Open-AudIT

Not sure what the issue is here, but I have a mail server running NOD32 ver 2.7.X (which is working fine) however OA seems to think there is no Anti Virus software installed. (The irony is that the server also runs a Kasperski plugin to scan incoming email, so this is probably one of the best protected machines on the network). Anybody else have a similar issue?

BTW this came to light partly as a result of me adding a new view def for Anti Virus Software, and a related FAQ showing how this was done.

viewtopic.php?f=6&t=2545&p=11276#p11276

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]

yes I have same problem with Antivirus software, who NOT contain "virus" in software name.

example :
Client Offiescan are not considered like antivirus whereas officecan it's enterprise version of pctrend antivirus.


but i have a "VIH SIDA software infection animation" who's called "infection par le virus du SIDA" who absolutly not an antivirus software, open audit detect this software like an antivirus.

the problem is in "system_viewdef_security.php" file :

line 56 :

[code]"antivirus_other"=>array(
"headline"=>__("Other Antivirus"),
"sql"=>"SELECT * FROM software WHERE software_uuid = '" . $_GET["pc"] . "' AND software_timestamp = '".$GLOBAL["system_timestamp"]."' AND software_name LIKE '%virus%' ",[/code]

I think the ONLY way to be 100% certain that we pick-up every AntiVirus program that does not register with WinXPsp2 or Win2k3 is for everyone to provide a list of all known AntiVirus programs (their names) in every language. That way, we can check for any of these names in the Software table, and display them.

Not an insignificant amount of work.

The reason it checks like it does (where software_name LIKE '%virus%') is the easiest and simplest way to check for MOST programs - it is not 100% accurate though. It was infinitely easier to write that short bit of SQL, than to check for every AntiVirus program name, in every language.

_________________
Support and Development hours available from [url=https://opmantek.com]Opmantek[/url].
Please consider a purchase to help make Open-AudIT better for everyone.

can we check for software_name like __(%virus%) or

$virus_name = __("virus") ...

software_name like __($virus_name)

or similar to cover translation.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]