> -----Original Message----- > From: hugh s [mailto:[EMAIL PROTECTED] > > We ran around Monday killing this welch worm and installing > an rpc patch from MS. No doubt we forgot a few. Is there > a script I could write, run on the local machine, > that would check for the patch? Machines are 2k, xp and nt.
Hugh, There's always a script that you can write to fix a problem... ;) First, identify machine type, and then check some combination of properties of some or all of the patched files: <code> #!c:\perl\bin\perl.exe use strict; use warnings; # This script checks PCs for patch MS 03-026. It works by looking # for files installed as per http://support.microsoft.com/?kbid=823980 # To make things easy, we'll just check file sizes. A potential # rewrite would check MD5 checksums, date stamps, or the registry keys # specified in the aforementioned link. my %scan; my $ok = ~0; my $ver = `ver`; if( $ver =~ /NT/ ) { # TBD } if( $ver =~ /2000/ ) { %scan = ( 'Ole32.dll' => 944912, 'Rpcrt4.dll' => 432400, 'Rpcss.dll' => 188688 ) } if( $ver =~ /XP/ ) { # TBD # May need to handle different service packs separately } foreach my $file ( keys %scan ) { my @stats = stat( $ENV{"SYSTEMROOT"}.'/system32/'.$file ); if( $stats[7] != $scan{$file} ) { print $file.' does not appear to be patched ('.$stats[7].' vs. '.$scan{$file}.')\n'; $ok = 0; } } print "It appears that patch MS 03-026 has been applied." if( $ok ); </code> Chris LEGAL NOTICE Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this E-mail by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents of this E-mail or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. _______________________________________________ Perl-Win32-Admin mailing list [EMAIL PROTECTED] To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
