NAVCE definition updates show up in the application eventlog on both workstations and servers, which the eventlog com check can query. Or you could test for an update of C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat. This dat file consists of three lines, in the form:
[DefDates] CurDefs=20040804.034 LastDefs=20040803.008 If one wanted to code a bit, one could cobble together a scheduled task that extracts the second line to a new file, then runs the FileFirstLine com check against it. -----Original Message----- From: David Webster [mailto:[EMAIL PROTECTED] On Behalf Of David Webster Sent: Tuesday, February 15, 2005 5:13 PM To: [email protected] Subject: RE: [SA-list] Major product checks missing? Yes I meant servers, not clients. Although, I might check a client or two per LAN as a way to confirm that the clients are getting their updates from the parent server. As for the action/alert, I had not really thought that far. For now, all I am after is a way to check the version and date of the antivirus definitions and display that info to my existing SA generated web page(s). Perhaps the check would compare the retrieved date of the definitions to an age the user configured. e.g. If AV def dates retrieved by SA older than 7 days then action/alert. From: [EMAIL PROTECTED] on behalf of Dirk Bulinckx Sent: Tue 2/15/2005 11:12 AM To: [email protected] Subject: RE: [SA-list] Major product checks missing? "How about the ability to query the state of anti virus products (Symantec)? I'd like to be able to check that AV software running on server X is running definitions version Y dated Z. Yes, I know that there is some combination of add-on products and scripts that would do this for me, but that's not why I use SA. If I could or wanted to code, I wouldn't need SA." => this would mean that IF there is an updated AV definition and your servers (I suppose you want to check AV server and not all the clients!) do have the update that SA could start giving all downs...just because you didn't update the AV version on SA yet. Wouldn't that give more trouble then good? Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Webster Sent: Tuesday, February 15, 2005 12:06 AM To: [email protected] Subject: RE: [SA-list] Major product checks missing? To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
