Registrations to Open-AudIT forums are now closed. To ask any new questions please visit Opmantek Community Questions.

Open-AudIT

What's on your network?
It is currently Thu Mar 28, 2024 7:27 pm

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 
Author Message
PostPosted: Thu Jun 05, 2008 5:24 am 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
Hi All,

I was thinking that for a corporate environment, it would be helpful to also show 2 columns: if it's not up to date, what is the latest signature update on the machine, and also show the parent server.

I'm relating this to Symantec, as this is the general corporate implementation.

Would this be hard to accomplish?

Regards,
Adrian

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 12, 2008 5:24 am 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
*BUMP*

No interest? :?:

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 12, 2008 7:56 pm 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Certainly this would be a nice feature, I assume this would only work with Symantec however, and since I ditched Symantec on replaced it with Nod32 (which does a much better job of keeping everything up to date IMHO), I would not use it. :(

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Fri Jun 13, 2008 11:05 pm 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
can;t we make like a list of top5 corporate AVs and make the changes/additions for them?

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 14, 2008 8:34 am 
Offline
Moderator
User avatar

Joined: Tue Jan 25, 2005 3:09 am
Posts: 2140
Location: Scotland
Can we find this info from WMI or the registry, if so, how.

_________________
Andrew

[size=85]OA Server: Windows XP/ XAMPP, Mandriva/Apache, Ubuntu
Auditing: 300+ Wstns, 20+ Srvrs, Thin clients, Linux boxes, Routers, etc
OS's: Windows XP , W2K Srvr, W2K3 Srvr, W2K8, Vista, Windows 7, Linuxes (and a Mac at home)
LDAP: Active Directory[/size]


Top
 Profile  
Reply with quote  
PostPosted: Tue Jun 17, 2008 4:51 pm 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
For Symantec you get this info from the definitions file, basicaly can you make a script that opens a file reads it then post the data on site? I'll look where that folder/file is and give you the info.

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 18, 2008 3:39 am 
Offline
Newbie

Joined: Sat Mar 17, 2007 5:20 am
Posts: 8
Location: RI, USA
Def Date
[code]
strKeyPath = "SOFTWARE\Symantec\SharedDefs"
strValueName = "NAVCORP_70"
display_name = "Symantec Virus-Definition-Version"
oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,SAVDef_Version
'strip off all but the date part of the file name
SAVDef_Version = left(right(SAVDef_Version, 12), 8)
[/code]
or
[code]
'Get Virus definition from definfo.dat.

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.GetFile("c:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat")

If objFSO.FileExists(objFile) Then
Set objDatFile = objFSO.OpenTextFile(objFile, ForReading)
Do Until objDatFile.AtEndOfStream
strLine = objDatFile.Readline
intCurDefs = InStr(strLine , "CurDefs")
If intCurDefs > 0 Then
dtYear = Mid(strLine, 9, 4)
dtMonth = Mid(strLine, 13, 2)
dtDay = Mid(strLine, 15, 2)
dtDefDate = CDate(dtMonth & "/" & dtDay & "/" & dtYear)
echo("Def: " & dtDefDate)
End If
Loop
objDatFile.Close
Else
echo("definfo.dat does not exist")
End If
[/code]

Parent Server
[code]
oReg.GetStringValue HKEY_LOCAL_MACHINE,"SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion","Parent",strValue
[/code]


Top
 Profile  
Reply with quote  
PostPosted: Wed Jun 18, 2008 9:32 am 
Offline
Newbie

Joined: Tue Jun 17, 2008 2:11 pm
Posts: 9
We use TrendMicro OfficeScan


Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 19, 2008 5:00 pm 
Offline
Helper

Joined: Fri Jun 06, 2008 3:02 pm
Posts: 79
Location: Singapore
mcafee use the registry everything is in one hive

[code]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\AVEngine]
"DAT"="C:\\Program Files\\Common Files\\McAfee\\Engine\\"
"szInstallDir32"="C:\\Program Files\\Common Files\\McAfee\\Engine\\"
"EngineVersionMajor"=dword:00001450
"EngineVersionMinor"=dword:00000870
"AVDatVersion"=dword:000014bb
[b]"AVDatDate"="2008/05/30"[/b]
"EngineVersion32Major"=dword:00001450
"EngineVersion32Minor"=dword:00000870
"AVDatVersionMinor"=dword:00000000
"AVDatDateSys"=hex:d8,07,05,00,00,00,1e,00,00,00,00,00,00,00,00,00

[/code]

_________________
**---((( [color=#FF0000]SGR[/color] )))---****
Server Info:
OS : CentoS 5
Auditing: 1143 machines
LDAP: Active Directory
Support Open-Audit : [url]http://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2990#p13523[/url]


Top
 Profile  
Reply with quote  
PostPosted: Sat Jun 21, 2008 6:45 pm 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
Great!

Will test it first thing monday morning

A_Hull - Did you get a chance to look at this? can we put it in the SVN?

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
PostPosted: Mon Jun 23, 2008 4:31 pm 
Offline
Newbie

Joined: Wed May 07, 2008 4:32 am
Posts: 42
aaaa. :-) how to I merge the above code to make it work?

_________________
Server Info:
OS : Windows 2003 SP2
Auditing: 1700 Machines
LDAP: Active Directory


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 11 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group