Page 1 of 1 1
Topic Options
#73853 - 2003-02-28 11:11 PM Testing Norton with Eicar test string...
cmarti Offline
Hey THIS is FUN

Registered: 2001-02-26
Posts: 297
Loc: Little Rock, AR
This morning a user had a bad install of norton and it wasn't working. It just so happened that they sent out a virus... [Roll Eyes] Why didn't we think of this before???
code:
break on
:TestRealTimeAV
$AVTestJulDay = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day")
$AVTestJulDay = Val($AVTestJulDay)
$AVTestDate = ReadProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date")
If $AVTestJulDay = 0 or ($AVTestJulDay + 30) < @YDayno
CLS
$Msg1 = "The logon script will now test your antivirus software. This is a proactive step that will be done once every 30 days on your workstation."
$Msg2 = "During the testing a Norton AntiVirus Notification dialog box should appear on your screen."
$Msg3 = "@CRLF@CRLFIf you DO receive this notification please click the 'X' in the upper right hand corner to close the notification. You will NOT need to call the help desk."
$Msg4 = "@CRLF@CRLF@CRLF ** Remember, the file that it will detect is a test file, it is NOT a real virus. **"
$Msg5 = "@CRLF@CRLF@CRLFBelow is an example of the notification message you will receive:"
$Msg6 = "@CRLF@CRLFScan type: Realtime Protection Scan@CRLFEvent: Virus Found!@CRLFVirus name: EICAR Test String"
$Msg7 = "@CRLFFile: %wINDIR%\AntiVirusCheck.chk@CRLFLocation: %WINDIR%"
$Msg8 = "@CRLFComputer: @wksta@CRLFUser: @Userid@CRLFAction taken: Clean failed : Delete succeeded : Access denied"
$Msg9 = "@CRLFDate found: @DATE @TIME"
? "Testing Antivirus Software. Please wait..."
$Msg = MessageBox("$Msg1 $Msg2 $Msg3 $Msg4 $Msg5 $Msg6 $Msg7 $Msg8 $Msg9","Company Logon Script AntiVirus Test",48)
$WriteAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Julian Day","@YDayNo")
$WriteAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","RealTime Last Tested Date","@Date")
$WritePrevAVTestJulDay = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Julian Day","$AVTestJulDay")
$WritePrevAVTestDate = WriteProfileString("%windir%\CorpLS.ini","AntiVirus","Previous RealTime Last Tested Date","$AVTestDate")
$WriteAntiVirusChk = Redirectoutput("%windir%\AntiVirusCheck.chk",1)
"X5O!P%@@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
$WriteAntiVirusChk = Redirectoutput("")
Sleep 5
If Exist("%windir%\AntiVirusCheck.chk") = 0
$Msg = MessageBox("Your antivirus software is working properly. If the Norton AntiVirus Notification dialog box is open please click the 'X' in the upper right hand corner to close the notification.","Company Logon Script Antivirus Test",64)
Else
beep
beep
beep
sleep 1
$Msg = MessageBox("The antivirus software on your workstation did not detect the test antivirus file! Please open a ticket with x23000.@CRLFFailure to do so WILL cause your workstation to be open to viruses.@CRLF@CRLFThis information has been logged.","Company Logon Script Antivirus Test",48)
$Log = Redirectoutput("\\logserver\database\lan\logs\norton\AVRealTimeFail.log")
? "@DATE @TIME @WKSTA @USERID failed the realtime scan test."
$Log = Redirectoutput("")
Endif
EndIf

Your thoughts?? L8tr...

Top
#73854 - 2003-02-28 11:14 PM Re: Testing Norton with Eicar test string...
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11163
Loc: Boston, MA, USA
That'll generate a lot of AV notification messages. Wouldn't it be better to check the Norton (SAV?) install log whether the install completed successfully?
_________________________
There are two types of vessels, submarines and targets.

Top
#73855 - 2003-02-28 11:28 PM Re: Testing Norton with Eicar test string...
cmarti Offline
Hey THIS is FUN

Registered: 2001-02-26
Posts: 297
Loc: Little Rock, AR
It'll only run once every 30 days...and Norton has a tendency to just break every now and then despite what the install log reads... [Big Grin]
Top
#73856 - 2003-03-05 09:16 PM Re: Testing Norton with Eicar test string...
cmarti Offline
Hey THIS is FUN

Registered: 2001-02-26
Posts: 297
Loc: Little Rock, AR
You can also start an automatic norton scan with the following:
code:
BREAK ON
If KEYEXIST("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl") = 0
$STARTManualScanNow = ADDKEY("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl")
ENDIF
$STARTManualScanNowValue = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\ProductControl","StartManualScanNow","1","REG_DWORD")
IF KEYEXIST("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan") = 0
$ShowScanProgress = ADDKEY("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan")
ENDIF
$DisplayStatusDialog = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan","DisplayStatusDialog","1","REG_DWORD")
$StatusDialogTitleValue = WRITEVALUE("HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\LocalScans\ManualScan","StatusDialogTitle","Automatic Virus Scan - DO NOT STOP!","REG_SZ")

[Big Grin]

Top
Page 1 of 1 1


Moderator:  Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 326 anonymous users online.
Newest Members
Praveer, Ollero, rayyo, Foxlicht, DonChild
17742 Registered Users

Generated in 0.068 seconds in which 0.03 seconds were spent on a total of 12 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org