Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
BrianTX, sorry for the delay but this thread slipped through the cracks.
This is the code I currently use to check for AV software. I am still attempting to come up with a workable methodology to validate the engine version and the acceptable DAT version for 40,000 client on a global WAN.
I just noticed that some additional work may be required to copy the Extra.dat for "NetShield" installs.
The resulting log files are collected and parsed weekly via an external process that outputs a report.
code:
:CheckAVsoftware
If not ProductSuite("Terminal Server")
dim $outfile, $NAIkey, $NaiTrackKey, $NaiTrackVal, $NaiTrackCnt, $NAIerror, $NAIver
dim $ProductVersion, $ProductName, $EngineVersion, $DatVersion, $Updateini
dim $str, $rc, $System
$outfile="\\ambdc009\log$\virus\$ComputerName.txt"
;---------------------------------------------------------------------------------------------
; Track the non-compliance count in HCKU. Went count = 5 write FlagFile to Central server.
;---------------------------------------------------------------------------------------------
$NaiTrackKey = "HKEY_CURRENT_USER\Internal"
$NaiTrackVal = "NAIcount"
;---------------------------------------------------------------------------------------------
; Read Software version file to determine acceptable paramaters
; This file is not not to be read at every logon. Need methodology to check once a week.
;---------------------------------------------------------------------------------------------
; Hard coded values for now
$ProductVersion = "4.5.1"
;$Updateini = $Lpath + "\corp\update.ini"
;$EngineVersion = ReadProfileString($Updateini, "SuperDat-IA32", "EngineVersion")
;if @ERROR <> 0
; WriteLog("NAI: Error reading EngineVersion from $Updateini")
;endif
;$DatVersion = ReadProfileString($Lpath +"\corp\update.ini", "SuperDat-IA32", "DATVersion")
;if @ERROR <> 0
; WriteLog("NAI: Error reading EngineVersion from $Updateini")
;endif
;Lookup Product Version
$NAIerror = 0
$NAIkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\VirusScan"
$NAIver = ReadValue($NAIkey,"szCurrentVersionNumber")
if @ERROR=0
WriteLog("NAI: Found NAI product version ($NAIver) in $NAIkey, szCurrentVersionNumber")
$ProductVersion = "4.5.1"
$ProductName = "VirusScan"
else
WriteLog("NAI: Error $rc: reading NAI product version $NAIkey, szCurrentVersionNumber")
$NAIkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Netshield NT\CurrentVersion"
$NAIver = ReadValue($NAIkey,"szProductVer")
if @ERROR=0
WriteLog("NAI: Found NAI product version ($NAIver) in $NAIkey, szProductVer")
$ProductVersion = "4.5.0"
$ProductName = "NetShield"
else
WriteLog("NAI: Error $rc: reading NAI product version $NAIkey, szProductVer")
$NAIerror = 1
$NAIver = "Not Found"
$ProductName = "Not Found"
endif
endif
;Product Version Check
if $NAIerror = 0
; successfully read version key
if Left($NAIver,5) <> $ProductVersion
; found noncompliant version
WriteLog("NAI: Non-compliant version of $ProductName installed. Current = $NAIver, Expected = $ProductVersion")
$NAIerror = 1
else
WriteLog("NAI: $ProductName version is OK, Current = $NAIver, Expected = $ProductVersion")
;Add Engine and DAT check here.
endif
endif
; NAI registry tracking
if $NAIerror > 0
; Track number of logons without compliant AV software
; Write FlagFile at 5 occurances
if KeyExist($NaiTrackKey) = 0
; key not found
$rc = AddKey($NaiTrackKey)
if $rc = 0
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "1", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value $NaiTrackKey\$NaiTrackVal")
endif
else
WriteLog("NAI: Error $rc: Creating $NaiTrackKey")
endif
else
; key exists
$NaiTrackCnt = ReadValue($NaiTrackKey,$NaiTrackVal)
if @ERROR > 0
WriteLog("NAI: Error @ERROR: Reading $NaiTrackKey\$NaiTrackVal")
endif
$NaiTrackCnt = val($NaiTrackCnt) + 1
if $NaiTrackCnt = 5
if IsNonServer()
$System = "Client"
else
$System = "Server"
endif
if exist ($outfile)
DEL "$outfile"
endif
$str = "[Local]" + @CRLF +
"LogonDomain=" + $Ldomain + @CRLF +
"User=" + $UserID + @CRLF +
"IP=" + $IP0 + @CRLF +
"Product=" + $ProductName + @CRLF +
"Version=" + $NAIver + @CRLF +
"Domain=" + $Domain + @CRLF +
"System=" + $System
WriteLog2($outfile, $str)
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "$NaiTrackCnt", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value ($NaiTrackCnt) to $NaiTrackKey\$NaiTrackVal")
endif
else
if $NaiTrackCnt = 20
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "1", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value (1) to $NaiTrackKey\$NaiTrackVal")
endif
else
$rc = WriteValue ($NaiTrackKey, $NaiTrackVal, "$NaiTrackCnt", "REG_SZ")
if $rc > 0
WriteLog("NAI: Error $rc: Write value $NaiTrackKey\$NaiTrackVal")
endif
endif
endif
endif
else
;clean up NAI registry tracking if compliant AV software is found.
if KeyExist($NaiTrackKey) = 1
$rc = DelKey($NaiTrackKey)
if $rc > 0
WriteLog("NAI: Error $rc: deleting $NaiTrackKey")
endif
if exist ($outfile)
DEL "$outfile"
WriteLog("NAI: Deleted $outfile")
endif
endif
; Copy EXTRA.DAT if it exists
$NAIpath=ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx","szInstallDir")
if @ERROR=0
if exist ("$Lpath\corp\extra.dat")
COPY "$Lpath\corp\extra.dat" "$NAIpath"
if @ERROR = 0
WriteLog("NAI: Copy new EXTRA.DAT to $NAIpath\extra.dat")
else
WriteLog("NAI: Error @ERROR, @SERROR: Failed to Copy EXTRA.DAT to $NAIpath\extra.dat")
endif
else
if exist ("$NAIpath\extra.dat")
DEL "$NAIpath\extra.dat"
;WriteLog("NAI: Delete $NAIpath\extra.dat")
endif
endif
else
WriteLog("NAI: Error @ERROR: Reading NAI install path")
endif
endif
else
WriteLog("NAI: Subroutine exitinf because this is a Terminal server")
endif
Return
[ 01 May 2002, 17:19: Message edited by: Howard Bullock ]
|
