eScan BlogeScan Blog    eScan WebsiteeScan Website    eScan ForumeScan Forum    eScan FeedseScan Feeds     
    
Languages:     

From eScan Wiki

Jump to: navigation, search
Image:escan-g.jpg
· eScan  · MailScan  · Technologies   · Technical Info  · Security Awareness  · User Guides
[edit]

Index


[edit]

Updating eScan Virus Signature Database

  1. How frequently is eScan's Virus Database updated?
  2. How does eScan performs updates?
  3. Can we configure the frequency of update-checks?
  4. Can eScan download updates via FTP or HTTP? Will it work through my normal Proxy or SOCKS Proxy Server?
  5. Can eScan download updates through my Firewall?
  6. How eScan does performs updates?
  7. How much time does eScan take to update?
  8. How do eScan Clients get updated?
  9. Does eScan updates flow across different networks, sub-networks?
  10. How can I download updates for my eScan clients version 9 from an eScan Server version 10?
  11. How can I check that eScan has recently updated?
  12. Does eScan gives total virus protection from all latest viruses?
  13. I receive lots of SPAM emails which is not detected by eScan. How can I update the eScan Anti-Spam database?
  14. How does Client Live Updater in eScan Management Console work?
  15. How do I get cumulative updates for eScan & MailScan?
  16. How does eScan get updates from ISA Proxy Server?
  17. How often does the eScan Management server download updates from internet?
  18. How can I schedule download of updates by eScan Clients from eScan Server?
  19. My eScan clients are unable to get updates from eScan server, once I log out from eScan server?
  20. My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?


  1. How frequently is eScan's Virus Database updated?

    Answer:

The Web and FTP sites are normally updated once every day.

On certain occasions, they may be updated more frequently, in response to a virus epidemic (eg. the Love-Bug virus).
Back to Top

  1. How do we update eScan with the latest virus updates?

    Answer:
    eScan automatically keeps its virus database updated.
    It checks for availability of the Internet connection. If it detects that Internet connectivity is present, it then checks to see if a new update is available.
    If new updates are available, they are downloaded and implemented automatically.
    The default frequency for update checks is currently set at 1-hour intervals, but can be manually configured for other periods as per the customer's requirements.

  2. Can we configure the frequency of update-checks?

    Answer:
    Yes.

  3. Can eScan download updates via FTP or HTTP? Will it work through my normal Proxy or SOCKS Proxy Server?

    Answer:
    Yes.

  4. Can eScan download updates through my Firewall?

    Answer:
    Yes. Either using HTTP downloads or using Passive FTP.

  5. What size update files does eScan have?

    Answer:
    eScan uses an incremental update process. This allows it to only download the new virus signatures and append it to the existing anti-virus database.
    This is normally a very fast operation with minimal impact on your Internet connection bandwidth and is a huge advantage when compared to other products that must re-download the entire anti-virus database file each time.

  6. How much time does eScan take to update?

    Answer:
    Due to the nature of incremental updates, the download files required by eScan is very small in size.
    Hence, it would not take more than 5-10 minutes for a complete download on a (slow) modem connection. But it also depends on your connectivity to the Internet.

  7. How do eScan Clients get updated?

    Answer:
    As soon as an eScan Client starts, it will look for (poll for) an eScan Server. This operation is similar to how a DHCP Client looks out for a DHCP Server.
    As soon as the Client receives the IP address of the eScan Server, it will send update requests to the eScan Server at pre-specified time intervals.

  8. Does eScan updates flow across different networks, sub-networks?

    Answer:
    Yes, provided you install atleast one eScan Server in each of the other networks OR install the eScan Server on the Gateway PC.
    If you have installed eScan Servers on multiple networks, then you should configure one eScan Server as the Master eScan Server. The other eScan Servers can then be configured to pick up their updates from the Master eScan Server.
    This will reduce the impact on your Internet connection's bandwidth, and also the load on the main eScan Server.

  9. How can I download updates for my eScan clients version 9 from an eScan Server version 10?

    Answer:


    To download updates for eScan clients version 9 from an eScan Server version 10, follow the steps below:

    a. Open the eupdate.ini of the eScan Server from \Program files\escan\ directory or the eScan installed directory,
    b. search for "DoNotAllowDownload=" entry.
    c. Default entry will be
    DoNotAllowDownload=*.avc,*.avx,*.set,*.key,*.vnd,update.txt,*.dt,kerupd.upz
    d. You have to remove all the values and save the eupdate.ini file. The value should be
    DoNotAllowDownload=
    e. And start downloading the udpates.
    f. It will store Verion 9 updates in \pub\update folder (share name is escanupd$)
    g. And the Version 10 updates will be stored under \pub\avx folder (share name is escanavx$ )
    h Whenever a eScan client or server version 9 will download the updates from eScan version 10 server it will choose the \pub\update path which is default one. And version 10 client will choose the \pub\avx path to download the other signatures.
    Note: The Above Changes is to be implemented Only when Client OS are Below Windows XP.

  10. How can I check that eScan has recently updated?

    Answer:
    In eScan version 9, if you right click on " 'e " icon in the system tray, there is an option of "View log files".Click on the "View Download Log" option to check the status of the updates. Or place the mouse pointer on the " e " icon (on the taskbar). Here it will display the date when the software was last updated.

    In eScan version 10, open the eScan Protection Center and click on Update. In this window, you can see the date of the Last Database updated. Also, you can click on View Log (under Report in the same window) to check the AV-signature files downloaded. Or just move the mouse cursor over the Red Color eSan Monitor icon, which will display the information.

  11. Does eScan gives total virus protection from all latest viruses?

    Answer:
    Yes, since eScan is updated on a daily basis with all the latest virus information, it gives you round-the-clock 100% protection.

  12. I receive lots of SPAM emails which is not detected by eScan / Mailscan. How can I update the eScan Anti-Spam database?

    Answer:
    Forward the emails considered to be spam to spam@escanav.com. After the Lab analysis of the email, we shall update our Antispam database and will be available in our next daily updates.

    NOTE: Select the "Forward as an attachment" option in your email clients to send the email.

  13. How does Client Live Updater in eScan Management Console work?

    Answer:


    The Parent/Primary server will get live event alerts, like processes executed on the client system, in the Client Live Updater tab of the eScan Management console.It will receive live alerts from:

    a. Client belonging to Parent/Primary server.
    b. Secondary/Child server
    c. Client of Secondary/Child server. (these client alert will also be available in the Secondary/Child server)


    Overall, such event alerts in a network can be viewed from Primary/Parent server.

    image



    Alerts can be customized as per the Event ID generated by Live Alert:

    • Open the Eupdate.ini file from \Program files\eScan folder and search for the below entries:
    IgnoreEventIds=

    (This entry will stop / ignore a particular event id to be broadcasted from the client system to the eScan server. Note:-The settings should be done on the system of which the event is required to be stopped).

    eg: IgnoreEventIds= 102,152

    [The local system will not broadcast the Endpoint security (Event id=102) &
    File AntiVirus(Event id=152) to the eScan Server].

    SendOnlyEventIds=

    (This entry will only broadcast a particular event id to the eScan Server.
    Note:-The settings should be done on the system of which the event is required to be broadcasted).

    eg: SendOnlyEventIds=102,152

    The local system will broadcast only the Endpoint security (Event id=102) &
    File AntiVirus (Event id=152) events to the eScan Server).

    IgnoreEventIdsServToServ=

    (This entry is valid for stopping the broadcast of a particular event alerts from one eScan server to another eScan Server. For instance from a secondary eScan server to a primary eScan server. Note:-The settings should be done on the system of the eScan server of which the event is required to stopped).

    IgnoreEventIdsServToServ=102,152


    SendOnlyEventIdsServToServ=

    (This entry is valid for broadcasting a paritcular event alerts only from one eScan server to another eScan Server. Note:-The settings should be done on the local system of the eScan server of which the event is required to be broadcasted).

    SendOnlyEventIdsServToServ=102,152
    For multiple event id's to be added in the above entry (,)as a separator should be used.

  14. How do I get cummulative updates for escan & mailscan?

    Answer:


    1. ESUPDATEBD for eScan version 10.x and MailScan 6.x is a cumulative update of the latest signatures. It is for users who do not have access to the network or internet to download daily updates for eScan / MailScan. When you download this file and run it, it will update the eScan's / MailScan's signature database.



    Please Note: Signatures included in the esupdatebd.exe are only applicable for eScan Version 10.x and MailScan 6.x.

    Download Link for esupdateBD

    OR



    2. ESUPDATE for eScan Version 9.x and MailScan 5.x is a cumulative update of the latest signatures. It is for users who do not have access to the network or internet to download daily updates for eScan / MailScan. When you download this file and run it, it updates the eScan's / MailScan's signature database.



    Please Note: Signatures included in the esupdate.exe are only applicable for eScan Version 9x and MailScan 5x

    Download Link for esupdate

    OR

  15. How eScan can take updates from ISA Proxy Server?

    Answer:


    For eScan to take updates from ISA Proxy server the following step need to be carry out at ISA proxy server

    • Open the ISA management console.
    • Expand the Server -> Policy Elements -> Client Address sets in the ISA tree.
    • Create a Client address set named “eScan”. Enter the IP address of the server on which the eScan is installed. If it is installed on the ISA Server itself , make sure that the IP address specified is the internal IP address of the server (the private ISA server IP address).


    Expand the Access Policy object, and create a new rule in Protocol Rules.

    • Right-click Protocol Rules, and then click New, name as eScan update rule.
    • Select Rule action as allow , and then click Next.
    • Select apply this rule to selected protocol and select ftp & http, and then click Next.
    • Select always in use this schedule option, and click Next.
    • Select specific computers, click Next.
    • Add eScan in the client sets, click Next.
    • Click Finish.

  16. How often the eScan Management server should download the updates from the internet?

    Answer:
    By default, eScan Management Console download the updates after every 120 minutes. If it doesn't update successfully after 120 minutes, it will retry.

  17. How can I schedule download of updates by eScan Clients from eScan Server?

    Answer:
    On client side it queries to the Management Console after every 60 Minutes. This setting is not present in the GUI but you can find this setting in eupdate.ini file under \program files\eScan folder and the entry is "VersionRequestTime=60".

  18. My eScan clients are unable to get updates from eScan server, once I log out from eScan server?

    Answer:
    When a user logs out from an eScan server, the EMC service (ESERV.EXE) will stop to run in Application Mode and automatically restart in Service Mode. However, it will take three minutes to restart the EMC service after the user has log out from the eScan Server. Therefore, after three minutes, the eScan clients will be able to get updates from the eScan Server.

  19. My eScan server is not taking updates. Is it due to Firewall? If Yes, then what ports need to be exclude from the firewall for the smooth flow of updates?

    Answer:
    Yes, its ONLY due to the firewall. Please exclude the blow ports from your firewall.
    a. Port range from 1023 to 2023 (tcp)
    b. 3333, 2021, 2222 , 2225 , 2227 (tcp)
    c. 2001 (udp)

    Also, you need to make small change in the eserv.ini file. Please add the below entries in the GENERAL SECTION of eserv.ini file.

    [General]
    AddPassivePort=1
    StartingPassivePort=1023
    NoofPassivePorts=1000
    Ser_Pasv_IPAddr=server ip

    Note:- [General] is the section name and that should be already there. Only four above entries need to be add there.



Retrieved from "https://download1.mwti.net/wiki/index.php/Escan/english/eScan-FAQ/Signature-Files"

eScan Copyright © 2015 MicroWorld Technologies Inc.- AntiVirus & Content Security.       Send your feedback to solutions@escanav.com eScan Wiki

    Privacy policy  About eScan Wiki  Disclaimers   This page has been accessed 52,926 times.