By using tar and SCP, you should be able to get at least 30 MB/s.

But, netcat is NOT included in VMware ESX 3.5. It is included in 2.5 and 4.x.

So how do you install netcat on VMware ESX 3.5?

1. Grab the RPM here:
http://netcat.sourceforge.net/download.php

(Don’t use any newer versions, like 1.10, because you will run into dependencies problems, like this:
[root@vmware-esx]# rpm -ivh netcat-1.10-980.1.i586.rpm
warning: netcat-1.10-980.1.i586.rpm: V3 DSA signature: NOKEY, key ID 9c800aca
error: Failed dependencies:
libc.so.6(GLIBC_2.3.4) is needed by netcat-1.10-980.1
rpmlib(PayloadIsLzma) <= 4.4.2-1 is needed by netcat-1.10-980.1
[root@vmware-esx]

2. Install the RPM: rpm -ivh netcat-0.7.1-1.i386.rpm

[root@vmware-esx bin]# rpm -ivh netcat-0.7.1-1.i386.rpm
warning: netcat-0.7.1-1.i386.rpm: V3 DSA signature: NOKEY, key ID b2d79fc1
Preparing… ########################################### [100%]
1:netcat ########################################### [100%]
[root@vmware-esx]

And you’re done!

These are the steps:

1. Generate Trial license

2. Download software

3. Prepare server

4. Install OfficeScan server

1. Generate Trial license

If you don’t have one, you’ll need valid license.

You can get a trial here:

http://forms.trendmicro.com/index.php?dom=us&productID=5


2. Download software

You then need to download the software.

Download the primary install file from:

http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=7&lang_loc=1

(I’ll try to cover service packs, patches and hotfixes in a later article).


3. Prepare the server

You’re most likely installing OfficeScan on a Windows Server 2003 or Windows Server 2008.

Before you start the OfficeScan installer you will need to install IIS on the Windows server.

(Press “Win + R” and type “appwiz.cpl” and add and remove Windows components/roles.)


4. Install the OfficeScan server

Simply move the install file to the OfficeScan server and double-click it.

Its pretty much straight forward (Next->Next->Next)

You may choose not to enable the firewall, enable spyware assessment mode, install OfficeScan to another location etc, but I’ll cover best practice configuration in another article.

When you’re finished installing, you can access the OfficeScan server console by typing the following in to your browser, on the server.

https//localhost:4343/officescan


Future topics related to this article:

- OfficeScan patch management, Service Packs, Patches and Hotfixes

- Best practice installation/configuration

And I’m simply not able to answer all the questions regarding installation and troubleshooting.

Therefore I have decided to write a series of posts/articles, to try to answer all of your questions, and to cover some general topics.

So, this is the articles I’ve planned to write:

Trend Micro OfficeScan: Installation

Trend Micro OfficeScan: Smart Scan Server

Trend Micro OfficeScan: Deployment

Trend Micro OfficeScan: Server Components

Trend Micro OfficeScan: Troubleshooting

If anyone has any request/wishes regarding content and topics, please feel free to leave a comment!

Read the original thoughts on OfficeScan 10 (just me ranting):

http://technoblog.org/2009/09/trend-micro-officescan-10-some-thoughts/

Security guides for Mac OS X 10.3, 10.4 and 10.5 are also available at the same site:

Mac OS X Security guides:

http://www.apple.com/support/security/guides/

Read Check Point SE Patrick Waters’ full blog post here:
http://fireverse.org/?p=468

And download the Migration Guide here:
http://www.fireverse.org/Discovery/Check_Point_EA_Discovery_MigrationGuide.pdf

Why You Should Migrate to Discovery (copied from the Migration Guide)
Check Point recommends that all customers upgrade from SecureClient to Discovery as soon as possible, because Discovery has these capabilities:
-  Supports both 32 and 64 bit Windows Vista and Windows 7
-  Uses less memory resources than SecureClient
-  Automatic disconnect/reconnect as clients move in and out of network range
-  Seamless connection experience while roaming
-  Automatic and transparent upgrades, with no administrator privileges required
-  Supports most existing features of SecureClient, including Office Mode, Desktop Firewall, Secure
Configuration Verification (SCV), Secure Domain Login (SDL), and Proxy Detection
-  Supports many additional new features, and will support even more new features in the near future
-  Does not require a SmartCenter server upgrade
-  Discovery and SecureClient can coexist on client systems during migration period

This is Trend Micro OfficeScan 8.0 SP1 Patch 5

Full readme can be found here:
http://www.trendmicro.com/ftp/documentation/readme/OSCE_80_Win_SP1_Patch5_en_readme.txt

It’s important to notice that only the following drivers are compatible with Windows 7:

Virus Scan Engine (8.952 or higher)
Virus Cleanup Engine (6.2.1016 or higher)
Anti-rootkit Driver (2.8.1063 or higher)
Common Firewall Driver (NSC) (5.8.1092 or higher)

Virus Scan Engine and Virus Cleanup Engine can be updated from the Active Update server.

Anti-rootkit Driver and the Common Firewall Driver (NSC) are included in this patch.

I haven’t had time to test if this actually works on Windows 7. If anyone has, please feel free to leave a comment. I will test it as soon as I can.

Trend Micro is now rolling back the VSAPI 9.000 from ActiveUpdate. Reason: “There have been reports of issues on the following products scanning certain malformed PDF files”.

The version available through ActiveUpdate is now 9.100.1001, this is essentially version 8.952.

The products affected are:
OfficeScan
ServerProtect
Worry-Free Business Security (WFBS)

Earlier, they sent out an advisory about VSAPI 9.000 and problems with Windows NT (think it was OfficeScan 7.3 and ServerProtect). The problems resulted in the Scan Engine being unable to load the pattern files.

Read the entire Customer Notification here:

CUSTOMER NOTIFICATION Rollback of VSAPI Version 9.000 from ActiveUpdate

On November 16, 2009, Trend Micro will make the VSAPI 9.000 available through ActiveUpdate (AU).

It will be released for the following products:
- OfficeScan
- Client Server Messaging Suite / Client Server Suite
- Worry Free Business Security
- ServerProtect for NT
- Trend Micro Control Manager

And it will include the following new features:
- Support for the detection of files that contain known PDF exploits
- Support for shellcode detection
- Recognition of the following additional file types:
- Flash Video (FLV)
- Microsoft Document Imaging (MDI)
- Moving Picture Experts Group (MPEG)
- QuickTime (MOV)
- RIFF
- SITX
- ZIP64
- Support for the detection of exploits to Microsoft Office vulnerabilities

Edit: The entire Advisory has been posted on the TCSE community – from ACAPacific blog.

VMware Workstation 7.0 Release notes:

http://www.vmware.com/support/ws7/doc/releasenotes_ws7.html

VMware Fusion 3.0 New Features:
http://communities.vmware.com/docs/DOC-10957

A list of the most interesting new features in VMware Workstation:

256-bit Encryption — Secure your virtual machines with AES256-bit encryption to prevent unauthorized users from accessing or running the configuration files.

Pause a Virtual Machine — Free your CPU resources instantaneously without powering off or suspending the virtual machine.

Four-Way SMP — Create and run virtual machines with a total of four processor cores, which can consist of four single-core processors, two dual-core processors, or one quad-core processor like the new Intel i7.

AutoProtect —Schedule snapshots of your virtual machine to be created at a regular interval to ensure that you always have a snapshot available to revert to when needed.

Virtual Printing — Print from virtual machines without mapping network printers or installing printer drivers in the virtual machine. With virtual printing enabled in the virtual machine setting, all of the printers installed on the host operating system are available in the guest operating system. This functionality is enabled through a partnership with ThinPrint, Inc.

Cross-Platform License Keys — Use the VMware Workstation 7.0 license key on both the Windows and Linux versions. Make sure you read the EULA for the terms and conditions that must be met when switching platforms.

Expand Virtual Disks — Increase the size of the virtual disk from within VMware Workstation. For Windows Vista and Windows 7 guests, the disk partitions can be adjusted without the use of additional software.

Compact Virtual Disks — Reclaim unused space from a virtual disk so that the host or another virtual machine can use it.

Drag and Drop Enhancements — Drag and drop enhancements include support for new file types including images and formatted text and extend the existing ability to drag and drop files to a broader set of guest and host operating systems.

Virtual Network Editor — User interface enhancements have simplified creating and configuring virtual networks.

IPv6 Support — Create a bridged connection to an IPv6 network on VMware Workstation virtual machines.

Fuse Mount for Linux — Use Fuse to mount .vmdk disks on to the file system of Linux hosts.

If anyone got any experience with the new products (or upgrading) feel free to share!

In my opinion:
It depends on your values.
You should upgrade if the new features appeals to you. The Device Control, and the Smart Network stuff.

But, performance wise, there are still some issues. E.g.: Extracting a Windows XP cd (from an ISO file) takes at least 50% more time with OfficeScan 10 (using Winrar). This is with conventional scan mode, I get about the same results with Smart Scan, but you can’t really compare it, since its not cached.

In addition, the Trend Micro Unauthorized Change Prevention Service (tmbsrv.exe) is a nice feature, but I believe it requires a bit more resources than the old Watchdog service.

So what about the stand alone scan server? I haven’t had time to test this one properly, at least not performance wise. So if anyone has done any real performance testing, with 100-500+ clients, I would really like to know. At least Trend Micro managed to get something right with the new Smart Scan feature. If what I’m seeing is correct, the impact on the network is really low. Sending those hashes back and fourth doesn’t consume that much bandwidth. Yay!

And just one last tip: When you install OfficeScan 10, install the integrated scan server. Even though you`re not planning to use it. Why? Because its really complicated to install it after you`ve finished the installation of the OfficeScan server. Just install it, and remove it from the list of scan servers in the GUI.

Anyway, if my sense of time is correct, its about two weeks left, until the Service Pack 1 of OfficeScan 10 is released to the public. The beta looked okay, but I`m really curious whether or not they managed to fix some of those performance issues.