Scan Engine: Internal LiveUpdate server's "Login" and "password" information in liveupdate.conf are not encrypted
Last Updated April 26, 2013
Up to Scan Engine (SSE) 5.2.8, the login and password for the internal LiveUpdate FTP server are encrypted right after the initial Java LiveUpdate (JLU) execution; however, from SSE5.2.10 and onward, they are no longer encrypted.
This is by-design.
Scan Engine 5.2.10 and onward uses its own liveupdate.conf separate from the JLU's. liveupdate.conf will be encrypted only if the file is JLU's.
hosts/0/login=<plain text strings> hosts/0/password=<plain text strings>
liveupdate.conf can be encrypted if manually executed with "-r" option.
Log in the SSE/SPE host as root / Administrator and stop the service.
Copy the contents from the FROM to TO if FROM contains only cacheMode, downloadChacneSize, maxPackageContentSize and maxPackageSize:
UNIX (Solaris and Linux): FROM /etc/liveupdate.conf TO /opt/SYMCScan/bin/liveupadate.conf
Windows (32-bit) FROM C:\Documents and Settings\All Users\Application Data\Symantec\Java LiveUpdate\liveupdate.conf TO C:\Program Files\Symantec\Scan Engine\liveupdate.conf
Windows (64-bit) FROM C:\Documents and Settings\All Users\Application Data\Symantec\Java LiveUpdate\liveupdate.conf TO C:\Program Files (x86)\Symantec\Scan Engine\liveupdate.conf
Note: If you are going to use Symantec's public LiveUpdate servers, the following steps are not necessary.
Add the following hosts/<number>/ lines which refer to your internal LiveUpdate server. Here the <number> should be identical: hosts/<number>/url=ftp://<your internal FTP server's URL> hosts/<number>/login:<your FTP user login id in plain text> hosts/<number>/password:<your FTP server login password in plain text>
As root / Administrator on the terminal / command prompt, execute the following command:
Open the resulting liveupdate.conf under the SSE/SPE install root and see if the login and the password line are both encrypted such as follows: hosts/<number>/url=ftp://<your internal FTP server's URL> hosts/2/login:ENC=<encrypted strings> hosts/2/mode=passive hosts/2/password:ENC=<encrypted strings>
Start SSE / SPE service.
Symantec Scan Engine 5.2.10 and greater
Protection Engine 7.0.0 and greater
[Enhancement Request]: Encrypt the login/password information in liveupdate.conf if executed with -c option
Imported Document ID: TECH205382
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe