Jason Lee

Brining online our Mac Server continues….We know that there are very few viruses that are going to harm the OSX machines, but we have still decided install Symantec for Mac on all our OSX machines.  The primary reason is because of the popularity of OSX there is a higher potential for viruses for OSX but also potential for the Macs to be the onramp for harmful files to our network to cause harm to the Windows devices.We downloaded the latest version of Symantec for Mac and the Symantec Admin Console for Mac, which is version 10.2.  The installation process was less than smooth, but that wasn’t to the fault of Apple.  Symantec’s Administration installation guild has a lot to be desired.  Here are some notes from the install.We used the Symantec AntiVirus™ 10 for Macintosh® Installation Guide and the downloaded content from the licensing.Symantec.com web site.The installs for both the Client and Server portions of the software package are fairly straight forward except the guide is not correct or omits valuable information in several areas (noted with “omitted in guide”), your mileage may very but here is the process we used.

• Download the .dmg from licensing.Symantec.com
• Extract the .dmg to the local drive.
• Install MySQL
  • When installing the Console on a Leopard 10.5.3 Server the instructions state that MySQL should be running by default, it isn’t and from what I have read this was a change from 10.4 to 10.5.  The crazy thing is when MySQL isn’t running the installer proceeds and says completed successfully even when it hasn’t.

To enable and configure MySQL to to Server Admin and add the MySQL service.  Next you will need to assign the root login a password.  The default is blank, yet Symantec will not work with a blank password.  To change the password go to terminal and run the following command mysqladmin -u root -h localhost password “newpassword” (replacing newpassword with your selection).

• Enable php on the local web server
  • You next need to check that php is enabled.  The guide makes no mention of needing to use php but after the console install is complete it takes you to a php page, and well by default the OSX 10.5.3 web server does not have the php module enabled.  You will first need to start the Web Service and then enable php5_module.

To enable this go to Server Admin>Servers>OSX Server>Web. Choose the Settings button and the Modules Tab and scroll down to php5_module and check the ‘enable’ check box.

• Assign a static IP address to your OSX server if you haven’t already.
• Run the Symantec Administration Console Installer
  • enter  your admin credentials
  • Name the MySQL database – the default SACM works great
  • Enter the MySQL username: root and the password you set with the command line above.
  • Specify the MySQL database user name the default symadmin works well.
  • enter the credentials you want to use to login to the SAV Console for Mac
  • Choose the Setup Style for the Console, basic works well.
  • enter the host IP address of the OSX server.
  • Enter the Console address and path.  The defaults work well, except the use SSL.  On the first install accessing the Console on port 443 didn’t work but worked on port 80.  It isn’t a major issue in my mind to have this console using SSL so we elected to not use SSL.
  • Enter the Multicast address, the default settings worked well.
  • Create the Key Pairs.
    • Note the Key Pairs will be used to authenticate any command you send from the Console to the clients so choose something here that you will remember and is easy to type.
  • Save the Summary if you would like to document the setup and click Finish.
  • A terminal window will open and the commands will run.
  • Once this is complete you may choose “Open Console” and the console should open if MySQL AND php are running correctly.
• Next you can proceed to install the Client application on those machines you plan to manage with this Console.
• The Installation guide says all you have to do is install the .pkg file found /Library/Application Support/Symantec/SMac/Symantec Administration Client.pkg  this isn’t the whole story. Doing so installs the configuration from your server but doesn’t install the client.  If you are familiar with the windows version of SAV when you push out the client you are doing that pushing out the client configured to check into the server.  This isn’t the case, you must install the client .pkg AND the client application.  Once both are installed and you reboot the machine it should show up in your console.
• After the client and the configuration .pkg are installed you next need to configure the scanning schedule, live updates etc., but you need to know if you are going to do a local LiveUpdate server  to have all your mac clients check into to get the updates rather than having all your machines checking in with Symantec every time they need updates.

(after having done this for as few clients as we have it might not be worth the effort, but its done so i’ll document it.)

• To configure the LiveUpdate server follow these steps (if not using a local update server proceed to the next step in the list)
• View the KB article: How to download and install the LiveUpdate Administration Utility for Macintosh and download the Live Update Admin Install Utility.
  • I wasn’t able to extract the .zip utility on a Mac so i downloaded it to a PC and extracted the .zip and copied it to our server.
• When you install LiveUpdate Administration tool it creates a directory in /applications/liveupdateadminutility.  In this location is the configuration tool and two other directories: Retrieved Updates Retrieved Updates Archives.  These are the default locations for the updates to be stored.
• Since we didn’t want to store the updates on the root volume we created a directory on a second volume called “LiveUpdates” and copied the two directories: Retrieved Updates Retrieved Updates Archives to the new location.
  • Just for others knowledge i created a symbolic link from the original location to the new location just incase someone were to follow the documentation and not know where i saved the updates.
• Next view the KB article: How to configure a Mac OS X Server as an internal LiveUpdate server using HTTP (Web)
  • This KB is really out of order, you first need to decide where you are going to store the updates and note that location.
  • Next go to the directory /library/webserver/documents/  and create a Symbolic Link named LiveUpdate (or what ever subdir path you want to use) pointing to the volume and location where you are saving the updates.
    • Note what you name this Symbolic Link you should know the name of this Symbolic Link is cas
      e sensitive in the url for your web server.
    • Brian H @ Symantec suggested a ‘better option’ is to save the updates in the /library/webserver/documents/liveupdate directory but that was on the root volume and we wanted the updates saved on the Storage Volume.
  • In step 4 setting the preferences, when prompted for the location of where you are saving the updates and the expired updates respectively to populate the paths.
    • This can be done by dragging the folders that you created on the Storage volume to the terminal window when prompted for the paths.
• Next View the KB article: How to configure the LiveUpdate Administration Utility for Macintosh
• Using the default settings for each of these properties works well, except for the time of day that you want the LiveUpdate server to download new updates.
• Brian H @ Symantec said that SAV for Mac updates are released only each Friday, but we still choose to check daily at an hour that is in the middle of the night.

• Next you will need to configure the clients to update from the LiveUpdate Server.
• Note that the Host name doesn’t include Http:// and the path is case sensitive.
• After you create the command go to the Send Commands tab and choose send Package.

• Finally you need to tell the clients in what interval to run a scan and live update.  Use the KB Article: How to remotely schedule LiveUpdate and virus scans on Symantec AntiVirus for Macintosh 10.0 clients.
• use the Symsched version commands 4.0.1f1 where “-w 1 23:00 /Users” is 1 the day of the week and 23:00 is the time of day. To set the Scan Interval:
• #!/bin/sh
  #Type your script here
  “/Applications/Symantec Solutions/Symantec Scheduler.app/Contents/Resources/symsched” VirusScan “Weekly Virus Scan” 1 1 -w 1 23:00 /Usersexit 0
• use the Symsched version commands 4.0.1f1 where “-w 4 19:00″ 4 is the day of the week and 19:00 is the time
• #!/bin/sh
  #Type your script here.
  “/Applications/Symantec Solutions/Symantec Scheduler.app/Contents/Resources/symsched” LiveUpdate “Weekly VDefs Update” 1 1 -w 4 19:00 “Virus Definitions” -quietexit 0
• When we ran the scripts we changed the times to be after Friday Night since the tech support told us that most Mac AV updates are released on Fridays of each week.

After these steps are complete your Macs are Running Symantec AV.

OSX Domain Integration