Adrian Raduti wrote: > Really a big newbe, could somebody please help with the code that I > should use for reporting systems without AV installed.
If you are new to Nessus, I don't think your first step should be modifying NASL code. I would recommend you perform your scans with the current Tenable plugins and then use the Nessus Client to filter the results. You could use a filter of ID 16193 to see which hosts had anti-virus reported, and which didn't and then use further filtering to see if they had Symantec running. Keep in mind this plugin only reports if there is an anti-virus solutions installed AND it is out of date, not that there is NO anti-virus installed. http://blog.tenablesecurity.com/2007/02/auditing_antivi.html You could also look at plugin 20811 "Software Enumeration (via SMB)", and look for Symantec products with a text filter. More ideas on using this technique are here: http://blog.tenablesecurity.com/2006/12/enterprise_soft.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
