From eScan Wiki
Revision as of 09:38, 28 October 2010 WikiSysop (Talk | contribs) ← Previous diff |
Current revision WikiSysop (Talk | contribs) |
||
Line 49: | Line 49: | ||
# [[#anchor18|<font color="blue">How can I schedule download of updates by eScan Clients from eScan Server?</font>]] | # [[#anchor18|<font color="blue">How can I schedule download of updates by eScan Clients from eScan Server?</font>]] | ||
# [[#anchor19|<font color="blue">My eScan clients are unable to get updates from eScan server, once I log out from eScan server?</font>]]<br/> | # [[#anchor19|<font color="blue">My eScan clients are unable to get updates from eScan server, once I log out from eScan server?</font>]]<br/> | ||
+ | # [[#anchor20|<font color="blue">My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?</font>]]<br/> | ||
- | + | # '''How frequently is eScan's Virus Database updated?''' <span id="anchor1"></span><br/><br/>'''Answer:'''<br/> | |
- | # '''How frequently is eScan Virus Database updated?''' <span id="anchor1"></span><br/><br/>'''Answer:'''<br/> | + | |
The Web and FTP sites are normally updated once every day.<br> | The Web and FTP sites are normally updated once every day.<br> | ||
- | On certain occasions they may be updated more frequently in response to a virus epidemic eg. the Love-Bug virus.<div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div><br/><ol start="2"> | + | On certain occasions, they may be updated more frequently, in response to a virus epidemic (eg. the Love-Bug virus).<div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div><br/><ol start="2"> |
<li>'''How do we update eScan with the latest virus updates?'''<span id="anchor2"></span><br/><br/>'''Answer:'''<br/>eScan automatically keeps its virus database updated.<br> | <li>'''How do we update eScan with the latest virus updates?'''<span id="anchor2"></span><br/><br/>'''Answer:'''<br/>eScan automatically keeps its virus database updated.<br> | ||
It checks for availability of the Internet connection. If it detects that Internet connectivity is present, it then checks to see if a new update is available.<br> | It checks for availability of the Internet connection. If it detects that Internet connectivity is present, it then checks to see if a new update is available.<br> | ||
Line 98: | Line 98: | ||
<br><br>Alerts can be customized as per the Event ID generated by Live Alert:<br><br> | <br><br>Alerts can be customized as per the Event ID generated by Live Alert:<br><br> | ||
* Open the <B>Eupdate.ini</B> file from <B>\Program files\eScan</B> folder and search for the below entries:<br> | * Open the <B>Eupdate.ini</B> file from <B>\Program files\eScan</B> folder and search for the below entries:<br> | ||
- | IgnoreEventIds= <br><br> | + | ::'''IgnoreEventIds=''' <br><br> |
(This entry will stop / ignore a particular event id to be broadcasted from the client system to the eScan server. <B>Note:-</B>The settings should be done on the system of which the event is required to be stopped).<br><br> | (This entry will stop / ignore a particular event id to be broadcasted from the client system to the eScan server. <B>Note:-</B>The settings should be done on the system of which the event is required to be stopped).<br><br> | ||
- | eg: IgnoreEventIds= 102,152<br><br> | + | ::'''eg: IgnoreEventIds= 102,152'''<br><br> |
- | [The local system will not broadcast the Endpoint security (Event id=102) &<br> File AntiVirus(Event id=152) to the eScan Server]. | + | [The local system will not broadcast the Endpoint security (Event id=102) &<br> File AntiVirus(Event id=152) to the eScan Server]. |
---- | ---- | ||
- | SendOnlyEventIds= | + | ::'''SendOnlyEventIds=''' <br> |
- | (This entry will only broadcast a particular event id to the eScan Server. <br><B>Note:-</B>The settings should be done on the system of which the event is required to be broadcasted). | + | (This entry will only broadcast a particular event id to the eScan Server. <br><B>Note:-</B>The settings should be done on the system of which the event is required to be broadcasted).<br> |
- | + | ::'''eg: SendOnlyEventIds=102,152'''<br> | |
- | eg: SendOnlyEventIds=102,152 | + | The local system will broadcast only the Endpoint security (Event id=102) & <br> |
- | The local system will broadcast only the Endpoint security (Event id=102) & <br>File AntiVirus(Event | + | File AntiVirus (Event id=152) events to the eScan Server). <br> |
- | id=152)events to the eScan Server). | + | |
- | + | ||
---- | ---- | ||
- | IgnoreEventIdsServToServ= | + | ::'''IgnoreEventIdsServToServ=''' <br> |
(This entry is valid for stopping the broadcast of a particular event alerts from one eScan server to another eScan Server. For instance from a secondary eScan server to a primary eScan server. <B>Note:-</B>The settings should be done on the system of the eScan server of which the event is required to stopped). | (This entry is valid for stopping the broadcast of a particular event alerts from one eScan server to another eScan Server. For instance from a secondary eScan server to a primary eScan server. <B>Note:-</B>The settings should be done on the system of the eScan server of which the event is required to stopped). | ||
- | IgnoreEventIdsServToServ=102,152 | + | ::'''IgnoreEventIdsServToServ=102,152''' <br> |
---- | ---- | ||
- | SendOnlyEventIdsServToServ= | + | ::'''SendOnlyEventIdsServToServ=''' <br> |
(This entry is valid for broadcasting a paritcular event alerts only from one eScan server to another eScan Server. <B>Note:-</B>The settings should be done on the local system of the eScan server of which the event is required to be broadcasted). | (This entry is valid for broadcasting a paritcular event alerts only from one eScan server to another eScan Server. <B>Note:-</B>The settings should be done on the local system of the eScan server of which the event is required to be broadcasted). | ||
- | SendOnlyEventIdsServToServ=102,152 | + | ::'''SendOnlyEventIdsServToServ=102,152''' <br> |
For multiple event id's to be added in the above entry (,)as a separator should be used.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | For multiple event id's to be added in the above entry (,)as a separator should be used.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
Line 165: | Line 163: | ||
<li>'''How can I schedule download of updates by eScan Clients from eScan Server?'''<span id="anchor18"></span><br/><br/>'''Answer:'''<br/>On client side it queries to the Management Console after every 60 Minutes. This setting is not present in the GUI but you can find this setting in '''eupdate.ini''' file under '''\program files\eScan''' folder and the entry is '''"VersionRequestTime=60"'''.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | <li>'''How can I schedule download of updates by eScan Clients from eScan Server?'''<span id="anchor18"></span><br/><br/>'''Answer:'''<br/>On client side it queries to the Management Console after every 60 Minutes. This setting is not present in the GUI but you can find this setting in '''eupdate.ini''' file under '''\program files\eScan''' folder and the entry is '''"VersionRequestTime=60"'''.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
<li>'''My eScan clients are unable to get updates from eScan server, once I log out from eScan server?'''<span id="anchor19"></span><br/><br/>'''Answer:'''<br/>When a user logs out from an eScan server, the EMC service ('''ESERV.EXE''') will stop to run in Application Mode and automatically restart in Service Mode. However, it will take three minutes to restart the EMC service after the user has log out from the eScan Server. Therefore, after three minutes, the eScan clients will be able to get updates from the eScan Server.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | <li>'''My eScan clients are unable to get updates from eScan server, once I log out from eScan server?'''<span id="anchor19"></span><br/><br/>'''Answer:'''<br/>When a user logs out from an eScan server, the EMC service ('''ESERV.EXE''') will stop to run in Application Mode and automatically restart in Service Mode. However, it will take three minutes to restart the EMC service after the user has log out from the eScan Server. Therefore, after three minutes, the eScan clients will be able to get updates from the eScan Server.<br/><div style="text-align: right;">[[#topindex|<font color=“blue”>Back to Top</font>]]</div></li><br/> | ||
- | + | <li>'''My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?'''<span id="anchor20"></span><br/><br/>'''Answer:'''<br/> | |
- | + | Yes, its '''ONLY''' due to the firewall. Please exclude the blow ports from your firewall. | |
- | + | <br> | |
+ | :'''a.''' Port range from 1023 to 2023 '''(tcp)''' | ||
+ | :'''b.''' 3333, 2021, 2222 , 2225 , 2227 '''(tcp)''' | ||
+ | :'''c.''' 2001 '''(udp)''' | ||
+ | |||
+ | <br> | ||
+ | Also, you need to make small change in the '''eserv.ini''' file. Please add the below entries in the GENERAL SECTION of '''eserv.ini''' file.<br><br> | ||
+ | '''[General]'''<br> | ||
+ | '''AddPassivePort=1'''<br> | ||
+ | '''StartingPassivePort=1023'''<br> | ||
+ | '''NoofPassivePorts=1000'''<br> | ||
+ | '''Ser_Pasv_IPAddr=server ip'''<br> | ||
+ | <br> | ||
+ | '''Note:-''' '''[General]''' is the section name and that should be already there. Only four above entries need to be add there. | ||
+ | <br> | ||
------------- | ------------- | ||
<span class="plainlinks neverexpand"><div style="text-align: right;">[[Escan/english/eScan-FAQ |<font color=“blue”>Back to FAQs Main Page</font>]]</div></span><br/> | <span class="plainlinks neverexpand"><div style="text-align: right;">[[Escan/english/eScan-FAQ |<font color=“blue”>Back to FAQs Main Page</font>]]</div></span><br/> |
Current revision
| · eScan · MailScan · Technologies | · Technical Info · Security Awareness · User Guides |
Index
Updating eScan Virus Signature Database
- How frequently is eScan's Virus Database updated?
- How does eScan performs updates?
- Can we configure the frequency of update-checks?
- Can eScan download updates via FTP or HTTP? Will it work through my normal Proxy or SOCKS Proxy Server?
- Can eScan download updates through my Firewall?
- How eScan does performs updates?
- How much time does eScan take to update?
- How do eScan Clients get updated?
- Does eScan updates flow across different networks, sub-networks?
- How can I download updates for my eScan clients version 9 from an eScan Server version 10?
- How can I check that eScan has recently updated?
- Does eScan gives total virus protection from all latest viruses?
- I receive lots of SPAM emails which is not detected by eScan. How can I update the eScan Anti-Spam database?
- How does Client Live Updater in eScan Management Console work?
- How do I get cumulative updates for eScan & MailScan?
- How does eScan get updates from ISA Proxy Server?
- How often does the eScan Management server download updates from internet?
- How can I schedule download of updates by eScan Clients from eScan Server?
- My eScan clients are unable to get updates from eScan server, once I log out from eScan server?
- My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?
- How frequently is eScan's Virus Database updated?
Answer:
The Web and FTP sites are normally updated once every day.
- How do we update eScan with the latest virus updates?
Answer:
eScan automatically keeps its virus database updated.
It checks for availability of the Internet connection. If it detects that Internet connectivity is present, it then checks to see if a new update is available.
If new updates are available, they are downloaded and implemented automatically.
The default frequency for update checks is currently set at 1-hour intervals, but can be manually configured for other periods as per the customer's requirements. - Can we configure the frequency of update-checks?
Answer:
Yes. - Can eScan download updates via FTP or HTTP? Will it work through my normal Proxy or SOCKS Proxy Server?
Answer:
Yes. - Can eScan download updates through my Firewall?
Answer:
Yes. Either using HTTP downloads or using Passive FTP. - What size update files does eScan have?
Answer:
eScan uses an incremental update process. This allows it to only download the new virus signatures and append it to the existing anti-virus database.
This is normally a very fast operation with minimal impact on your Internet connection bandwidth and is a huge advantage when compared to other products that must re-download the entire anti-virus database file each time. - How much time does eScan take to update?
Answer:
Due to the nature of incremental updates, the download files required by eScan is very small in size.
Hence, it would not take more than 5-10 minutes for a complete download on a (slow) modem connection. But it also depends on your connectivity to the Internet. - How do eScan Clients get updated?
Answer:
As soon as an eScan Client starts, it will look for (poll for) an eScan Server. This operation is similar to how a DHCP Client looks out for a DHCP Server.
As soon as the Client receives the IP address of the eScan Server, it will send update requests to the eScan Server at pre-specified time intervals. - Does eScan updates flow across different networks, sub-networks?
Answer:
Yes, provided you install atleast one eScan Server in each of the other networks OR install the eScan Server on the Gateway PC.
If you have installed eScan Servers on multiple networks, then you should configure one eScan Server as the Master eScan Server. The other eScan Servers can then be configured to pick up their updates from the Master eScan Server.
This will reduce the impact on your Internet connection's bandwidth, and also the load on the main eScan Server. - How can I download updates for my eScan clients version 9 from an eScan Server version 10?
Answer:
To download updates for eScan clients version 9 from an eScan Server version 10, follow the steps below:
- a. Open the eupdate.ini of the eScan Server from \Program files\escan\ directory or the eScan installed directory,
- b. search for "DoNotAllowDownload=" entry.
- c. Default entry will be
- d. You have to remove all the values and save the eupdate.ini file. The value should be
- e. And start downloading the udpates.
- f. It will store Verion 9 updates in \pub\update folder (share name is escanupd$)
- g. And the Version 10 updates will be stored under \pub\avx folder (share name is escanavx$ )
- h Whenever a eScan client or server version 9 will download the updates from eScan version 10 server it will choose the \pub\update path which is default one. And version 10 client will choose the \pub\avx path to download the other signatures.
- a. Open the eupdate.ini of the eScan Server from \Program files\escan\ directory or the eScan installed directory,
- How can I check that eScan has recently updated?
Answer:
In eScan version 9, if you right click on " 'e " icon in the system tray, there is an option of "View log files".Click on the "View Download Log" option to check the status of the updates. Or place the mouse pointer on the " e " icon (on the taskbar). Here it will display the date when the software was last updated.
In eScan version 10, open the eScan Protection Center and click on Update. In this window, you can see the date of the Last Database updated. Also, you can click on View Log (under Report in the same window) to check the AV-signature files downloaded. Or just move the mouse cursor over the Red Color eSan Monitor icon, which will display the information. - Does eScan gives total virus protection from all latest viruses?
Answer:
Yes, since eScan is updated on a daily basis with all the latest virus information, it gives you round-the-clock 100% protection. - I receive lots of SPAM emails which is not detected by eScan / Mailscan. How can I update the eScan Anti-Spam database?
Answer:
Forward the emails considered to be spam to . After the Lab analysis of the email, we shall update our Antispam database and will be available in our next daily updates.
NOTE: Select the "Forward as an attachment" option in your email clients to send the email. - How does Client Live Updater in eScan Management Console work?
Answer:
The Parent/Primary server will get live event alerts, like processes executed on the client system, in the Client Live Updater tab of the eScan Management console.It will receive live alerts from:
- a. Client belonging to Parent/Primary server.
- b. Secondary/Child server
- c. Client of Secondary/Child server. (these client alert will also be available in the Secondary/Child server)
Overall, such event alerts in a network can be viewed from Primary/Parent server.
Alerts can be customized as per the Event ID generated by Live Alert:
- Open the Eupdate.ini file from \Program files\eScan folder and search for the below entries:
- IgnoreEventIds=
- IgnoreEventIds=
(This entry will stop / ignore a particular event id to be broadcasted from the client system to the eScan server. Note:-The settings should be done on the system of which the event is required to be stopped).
- eg: IgnoreEventIds= 102,152
- eg: IgnoreEventIds= 102,152
[The local system will not broadcast the Endpoint security (Event id=102) &
File AntiVirus(Event id=152) to the eScan Server].
- SendOnlyEventIds=
- SendOnlyEventIds=
(This entry will only broadcast a particular event id to the eScan Server.
Note:-The settings should be done on the system of which the event is required to be broadcasted).
- eg: SendOnlyEventIds=102,152
- eg: SendOnlyEventIds=102,152
The local system will broadcast only the Endpoint security (Event id=102) &
File AntiVirus (Event id=152) events to the eScan Server).
- IgnoreEventIdsServToServ=
- IgnoreEventIdsServToServ=
(This entry is valid for stopping the broadcast of a particular event alerts from one eScan server to another eScan Server. For instance from a secondary eScan server to a primary eScan server. Note:-The settings should be done on the system of the eScan server of which the event is required to stopped).
- IgnoreEventIdsServToServ=102,152
- IgnoreEventIdsServToServ=102,152
- SendOnlyEventIdsServToServ=
- SendOnlyEventIdsServToServ=
(This entry is valid for broadcasting a paritcular event alerts only from one eScan server to another eScan Server. Note:-The settings should be done on the local system of the eScan server of which the event is required to be broadcasted).
- SendOnlyEventIdsServToServ=102,152
- SendOnlyEventIdsServToServ=102,152
- a. Client belonging to Parent/Primary server.
- How do I get cummulative updates for escan & mailscan?
Answer:
1. ESUPDATEBD for eScan version 10.x and MailScan 6.x is a cumulative update of the latest signatures. It is for users who do not have access to the network or internet to download daily updates for eScan / MailScan. When you download this file and run it, it will update the eScan's / MailScan's signature database.
Please Note: Signatures included in the esupdatebd.exe are only applicable for eScan Version 10.x and MailScan 6.x.
Download Link for esupdateBD
OR
2. ESUPDATE for eScan Version 9.x and MailScan 5.x is a cumulative update of the latest signatures. It is for users who do not have access to the network or internet to download daily updates for eScan / MailScan. When you download this file and run it, it updates the eScan's / MailScan's signature database.
Please Note: Signatures included in the esupdate.exe are only applicable for eScan Version 9x and MailScan 5x
Download Link for esupdate
OR
- How eScan can take updates from ISA Proxy Server?
Answer:
For eScan to take updates from ISA Proxy server the following step need to be carry out at ISA proxy server
- Open the ISA management console.
- Expand the Server -> Policy Elements -> Client Address sets in the ISA tree.
- Create a Client address set named “eScan”. Enter the IP address of the server on which the eScan is installed. If it is installed on the ISA Server itself , make sure that the IP address specified is the internal IP address of the server (the private ISA server IP address).
- Open the ISA management console.
Expand the Access Policy object, and create a new rule in Protocol Rules.
- Right-click Protocol Rules, and then click New, name as eScan update rule.
- Select Rule action as allow , and then click Next.
- Select apply this rule to selected protocol and select ftp & http, and then click Next.
- Select always in use this schedule option, and click Next.
- Select specific computers, click Next.
- Add eScan in the client sets, click Next.
- Click Finish.
- Right-click Protocol Rules, and then click New, name as eScan update rule.
- How often the eScan Management server should download the updates from the internet?
Answer:
By default, eScan Management Console download the updates after every 120 minutes. If it doesn't update successfully after 120 minutes, it will retry. - How can I schedule download of updates by eScan Clients from eScan Server?
Answer:
On client side it queries to the Management Console after every 60 Minutes. This setting is not present in the GUI but you can find this setting in eupdate.ini file under \program files\eScan folder and the entry is "VersionRequestTime=60". - My eScan clients are unable to get updates from eScan server, once I log out from eScan server?
Answer:
When a user logs out from an eScan server, the EMC service (ESERV.EXE) will stop to run in Application Mode and automatically restart in Service Mode. However, it will take three minutes to restart the EMC service after the user has log out from the eScan Server. Therefore, after three minutes, the eScan clients will be able to get updates from the eScan Server. - My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?
Answer:
Yes, its ONLY due to the firewall. Please exclude the blow ports from your firewall.
- a. Port range from 1023 to 2023 (tcp)
- b. 3333, 2021, 2222 , 2225 , 2227 (tcp)
- c. 2001 (udp)
Also, you need to make small change in the eserv.ini file. Please add the below entries in the GENERAL SECTION of eserv.ini file.
[General]
AddPassivePort=1
StartingPassivePort=1023
NoofPassivePorts=1000
Ser_Pasv_IPAddr=server ip
Note:- [General] is the section name and that should be already there. Only four above entries need to be add there.