Subject: | |
From: | |
Reply To: | |
Date: | Thu, 3 Nov 2005 14:00:41 -0500 |
Content-Type: | multipart/mixed |
Parts/Attachments: |
|
|
If Symantec is integrated with Windows Security Center (versions >=9.x,
OS>=XP) then this JS code
should work:
provObj = GetObject("winmgmts:/root/SecurityCenter");
colItems = provObj.InstancesOf ("AntiVirusProduct");
for(e = new Enumerator(colItems) ; !e.atEnd() ; e.moveNext())
{
Profile = e.item();
// Wscript.Echo("Company="+Profile.companyName);
WScript.Echo("Name="+Profile.displayName);
WScript.Echo("Version="+Profile.versionNumber);
if(Profile.productUptoDate)
WScript.Echo("WSCstatus="+'uptodate');
else
WScript.Echo("WSCstatus="+'notuptodate');
}
For Win2k and SAV v7.x we could check LiveUpdate and compare its info
with the info from
http://securityresponse.symantec.com/avcenter/download.html
but that's probably not an elegant solution (see attached avcheck.wsf).
Evgueni
William Doyle wrote:
>Good Day,
>
>We're toying with the idea of only checking to see whether Symantec anti-
>virus was configured for scheduled updates, and then checking for up to
>date defs if there is an outbreak.
>
>I've been poking aroung the registry and running sysinternals regmon while
>enabling and disabling shceduled updates, but have been unable to identify
>a registry entry associated with this.
>
>Anybody know where to look?
>
>Thanks
>
>
<package>
<job id="av">
<script language="JScript">
var urlStatus=0;
// Connect to Windows Security Center to get the update status of AntiVirus
// also check the presence of Symantec LiveUpdate
// Usage: cscript /Nologo avcheck.wsf
function ReportFileStatus(filespec)
{
var fso, s = filespec;
fso = new ActiveXObject("Scripting.FileSystemObject");
if (fso.FileExists(filespec))
return(1);
else
return(0);
}
// construct an Associative Array
function Months(){
this.Jan = 0;
this.Feb = 1;
this.Mar = 2;
this.Apr = 3;
this.May = 4;
this.Jun = 5;
this.Jul = 6;
this.Aug = 7;
this.Sep = 8;
this.Oct = 9;
this.Nov = 10;
this.Dec = 11;
}
function LiveUpdate(path)
{
var m = new Months();
var fso, f, text;
var ForReading = 1, ForWriting = 2;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.OpenTextFile(path, ForReading);
text=f.ReadAll();
f.Close();
var re = new RegExp(/DOWNLOADS\\LIVETRI.ZIP\\LAST-MODIFIED=.+, (\S+?) (\S+?) (\S+?) /);
text.match(re);
//WScript.Echo(RegExp.$3+" "+RegExp.$2+" "+RegExp.$1);
var lud = new Date(RegExp.$3,m[RegExp.$2],RegExp.$1);
//WScript.Echo(m[RegExp.$2]);
return(lud.getTime());
}
// finding where liveupdate section starts and searching for "Extended Version"
// in that piece of text
function LU_check(){
var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");
try{
xmlhttp.open("GET", "http://securityresponse.symantec.com/avcenter/download.html",true);
xmlhttp.onreadystatechange=function (){
if (xmlhttp.readyState == 4 && xmlhttp.status == 200){
urlStatus=1;
}
else {
urlStatus=0;
}
}
// ??
xmlhttp.send();
}
catch(e){}
// using this construction to specify our own timeout - of 5 seconds
// global urlStatus is set by onreadystatechange handler function
for(i=0;i<10;i++){
if(urlStatus == 1) break;
WScript.Sleep(500);
//WScript.Echo('.');
}
if(urlStatus != 1){
return("LU_missingWebPage");
}
else{
var text = xmlhttp.responseText;
}
var s = text.search(new RegExp("Virus Definitions created <!-- LUCREATEDATE start -->"));
var re = new RegExp(/Extended Version: (.+)\/(.+)\/(.+) rev/);
//r = text.substr(s,text.length).match(re);
var lus = text.substr(s);
lus.match(re);
var d = new Date(RegExp.$3,RegExp.$1-1,RegExp.$2);
var webDate = d.getTime();
var WshShell = WScript.CreateObject("WScript.Shell");
var WshSysEnv = WshShell.Environment("Process");
var path = WshSysEnv("AllUsersProfile") + "\\Application Data\\Symantec\\LiveUpdate\\Settings.LiveUpdate";
if( ReportFileStatus(path) ){
// WScript.Echo("Symantec LiveUpdate was found!");
luDate = LiveUpdate(path);
//WScript.Echo("Web time: "+webDate+" lu time: "+luDate);
//var mwd= new Date(webDate);
//var mld= new Date(luDate);
//WScript.Echo("Web time: "+mwd.toDateString()+" lu time: "+mld.toDateString());
if(luDate >= webDate)
return("LU_uptodate");
else
return("LU_notuptodate");
}
else {
return("");
}
return("");
}
function jAVCenter() {
var e = new Error();
try{
provObj = GetObject("winmgmts:/root/SecurityCenter");
colItems = provObj.InstancesOf ("AntiVirusProduct");
for(e = new Enumerator(colItems) ; !e.atEnd() ; e.moveNext())
{
Profile = e.item();
// Wscript.Echo("Company="+Profile.companyName);
Wscript.Echo("Name="+Profile.displayName);
Wscript.Echo("Version="+Profile.versionNumber);
if(Profile.productUptoDate)
Wscript.Echo("WSCstatus="+'uptodate');
else
Wscript.Echo("WSCstatus="+'notuptodate');
}
}
catch(e){
//WScript.Echo(e);
}
var luStr = LU_check();
if(luStr != ""){
WScript.Echo("LUstatus="+luStr);
}
else {
// WScript.Echo("No Symantec LiveUpdate found");
}
}
jAVCenter();
</script>
<script language="VBScript">
' place holder
</script>
</job>
</package>
|
|
|