses, subjects, and messages that you want to send to the administrator and any other person who needs notification messages. Note that you need to configure these addresses, subjects, and messages in four subroutines (i.e., Page, Mail, ErrorPage, and ErrorPage2) in the script.

  4. If the script will be running on a server or workstation that is behind a firewall, carefully review the Net::FTP documentation to get the correct settings and syntax so that the new virus definition files get through the firewall.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like