#133131 - 2005-01-30 04:32 AM
AntiVirus Dection Code - Request for feedback
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
Based on information from this posting I'd like to request some help in the following areas.
Request for AntiVirus info
http://www.kixtart.org/ubbthreads/showflat.php?Cat=&Board=UBB14&Number=131847
Currently this script supports Symantec, McAfee, and Trend Corporate Editions of AntiVirus
- Test the script on your local system as well as a remote system and provide feedback if it worked or not.
- Improvements to the code NOT in terms of Golfing but in terms of solid better coding method.
- The final resulting code will be used in the SIM KiXform project, this is just a framework to ensure best code and/or features are being used.
Code:
Break On
Dim $SO
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('WrapAtEOL','On')
If Not $sComputer $sComputer=@WKSTA EndIf
$AVDetails = AVClicked()
Function AVClicked()
$AVProduct = GetAVProduct($sComputer)
If @ERROR ? 'The GetAVProduct UDF did not detect any supported AntiVirus' + @CRLF +
'There does not appear to be any supported Antivirus prodcut installed on ' + $sComputer
Exit 1
Else
? ':: GetAVProduct UDF ::'
? 'AV Product name: ' + $AVProduct ?
EndIf
$AVService = GetAVService($AVProduct, $sComputer)
If @ERROR ? 'The GetAVService UDF detected a service error for ' + $AVProduct + @CRLF +
'on ' + $sComputer
Exit 1
Else
? ':: GetAVService UDF ::'
? 'Start Mode: ' + $AVService[0]
? 'State: ' + $AVService[1]
? 'Account: ' + $AVService[2]
? 'Path: ' + $AVService[3] ?
EndIf
$AVVersion = GetAVVersion($AVProduct, $sComputer)
If @ERROR
? ':: GetAVVersion UDF ::'
? 'ERROR: No additional details for ' + $AVProduct + ' detected'
Exit 1
Else
Select
Case InStr($AVProduct,'AntiVirus')
? ':: GetAVVersion UDF ::'
? 'Engine: ' + $AVVersion[0]
? 'Date: ' + $AVVersion[1]
? 'Age: ' + $AVVersion[2]
? 'Parent: ' + $AVVersion[3]
? 'Client Type: ' + $AVVersion[4]
? 'Install Path: ' + $AVVersion[5]
Case InStr($AVProduct,'Shield')
? ':: GetAVVersion UDF ::'
? $AVVersion[0]
? $AVVersion[1]
? $AVVersion[2]
? $AVVersion[3]
Case InStr($AVProduct,'ntrtscan')
? ':: GetAVVersion UDF ::'
? $AVVersion[0]
? $AVVersion[1]
? $AVVersion[2]
? $AVVersion[3]
? $AVVersion[4]
? $AVVersion[5]
? $AVVersion[6]
EndSelect
EndIf
Endfunction
Function GetAVProduct($sComputer)
Dim $AVServices,$objWMI,$Index
$Index = 0
$AVServices = 'Norton AntiVirus Server','Symantec AntiVirus','McShield','ntrtscan'
$objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"+$sComputer+"\root\cimv2")
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
Do
$objSrvc = $objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "' + $AVServices[$Index] +'"')
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
For Each $svc In $objSrvc
If InStr($svc.Name,$AVServices[$Index])
$AVName = $svc.Name
EndIf
Next
$Index = $Index + 1
Until $AVName Or $Index = UBound($AVServices)+1
If Not $AVName Exit 1 EndIf
$GetAVProduct=$AVName
EndFunction
Function GetAVService($AVProduct, $sComputer)
Dim $objWMI,$objSrvc,$AVState,$AVStartMode,$AVAccount,$AVPath
$objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"+$sComputer+"\root\cimv2")
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
$objSrvc = $objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "' + $AVName +'"')
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
For Each $svc in $objSrvc
$AVStartMode = $svc.StartMode
$AVState = $svc.State
$AVAccount = $svc.StartName
$AVPath = $svc.PathName
Next
$GetAVService=$AVStartMode,$AVState,$AVAccount,$AVPath
EndFunction
Function GetAVVersion($AVProduct, $sComputer)
Dim $AVVersion
Select
Case InStr($AVProduct,'AntiVirus')
$AVVersion = GetSymantecAV($sComputer)
Case InStr($AVProduct,'shield')
$AVVersion = GetMcAfeeAV($sComputer)
Case InStr($AVProduct,'ntrtscan')
$AVVersion = GetTrendAV($sComputer)
Case 1
Exit 1
EndSelect
$GetAVVersion=$AVVersion
EndFunction
Function GetSymantecAV($sComputer)
Dim $ReadClientType,$DatNum,$AVAge,$AVInstallPath,$AVEngine,$AVParent,$ClientType
$ReadClientType = ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion', 'ClientType')
If @ERROR Exit @ERROR EndIf
$DatNum = Left(Right(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\Symantec\SharedDefs','NAVCORP_70'),12),8)
$Datnum = Left($Datnum,4) + '/' + SubStr($Datnum,5,2) + '/' + Right($Datnum,2) ;convert to format for DateCalc UDF
$AVAge = DateCalc(@DATE, $DatNum)
$AVInstallPath = '\\'+$sComputer+'\'+Join(Split(ReadValue('\\'+$sComputer+'\'+'HKLM\software\INTEL\LANDesk\VirusProtect6\CurrentVersion\', 'Home Directory'),':'),Chr(36))
$AVEngine = GetFileVersion($AVInstallPath +'\vpc32.exe','ProductVersion')
$AVParent = ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion','Parent')
Select
Case $ReadClientType = 1 $ClientType = 'Connected Client'
Case $ReadClientType = 2 $ClientType = 'Stand-alone Client'
Case $ReadClientType = 4 $ClientType = 'Server'
If $NavParent = ""
$ClientType = 'Primary Server'
EndIf
Case $ReadClientType = "" $ClientType = 'Unknown'
EndSelect
$GetSymantecAV=$AVEngine,$DatNum,$AVAge,$AVParent,$ClientType,$AVInstallPath
EndFunction
Function GetMcAfeeAV($sComputer)
Dim $AVMcafee,$Tvd,$PName,$DatNum,$AVEngine,$Product
$AVMcafee = '\\'+$sComputer+'\' + 'HKLM\SOFTWARE\McAfee\VirusScan'
$Tvd = '\\'+$sComputer+'\' + 'HKLM\SOFTWARE\Network Associates\TVD'
Select
Case KeyExist($Tvd+'\VirusScan Enterprise\CurrentVersion')
; VS70 - Works with 7.0 and 7.1
$PName = 'VirusScan Enterprise'
$DatNum = 'DAT File Version: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szVirDefVer')
$AVEngine = 'Engine Version: ' + ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szEngineVer')
$Product = 'Product Version: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szProductVer')
Case KeyExist($Tvd+'\VirusScan')
; VS451
$PName = 'VirusScan 4.51'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szDatVersion'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szEngineVer')
$Product = 'Product Version:=' + ReadValue($Tvd+'\VirusScan','szCurrentVersionNumber')
Case KeyExist($Tvd+'\Netshield NT\CurrentVersion')
; NS45
$PName = 'NetShield NT 4.5'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($Tvd+'\Netshield NT\CurrentVersion','szVirDefVer'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($Tvd+'\Netshield NT\CurrentVersion','szEngineVer')
$Product = 'Product Version:=' + ReadValue($Tvd+'\Netshield NT\CurrentVersion','szProductVer')
Case KeyExist($sComputer+'HKLM\SOFTWARE\Network Associates\NetShield NT')
; NS403a
$PName = 'NetShield NT 4.03a'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($AVMcafee,'szVirDefVer'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($AVMcafee,'szEngineVer')
$Product = 'Product Version:=' + ReadValue($AVMcafee,'szProductVer')
EndSelect
$GetMcAfeeAV = $PName,$DatNum,$AVEngine,$Product
EndFunction
Function GetTrendAV($sComputer)
Dim $AVEngine,$VSApiNT,$TmFilter,$DatNum,$Pattern,$AVInstallPath,$AVAge
$AVInstallPath = '\\'+$sComputer+'\'+Join(Split(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion','Application Path'),':'),Chr(36))
$AVEngine = 'Engine: ' + GetFileVersion($AVInstallPath +'\NTRtScan.exe','FileVersion')
$VSApiNT = 'VSApiNT: ' + GetFileVersion($AVInstallPath +'\vsapint.sys','FileVersion')
$TmFilter = 'TmFilter: ' + GetFileVersion($AVInstallPath +'\tmfilter.sys','FileVersion')
$Pattern = 'Pattern: ' + ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','InternalPatternVer')
$DatNum = 'Pattern Date: ' + ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','PatternDate')
$AVAge = 'Age: ' + FormatDate(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','PatternDate'))[1]
$GetTrendAV=$AVEngine,$VSApiNT,$TmFilter,$DatNum,$Pattern,$AVAge,$AVInstallPath
EndFunction
Function DateCalc($date1, $DateOrMod)
Dim $_intDate1, $_intYear1, $_intMonth1, $_intDay1
Dim $_intDate2, $_intYear2, $_intMonth2, $_intDay2
If InStr ($date1,'/') <> 5
Or InStrRev ($date1,'/') <> 8
Or Len ($date1) <> 10
Exit (1)
EndIf
$_intYear1 = Val(SubStr($date1,1,4))
$_intMonth1 = Val(SubStr($date1,InStr($date1,'/')+1,2))
$_intDay1 = Val(SubStr($date1,InStrRev($date1,'/')+1,2))
If $_intMonth1 < 3
$_intMonth1 = $_intMonth1 + 12
$_intYear1 = $_intYear1 - 1
EndIf
$_intDate1 = $_intDay1 + ( 153 * $_intMonth1 - 457 ) / 5 + 365 * $_intYear1 +
$_intYear1 / 4 - $_intYear1 / 100 + $_intYear1 / 400 - 306
Select
Case VarType($DateOrMod) = 3
$_intDate2 = $_intDate1 + $DateOrMod
If InStr($_intDate2,'-') $_intDate2 = Val(SubStr($_intDate2,2,Len($_intDate2)-1)) EndIf
$_intYear2 = ( 100 * ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
) + (100*($_intDate2+306)-25)
) / 36525
$_intMonth2 = ( 5 * ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
+ ($_intDate2+306) - 365 * $_intYear2 - $_intYear2 / 4
) + 456
) / 153
$_intDay2 = ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
+ ($_intDate2+306) - 365 * $_intYear2 - $_intYear2 / 4
) - ( 153 * $_intMonth2 - 457
) / 5
If $_intMonth2 > 12 $_intYear2 = $_intYear2 + 1 $_intMonth2 = $_intMonth2 - 12 EndIf
If Len($_intYear2 ) < 4
$_ = Execute("for $i=1 to 4-Len($$_intYear2) $$_intYear2 = '0' + $$_intYear2 next")
EndIf
If Len($_intMonth2) < 2 $_intMonth2 = "0$_intMonth2" EndIf
If Len($_intDay2 ) < 2 $_intDay2 = "0$_intDay2" EndIf
$DateCalc = '$_intYear2/$_intMonth2/$_intDay2'
Case VarType($DateOrMod) = 8
If InStr ($DateOrMod,'/') <> 5
Or InStrRev ($DateOrMod,'/') <> 8
Or Len ($DateOrMod) <> 10
Exit (1)
EndIf
$_intYear2 = Val(SubStr($DateOrMod,1,4))
$_intMonth2 = Val(SubStr($DateOrMod,InStr($DateOrMod,'/')+1,2))
$_intDay2 = Val(SubStr($DateOrMod,InStrRev($DateOrMod,'/')+1,2))
If $_intMonth2 < 3
$_intMonth2 = $_intMonth2 + 12
$_intYear2 = $_intYear2 - 1
EndIf
$_intDate2 = $_intDay2 + ( 153 * $_intMonth2 - 457 ) / 5 + 365 * $_intYear2 +
$_intYear2 / 4 - $_intYear2 / 100 + $_intYear2 / 400 - 306
$DateCalc = $_intDate1 - $_intDate2
;comment the next line If you wish to return negative results also !!!
If InStr($DateCalc,'-') $DateCalc = Val(SubStr($DateCalc,2,Len($DateCalc)-1)) EndIf
Case 1
Exit (1)
EndSelect
EndFunction
Function FormatDate($Entry)
Dim $Year, $Month, $Day,$Date
If Not $Entry Exit 1 EndIf
$Year = SubStr($Entry,1,4)
$Month = SubStr($Entry,5,2)
$Day = SubStr($Entry,7,2)
$Date = $Year+'/'+$Month+'/'+$Day
$FormatDate=$Date,DateCalc(@DATE,$Date)
EndFunction
|
|
Top
|
|
|
|
|
#133132 - 2005-01-30 04:39 AM
Re: AntiVirus Dection Code - Request for feedback
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
Sample Output
Trend Office Scan 6.5
Code:
:: GetAVProduct UDF ::
AV Product name: ntrtscan
:: GetAVService UDF ::
Start Mode: Auto
State: Running
Account: LocalSystem
Path: C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
:: GetAVVersion UDF ::
Engine: 6.5.0.1030
VSApiNT: 7.100-1003
TmFilter: 7.100.0.1003
Pattern Date: 20040625
Pattern: 191900
Age: 218
\\TEST01\C$\Program Files\Trend Micro\OfficeScan Client\
Symantec AntiVirus Corporate Edition
Code:
:: GetAVProduct UDF ::
AV Product name: Norton AntiVirus Server
:: GetAVService UDF ::
Start Mode: Auto
State: Running
Account: LocalSystem
Path: C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
:: GetAVVersion UDF ::
Engine: 8.1.1.314
Date: 2005/01/27
Age: 2
Parent:
Client Type: Stand-alone Client
Install Path: \\TEST02\C$\Program Files\Symantec_Client_Security\Symantec AntiVirus
|
|
Top
|
|
|
|
|
#133133 - 2005-01-31 07:25 PM
Re: AntiVirus Dection Code - Request for feedback
|
NTDOC
Administrator
Registered: 2000-07-28
Posts: 11628
Loc: CA
|
McAfee VirusScan Enterprise 8i
Code:
:: GetAVProduct UDF ::
AV Product name: McShield
:: GetAVService UDF ::
Start Mode: Auto
State: Running
Account: LocalSystem
Path: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe"
:: GetAVVersion UDF ::
VirusScan Enterprise
DAT File Version: 4.0.4423
Engine Version: 4.4.00
Product Version: 8.0.0.912
|
|
Top
|
|
|
|
|
#133136 - 2005-02-16 07:23 PM
Re: AntiVirus Dection Code - Request for feedback
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
I am making some tweaks.. I will let you know in a bit. 
Thanks.
Kent
|
|
Top
|
|
|
|
|
#133137 - 2005-02-16 07:39 PM
Re: AntiVirus Dection Code - Request for feedback
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Doc,
Here are a couple of changes.. For McAfee, you may want to include the Dat Date and whether or not the client has ePO installed. Anyway, here are the code changes:
Code:
Break On
Dim $SO
$SO=SetOption('NoVarsInStrings','On')
$SO=SetOption('WrapAtEOL','On')
If Not $sComputer $sComputer=@WKSTA EndIf
$AVDetails = AVClicked()
get $
Function AVClicked()
$AVProduct = GetAVProduct($sComputer)
If @ERROR ? 'The GetAVProduct UDF did not detect any supported AntiVirus' + @CRLF +
'There does not appear to be any supported Antivirus prodcut installed on ' + $sComputer
Exit 1
Else
? ':: GetAVProduct UDF ::'
? 'AV Product name: ' + $AVProduct ?
EndIf
$AVService = GetAVService($AVProduct, $sComputer)
If @ERROR ? 'The GetAVService UDF detected a service error for ' + $AVProduct + @CRLF +
'on ' + $sComputer
Exit 1
Else
? ':: GetAVService UDF ::'
? 'Start Mode: ' + $AVService[0]
? 'State: ' + $AVService[1]
? 'Account: ' + $AVService[2]
? 'Path: ' + $AVService[3] ?
EndIf
$AVVersion = GetAVVersion($AVProduct, $sComputer)
If @ERROR
? ':: GetAVVersion UDF ::'
? 'ERROR: No additional details for ' + $AVProduct + ' detected'
Exit 1
Else
Select
Case InStr($AVProduct,'AntiVirus')
? ':: GetAVVersion UDF ::'
? 'Engine: ' + $AVVersion[0]
? 'Date: ' + $AVVersion[1]
? 'Age: ' + $AVVersion[2]
? 'Parent: ' + $AVVersion[3]
? 'Client Type: ' + $AVVersion[4]
? 'Install Path: ' + $AVVersion[5]
Case InStr($AVProduct,'Shield')
? ':: GetAVVersion UDF ::'
? $AVVersion[0]
? $AVVersion[1]
? $AVVersion[2]
? $AVVersion[3]
? $AVVersion[4]
? $AVVersion[5]
If $AVVersion[6]
? ' === ePolicy Orchestrator was found ==='
? $AVVersion[6]
ENDIF
Case InStr($AVProduct,'ntrtscan')
? ':: GetAVVersion UDF ::'
? $AVVersion[0]
? $AVVersion[1]
? $AVVersion[2]
? $AVVersion[3]
? $AVVersion[4]
? $AVVersion[5]
? $AVVersion[6]
EndSelect
? 'Process is complete'
? 'Press a key...'?
EndIf
Endfunction
Function GetAVProduct($sComputer)
Dim $AVServices,$objWMI,$Index
$Index = 0
$AVServices = 'Norton AntiVirus Server','Symantec AntiVirus','McShield','ntrtscan'
$objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"+$sComputer+"\root\cimv2")
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
Do
$objSrvc = $objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "' + $AVServices[$Index] +'"')
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
For Each $svc In $objSrvc
If InStr($svc.Name,$AVServices[$Index])
$AVName = $svc.Name
EndIf
Next
$Index = $Index + 1
Until $AVName Or $Index = UBound($AVServices)+1
If Not $AVName Exit 1 EndIf
$GetAVProduct=$AVName
EndFunction
Function GetAVService($AVProduct, $sComputer)
Dim $objWMI,$objSrvc,$AVState,$AVStartMode,$AVAccount,$AVPath
$objWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\"+$sComputer+"\root\cimv2")
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
$objSrvc = $objWMI.ExecQuery('Select * from Win32_Service WHERE Name = "' + $AVName +'"')
If @ERROR<0 Exit Val("&"+Right(DecToHex(@ERROR),4)) EndIf
For Each $svc in $objSrvc
$AVStartMode = $svc.StartMode
$AVState = $svc.State
$AVAccount = $svc.StartName
$AVPath = $svc.PathName
Next
$GetAVService=$AVStartMode,$AVState,$AVAccount,$AVPath
EndFunction
Function GetAVVersion($AVProduct, $sComputer)
Dim $AVVersion
Select
Case InStr($AVProduct,'AntiVirus')
$AVVersion = GetSymantecAV($sComputer)
Case InStr($AVProduct,'shield')
$AVVersion = GetMcAfeeAV($sComputer)
Case InStr($AVProduct,'ntrtscan')
$AVVersion = GetTrendAV($sComputer)
Case 1
Exit 1
EndSelect
$GetAVVersion=$AVVersion
EndFunction
Function GetSymantecAV($sComputer)
Dim $ReadClientType,$DatNum,$AVAge,$AVInstallPath,$AVEngine,$AVParent,$ClientType
$ReadClientType = ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion', 'ClientType')
If @ERROR Exit @ERROR EndIf
$DatNum = Left(Right(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\Symantec\SharedDefs','NAVCORP_70'),12),8)
$Datnum = Left($Datnum,4) + '/' + SubStr($Datnum,5,2) + '/' + Right($Datnum,2) ;convert to format for DateCalc UDF
$AVAge = DateCalc(@DATE, $DatNum)
$AVInstallPath = '\\'+$sComputer+'\'+Join(Split(ReadValue('\\'+$sComputer+'\'+'HKLM\software\INTEL\LANDesk\VirusProtect6\CurrentVersion\', 'Home Directory'),':'),Chr(36))
$AVEngine = GetFileVersion($AVInstallPath +'\vpc32.exe','ProductVersion')
$AVParent = ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion','Parent')
Select
Case $ReadClientType = 1 $ClientType = 'Connected Client'
Case $ReadClientType = 2 $ClientType = 'Stand-alone Client'
Case $ReadClientType = 4 $ClientType = 'Server'
If $NavParent = ""
$ClientType = 'Primary Server'
EndIf
Case $ReadClientType = "" $ClientType = 'Unknown'
EndSelect
$GetSymantecAV=$AVEngine,$DatNum,$AVAge,$AVParent,$ClientType,$AVInstallPath
EndFunction
Function GetMcAfeeAV($sComputer)
Dim $AVMcafee,$Tvd,$PName,$DatNum,$DatDate,$AVEngine,$Product,$SupportURL,$epo
$AVMcafee = '\\'+$sComputer+'\' + 'HKLM\SOFTWARE\McAfee\VirusScan'
$Tvd = '\\'+$sComputer+'\' + 'HKLM\SOFTWARE\Network Associates\TVD'
Select
Case KeyExist($Tvd+'\VirusScan Enterprise\CurrentVersion')
; VS70 - Works with 7.0 and 7.1, and 8.0
$PName = 'VirusScan Enterprise'
$DatNum = 'DAT File Version: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szVirDefVer')
$DatDate = 'DAT File Date: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szVirDefDate')
$AVEngine = 'Engine Version: ' + ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szEngineVer')
$Product = 'Product Version: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szProductVer')
$SupportURL = 'Support URL: ' + ReadValue($Tvd+'\VirusScan Enterprise\CurrentVersion','szSupportURL')
IF READVALUE('HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent','Installed Path')<>''
$epo = 'EPO Path: ' + READVALUE('HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent','Installed Path')
ENDIF
Case KeyExist($Tvd+'\VirusScan')
; VS451
$PName = 'VirusScan 4.51'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szDatVersion'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($Tvd+'\Shared Components\VirusScan Engine\4.0.xx','szEngineVer')
$Product = 'Product Version:=' + ReadValue($Tvd+'\VirusScan','szCurrentVersionNumber')
Case KeyExist($Tvd+'\Netshield NT\CurrentVersion')
; NS45
$PName = 'NetShield NT 4.5'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($Tvd+'\Netshield NT\CurrentVersion','szVirDefVer'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($Tvd+'\Netshield NT\CurrentVersion','szEngineVer')
$Product = 'Product Version:=' + ReadValue($Tvd+'\Netshield NT\CurrentVersion','szProductVer')
Case KeyExist($sComputer+'HKLM\SOFTWARE\Network Associates\NetShield NT')
; NS403a
$PName = 'NetShield NT 4.03a'
$Datnum = 'DAT File Version:=' + SubStr(ReadValue($AVMcafee,'szVirDefVer'),5,4)
$AVEngine = 'Engine Version:=' + ReadValue($AVMcafee,'szEngineVer')
$Product = 'Product Version:=' + ReadValue($AVMcafee,'szProductVer')
EndSelect
$GetMcAfeeAV = $PName,$DatNum,$DatDate,$AVEngine,$Product,$SupportURL,$epo
EndFunction
Function GetTrendAV($sComputer)
Dim $AVEngine,$VSApiNT,$TmFilter,$DatNum,$Pattern,$AVInstallPath,$AVAge
$AVInstallPath = '\\'+$sComputer+'\'+Join(Split(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion','Application Path'),':'),Chr(36))
$AVEngine = 'Engine: ' + GetFileVersion($AVInstallPath +'\NTRtScan.exe','FileVersion')
$VSApiNT = 'VSApiNT: ' + GetFileVersion($AVInstallPath +'\vsapint.sys','FileVersion')
$TmFilter = 'TmFilter: ' + GetFileVersion($AVInstallPath +'\tmfilter.sys','FileVersion')
$Pattern = 'Pattern: ' + ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','InternalPatternVer')
$DatNum = 'Pattern Date: ' + ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','PatternDate')
$AVAge = 'Age: ' + FormatDate(ReadValue('\\'+$sComputer+'\'+'HKLM\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.','PatternDate'))[1]
$GetTrendAV=$AVEngine,$VSApiNT,$TmFilter,$DatNum,$Pattern,$AVAge,$AVInstallPath
EndFunction
Function DateCalc($date1, $DateOrMod)
Dim $_intDate1, $_intYear1, $_intMonth1, $_intDay1
Dim $_intDate2, $_intYear2, $_intMonth2, $_intDay2
If InStr ($date1,'/') <> 5
Or InStrRev ($date1,'/') <> 8
Or Len ($date1) <> 10
Exit (1)
EndIf
$_intYear1 = Val(SubStr($date1,1,4))
$_intMonth1 = Val(SubStr($date1,InStr($date1,'/')+1,2))
$_intDay1 = Val(SubStr($date1,InStrRev($date1,'/')+1,2))
If $_intMonth1 < 3
$_intMonth1 = $_intMonth1 + 12
$_intYear1 = $_intYear1 - 1
EndIf
$_intDate1 = $_intDay1 + ( 153 * $_intMonth1 - 457 ) / 5 + 365 * $_intYear1 +
$_intYear1 / 4 - $_intYear1 / 100 + $_intYear1 / 400 - 306
Select
Case VarType($DateOrMod) = 3
$_intDate2 = $_intDate1 + $DateOrMod
If InStr($_intDate2,'-') $_intDate2 = Val(SubStr($_intDate2,2,Len($_intDate2)-1)) EndIf
$_intYear2 = ( 100 * ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
) + (100*($_intDate2+306)-25)
) / 36525
$_intMonth2 = ( 5 * ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
+ ($_intDate2+306) - 365 * $_intYear2 - $_intYear2 / 4
) + 456
) / 153
$_intDay2 = ( ( ( 100*($_intDate2+306)-25)/3652425)
- ( ((100*($_intDate2+306)-25)/3652425)/4)
+ ($_intDate2+306) - 365 * $_intYear2 - $_intYear2 / 4
) - ( 153 * $_intMonth2 - 457
) / 5
If $_intMonth2 > 12 $_intYear2 = $_intYear2 + 1 $_intMonth2 = $_intMonth2 - 12 EndIf
If Len($_intYear2 ) < 4
$_ = Execute("for $i=1 to 4-Len($$_intYear2) $$_intYear2 = '0' + $$_intYear2 next")
EndIf
If Len($_intMonth2) < 2 $_intMonth2 = "0$_intMonth2" EndIf
If Len($_intDay2 ) < 2 $_intDay2 = "0$_intDay2" EndIf
$DateCalc = '$_intYear2/$_intMonth2/$_intDay2'
Case VarType($DateOrMod) = 8
If InStr ($DateOrMod,'/') <> 5
Or InStrRev ($DateOrMod,'/') <> 8
Or Len ($DateOrMod) <> 10
Exit (1)
EndIf
$_intYear2 = Val(SubStr($DateOrMod,1,4))
$_intMonth2 = Val(SubStr($DateOrMod,InStr($DateOrMod,'/')+1,2))
$_intDay2 = Val(SubStr($DateOrMod,InStrRev($DateOrMod,'/')+1,2))
If $_intMonth2 < 3
$_intMonth2 = $_intMonth2 + 12
$_intYear2 = $_intYear2 - 1
EndIf
$_intDate2 = $_intDay2 + ( 153 * $_intMonth2 - 457 ) / 5 + 365 * $_intYear2 +
$_intYear2 / 4 - $_intYear2 / 100 + $_intYear2 / 400 - 306
$DateCalc = $_intDate1 - $_intDate2
;comment the next line If you wish to return negative results also !!!
If InStr($DateCalc,'-') $DateCalc = Val(SubStr($DateCalc,2,Len($DateCalc)-1)) EndIf
Case 1
Exit (1)
EndSelect
EndFunction
Function FormatDate($Entry)
Dim $Year, $Month, $Day,$Date
If Not $Entry Exit 1 EndIf
$Year = SubStr($Entry,1,4)
$Month = SubStr($Entry,5,2)
$Day = SubStr($Entry,7,2)
$Date = $Year+'/'+$Month+'/'+$Day
$FormatDate=$Date,DateCalc(@DATE,$Date)
EndFunction
Thanks,
Kent
|
|
Top
|
|
|
|
|
#133139 - 2005-02-16 11:25 PM
Re: AntiVirus Dection Code - Request for feedback
|
Kdyer
KiX Supporter
Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
|
Doc,
Please note that I only did the one for 7.x,8. Also note: I added to your comment that the 7.x also works with 8. The UDF may break with previous versions as I don't use all of the vars that are passed back and forth through the array.
Thanks,
Kent
|
|
Top
|
|
|
|
|
#133141 - 2005-02-17 03:12 PM
Re: AntiVirus Dection Code - Request for feedback
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
I tested this on my McAfee 8.0i installation with the following results that were correct for my computer.
Code:
:: GetAVVersion UDF ::
VirusScan Enterprise
DAT File Version: 4.0.4429
DAT File Date: 16 February 2005
Engine Version: 4.4.00
Product Version: 8.0.0.912
Support URL: https://mysupport.nai.com/redir/default.asp?pCode=VSE&sRef=app&sDest=FAQ
=== ePolicy Orchestrator was found ===
EPO Path: C:\Program Files\Network Associates\Common Framework
Process is complete
I would suggest that for McAfee users the ePO version would be significant. The version can be obtained by the following code.
Code:
$key = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent"
$ePO = KeyExist($key)
if $ePO
$key = "HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\EPOAGENT3000"
$ePO = ReadValue($key, "Version")
if @error=0
WriteLog("ePO Version : " +$ePO)
endif
endif
|
|
Top
|
|
|
|
|
#133143 - 2005-02-17 09:05 PM
Re: AntiVirus Dection Code - Request for feedback
|
Howard Bullock
KiX Supporter
Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
|
Sorry... Just cut/pasted from my logon script.
|
|
Top
|
|
|
|
|
#175597 - 2007-04-23 09:19 PM
Re: AntiVirus Dection Code - Request for feedback
[Re: Lonkero]
|
Lonkero
KiX Master Guru
Registered: 2001-06-05
Posts: 22346
Loc: OK
|
|
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
1 registered
(Allen)
and 1198 anonymous users online.
|
|
|
