[unisog] How often to pull anti virus updates from vendors

Martin Radford Martin.Radford at bristol.ac.uk
Wed Dec 5 18:46:36 GMT 2001

On Wed, 5 Dec 2001, William D. Colburn (aka Schlake) wrote:

> We pulls files nightly, and they are installed everywhere pretty
> quickly.  A cron job downloads updates from NAI/Mcafee and puts them on
> into a samba share so that Mcafee will find them.

We mirror the required files from NAI's server on a weekly basis to a
server from which around 40 staff systems pull their updates each day.
Around 30 hours later, these files are then mirrored to a central
server, from which the rest of the university pulls their updates.

This gives us some leeway to avoid affecting thousands of computers if
it turns out there's a problem with the virus update (and this has
happened in the past).

If it turns out that an urgent update is required to deal with a major
issue (like Sircam, Goner, etc), we can short-circuit the process.

We normally pull our updates from NAI's European mirror at
ftpeur.nai.com.  I was disappointed to discover that although NAI had
updated their main server with new definitions to deal with Goner, they
hadn't done anything to expedite the mirroring process to their European
server (so ftpeur.nai.com still had the 4173 definitions when
ftp.nai.com had 4174).

Martin Radford  (Martin.Radford at bristol.ac.uk)
Personal Computer Systems Team
Information Systems & Computing
University of Bristol Information Services

More information about the unisog mailing list