LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

November 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS November 2005

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: scheduled updates check
From:	Evgueni Martynov <[log in to unmask]>
Reply To:	Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:	Thu, 3 Nov 2005 14:00:41 -0500
Content-Type:	multipart/mixed
Parts/Attachments:	text/plain (1232 bytes) , avcheck.wsf (3608 bytes)


If Symantec is integrated with Windows Security Center (versions >=9.x, 
OS>=XP) then this JS code
should work:

provObj = GetObject("winmgmts:/root/SecurityCenter");

colItems = provObj.InstancesOf ("AntiVirusProduct");
for(e = new Enumerator(colItems) ; !e.atEnd() ; e.moveNext())
{
   Profile = e.item();
//   Wscript.Echo("Company="+Profile.companyName);
   WScript.Echo("Name="+Profile.displayName);
   WScript.Echo("Version="+Profile.versionNumber);
   if(Profile.productUptoDate)
	WScript.Echo("WSCstatus="+'uptodate');
    else 
	WScript.Echo("WSCstatus="+'notuptodate');	 

}


For Win2k and SAV v7.x we could check LiveUpdate and compare its info 
with the info from
http://securityresponse.symantec.com/avcenter/download.html
but that's probably not an elegant solution (see attached avcheck.wsf).

Evgueni


William Doyle wrote:

>Good Day,
>
>We're toying with the idea of only checking to see whether Symantec anti-
>virus was configured for scheduled updates, and then checking for up to
>date defs if there is an outbreak.
>
>I've been poking aroung the registry and running sysinternals regmon while
>enabling and disabling shceduled updates, but have been unable to identify
>a registry entry associated with this.
>
>Anybody know where to look?
>
>Thanks
>  
>




<package>

<job id="av">

<script language="JScript">
var urlStatus=0;

// Connect to Windows Security Center to get the update status of AntiVirus
// also check the presence of Symantec LiveUpdate 
// Usage: cscript /Nologo avcheck.wsf

function ReportFileStatus(filespec)
{
   var fso, s = filespec;
   fso = new ActiveXObject("Scripting.FileSystemObject");
   if (fso.FileExists(filespec))
      return(1);
   else 
      return(0);
}

// construct an Associative Array
function Months(){

this.Jan = 0;
this.Feb = 1;
this.Mar = 2;
this.Apr = 3;
this.May = 4;
this.Jun = 5;
this.Jul = 6;
this.Aug = 7;
this.Sep = 8;
this.Oct = 9;
this.Nov = 10;
this.Dec = 11;

}


function LiveUpdate(path)
{

var m = new Months();
var fso, f, text;
var ForReading = 1, ForWriting = 2;
fso = new ActiveXObject("Scripting.FileSystemObject");
f = fso.OpenTextFile(path, ForReading);
text=f.ReadAll();
f.Close();

var re = new RegExp(/DOWNLOADS\\LIVETRI.ZIP\\LAST-MODIFIED=.+, (\S+?) (\S+?) (\S+?) /); 
text.match(re);

//WScript.Echo(RegExp.$3+" "+RegExp.$2+" "+RegExp.$1);

var lud = new Date(RegExp.$3,m[RegExp.$2],RegExp.$1);

//WScript.Echo(m[RegExp.$2]);
return(lud.getTime());

}



// finding where liveupdate section starts and searching for "Extended Version"
// in that piece of text

function LU_check(){

var xmlhttp = new ActiveXObject("MSXML2.XMLHTTP");

try{

xmlhttp.open("GET", "http://securityresponse.symantec.com/avcenter/download.html",true);

xmlhttp.onreadystatechange=function (){

if (xmlhttp.readyState == 4 && xmlhttp.status == 200){
			    urlStatus=1;
}
else {
     urlStatus=0;	
      
}

}

// ?? 

xmlhttp.send();


}
catch(e){}

// using this construction to specify our own timeout - of 5 seconds
// global urlStatus is set by onreadystatechange handler function
for(i=0;i<10;i++){

 if(urlStatus == 1) break;
WScript.Sleep(500);
//WScript.Echo('.');

}

if(urlStatus != 1){
	return("LU_missingWebPage");
}
else{
	var text = xmlhttp.responseText;
}


var s = text.search(new RegExp("Virus Definitions created <!-- LUCREATEDATE start -->"));
var re = new RegExp(/Extended Version: (.+)\/(.+)\/(.+) rev/);
//r = text.substr(s,text.length).match(re);
var lus = text.substr(s);
lus.match(re);

var d = new Date(RegExp.$3,RegExp.$1-1,RegExp.$2);
var webDate = d.getTime();
var WshShell = WScript.CreateObject("WScript.Shell");
var WshSysEnv = WshShell.Environment("Process");

var path = WshSysEnv("AllUsersProfile") + "\\Application Data\\Symantec\\LiveUpdate\\Settings.LiveUpdate";

if( ReportFileStatus(path) ){
//	WScript.Echo("Symantec LiveUpdate was found!");
        luDate = LiveUpdate(path);

//WScript.Echo("Web time: "+webDate+" lu time: "+luDate);
//var mwd= new Date(webDate);
//var mld= new Date(luDate);
//WScript.Echo("Web time: "+mwd.toDateString()+" lu time: "+mld.toDateString());


	if(luDate >= webDate)
                             return("LU_uptodate");
	  else 
              return("LU_notuptodate");	
}
 else {
        return("");

}

return("");                    
}


function jAVCenter() {

var e = new Error();
try{

provObj = GetObject("winmgmts:/root/SecurityCenter");

colItems = provObj.InstancesOf ("AntiVirusProduct");
for(e = new Enumerator(colItems) ; !e.atEnd() ; e.moveNext())
{
   Profile = e.item();
//   Wscript.Echo("Company="+Profile.companyName);
   Wscript.Echo("Name="+Profile.displayName);
   Wscript.Echo("Version="+Profile.versionNumber);
   if(Profile.productUptoDate)
	Wscript.Echo("WSCstatus="+'uptodate');
    else 
	Wscript.Echo("WSCstatus="+'notuptodate');	 

}


}
catch(e){

//WScript.Echo(e);
}


var luStr = LU_check();

if(luStr != ""){
	WScript.Echo("LUstatus="+luStr);
}
else {

//	WScript.Echo("No Symantec LiveUpdate found");	
}


}

jAVCenter();


</script>


<script language="VBScript">
' place holder
</script>

</job>

</package>

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU