cmarti
(Hey THIS is FUN)
2003-02-28 11:11 PM
Testing Norton with Eicar test string...

This morning a user had a bad install of norton and it wasn't working. It just so happened that they sent out a virus... [Roll Eyes] Why didn't we think of this before???
code:
break on
:TestRealTimeAV
$AVTestJulDay = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day")
$AVTestJulDay = Val($AVTestJulDay)
$AVTestDate = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date")
If $AVTestJulDay = 0 or ($AVTestJulDay + 30) < @YDayno
CLS
$Msg1 = "The logon script will now test your antivirus software. This is a proactive step that will be done once every 30 days on your workstation."
$Msg2 = "During the testing a Norton AntiVirus Notification dialog box should appear on your screen."
$Msg3 = "@CRLF@CRLFIf you DO receive this notification please click the 'X' in the upper right hand corner to close the notification. You will NOT need to call the help desk."
$Msg4 = "@CRLF@CRLF@CRLF ** Remember, the file that it will detect is a test file, it is NOT a real virus. **"
$Msg5 = "@CRLF@CRLF@CRLFBelow is an example of the notification message you will receive:"
$Msg6 = "@CRLF@CRLFScan type: Realtime Protection Scan@CRLFEvent: Virus Found!@CRLFVirus name: EICAR Test String"
$Msg7 = "@CRLFFile: %wINDIR%\AntiVirusCheck.chk@CRLFLocation: %WINDIR%"
$Msg8 = "@CRLFComputer: @wksta@CRLFUser: @Userid@CRLFAction taken: Clean failed : Delete succeeded : Access denied"
$Msg9 = "@CRLFDate found: @DATE @TIME"
? "Testing Antivirus Software. Please wait..."
$Msg = MessageBox("$Msg1 $Msg2 $Msg3 $Msg4 $Msg5 $Msg6 $Msg7 $Msg8 $Msg9","Company Logon Script AntiVirus Test",48)
$WriteAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day","@YDayNo")
$WriteAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date","@Date")
$WritePrevAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Julian Day","$AVTestJulDay")
$WritePrevAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Date","$AVTestDate")
$WriteAntiVirusChk = Redirectoutput("%windir%\AntiVirusCheck.chk",1)
"X5O!P%@@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
$WriteAntiVirusChk = Redirectoutput("")
Sleep 5
If Exist("%windir%\AntiVirusCheck.chk") = 0
$Msg = MessageBox("Your antivirus software is working properly. If the Norton AntiVirus Notification dialog box is open please click the 'X' in the upper right hand corner to close the notification.","Company Logon Script Antivirus Test",64)
Else
beep
beep
beep
sleep 1
$Msg = MessageBox("The antivirus software on your workstation did not detect the test antivirus file! Please open a ticket with x23000.@CRLFFailure to do so WILL cause your workstation to be open to viruses.@CRLF@CRLFThis information has been logged.","Company Logon Script Antivirus Test",48)
$Log = Redirectoutput("\\logserver\database\lan\logs\norton\AVRealTimeFail.log")
? "@DATE @TIME @WKSTA @USERID failed the realtime scan test."
$Log = Redirectoutput("")
Endif
EndIf

Your thoughts?? L8tr...


Sealeopard
(KiX Master)
2003-02-28 11:14 PM
Re: Testing Norton with Eicar test string...

That'll generate a lot of AV notification messages. Wouldn't it be better to check the Norton (SAV?) install log whether the install completed successfully?

cmarti
(Hey THIS is FUN)
2003-02-28 11:28 PM
Re: Testing Norton with Eicar test string...

It'll only run once every 30 days...and Norton has a tendency to just break every now and then despite what the install log reads... [Big Grin]

cmarti
(Hey THIS is FUN)
2003-03-05 09:16 PM
Re: Testing Norton with Eicar test string...

You can also start an automatic norton scan with the following:
code:
BREAK ON
If KEYEXIST("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl") = 0
$STARTManualScanNow = ADDKEY("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl")
ENDIF
$STARTManualScanNowValue = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl","StartManualScanNow","1","REG_DWORD")
IF KEYEXIST("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan") = 0
$ShowScanProgress = ADDKEY("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan")
ENDIF
$DisplayStatusDialog = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan","DisplayStatusDialog","1","REG_DWORD")
$StatusDialogTitleValue = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan","StatusDialogTitle","Automatic Virus Scan - DO NOT STOP!","REG_SZ")

[Big Grin]