This can be done via "checkfiletime", run as an external check, but that software don't support path with spaces in for filename to check. I use it for other file checks but Symantec's file is stored in "C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat. and therefore it fails. No, it doesn't work even if you put the path inside ". Does anyone know who wrote "CheckFileTime.exe"?
FYI: Symantec updates there definitions at least EVERY day, (use the "Intelligent update" to get it. Best regards Per >>> [EMAIL PROTECTED] 2005-02-16 07:07 >>> Personaly I have the feeling that this is not something SA should do. But hey I can be wrong :-) Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Webster Sent: Wednesday, February 16, 2005 12:49 AM To: [email protected] Subject: RE: [SA-list] Major product checks missing? Wow that's a thorough check. Dirk, please make SA do this. :-) BTW-This is the misstatement of the day: "I'm not a programmer". No sir, _I_ am not a programmer. If SA can't check it for me, it does not get checked. You went out and wrote a check. Kludge of not, you built something with your own hands. Take some credit. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerry Aquino Sent: Tuesday, February 15, 2005 6:20 PM To: [email protected] Subject: Re: [SA-list] Major product checks missing? I actualy do something like this. When I did this "as a human", I would check symantec's web page for the latest defintion file like- LiveUpdate Version : 2/9/2005 rev. 32. and then compare it to what was on my PC -CurDefs=20050209.032 from C:\Program Files\Common Files\Symantec Shared\VirusDefs. So I have my webserver do the first part, download the page and extract the Liveupdate version. The C:\Program Files\Common Files\Symantec Shared\VirusDefs is ftpd from my own workstation to the webserver, where thru the magic of PHP, the versions are compared. Then, depending on whether or not they are equal, an image is displayed on the web page. SA checks for that image ( or really the ALT tag) and responds accordingly. I have these files down/uploaded and check hourly. The result is that it takes two cycles to get notified but it's worked out OK for me. Probably more complicated that it need be, but I'm not a programmer and managed to do it. --------------------------- Gerald W Aquino Sessler Ford 847-362-4455 x 255 n Tue, 15 Feb 2005 17:26:51 -0500 "Bell, Robert" <[EMAIL PROTECTED]> wrote: > NAVCE definition updates show up in the application eventlog on both > workstations and servers, which the eventlog com check can query. Or you > could test for an update of C:\Program Files\Common Files\Symantec > Shared\VirusDefs\definfo.dat. This dat file consists of three lines, in > the form: > > [DefDates] > CurDefs=20040804.034 > LastDefs=20040803.008 > > If one wanted to code a bit, one could cobble together a scheduled task > that extracts the second line to a new file, then runs the FileFirstLine > com check against it. > > > -----Original Message----- >From: David Webster [mailto:[EMAIL PROTECTED] On Behalf Of > David Webster > Sent: Tuesday, February 15, 2005 5:13 PM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > Yes I meant servers, not clients. Although, I might check a client or > two per LAN as a way to confirm that the clients are getting their > updates from the parent server. As for the action/alert, I had not > really thought that far. For now, all I am after is a way to check the > version and date of the antivirus definitions and display that info to > my existing SA generated web page(s). Perhaps the check would compare > the retrieved date of the definitions to an age the user configured. > e.g. If AV def dates retrieved by SA older than 7 days then > action/alert. > > > >From: [EMAIL PROTECTED] on behalf of Dirk Bulinckx > Sent: Tue 2/15/2005 11:12 AM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > "How about the ability to query the state of anti virus products > (Symantec)? I'd like to be able to check that AV software running on > server X is running definitions version Y dated Z. Yes, I know that > there is some combination of add-on products and scripts that would do > this for me, but that's not why I use SA. If I could or wanted to code, > I wouldn't need SA." > > => this would mean that IF there is an updated AV definition and your > servers (I suppose you want to check AV server and not all the clients!) > do > have the update that SA could start giving all downs...just because you > didn't update the AV version on SA yet. Wouldn't that give more trouble > then good? > > > Dirk. > > -----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf > Of David Webster > Sent: Tuesday, February 15, 2005 12:06 AM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > > > > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
|
This can be done via "checkfiletime", run as an external check, but that software don't support path with spaces in for filename to check. I use it for other file checks but Symantec's file is stored in
"C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat. and therefore it fails.
No, it doesn't work even if you put the path inside ".
Does anyone know who wrote "CheckFileTime.exe"?
FYI: Symantec updates there definitions at least EVERY day, (use the "Intelligent update" to get it. Best regards
Per
>>> [EMAIL PROTECTED] 2005-02-16 07:07 >>>
Personaly I have the feeling that this is not something SA should do.
But hey I can be wrong :-) Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Webster Sent: Wednesday, February 16, 2005 12:49 AM To: [email protected] Subject: RE: [SA-list] Major product checks missing? Wow that's a thorough check. Dirk, please make SA do this. :-) BTW-This is the misstatement of the day: "I'm not a programmer". No sir, _I_ am not a programmer. If SA can't check it for me, it does not get checked. You went out and wrote a check. Kludge of not, you built something with your own hands. Take some credit. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerry Aquino Sent: Tuesday, February 15, 2005 6:20 PM To: [email protected] Subject: Re: [SA-list] Major product checks missing? I actualy do something like this. When I did this "as a human", I would check symantec's web page for the latest defintion file like- LiveUpdate Version : 2/9/2005 rev. 32. and then compare it to what was on my PC -CurDefs=20050209.032 from C:\Program Files\Common Files\Symantec Shared\VirusDefs. So I have my webserver do the first part, download the page and extract the Liveupdate version. The C:\Program Files\Common Files\Symantec Shared\VirusDefs is ftpd from my own workstation to the webserver, where thru the magic of PHP, the versions are compared. Then, depending on whether or not they are equal, an image is displayed on the web page. SA checks for that image ( or really the ALT tag) and responds accordingly. I have these files down/uploaded and check hourly. The result is that it takes two cycles to get notified but it's worked out OK for me. Probably more complicated that it need be, but I'm not a programmer and managed to do it. --------------------------- Gerald W Aquino Sessler Ford 847-362-4455 x 255 n Tue, 15 Feb 2005 17:26:51 -0500 "Bell, Robert" <[EMAIL PROTECTED]> wrote: > NAVCE definition updates show up in the application eventlog on both > workstations and servers, which the eventlog com check can query. Or you > could test for an update of C:\Program Files\Common Files\Symantec > Shared\VirusDefs\definfo.dat. This dat file consists of three lines, in > the form: > > [DefDates] > CurDefs=20040804.034 > LastDefs=20040803.008 > > If one wanted to code a bit, one could cobble together a scheduled task > that extracts the second line to a new file, then runs the FileFirstLine > com check against it. > > > -----Original Message----- >From: David Webster [mailto:[EMAIL PROTECTED] On Behalf Of > David Webster > Sent: Tuesday, February 15, 2005 5:13 PM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > Yes I meant servers, not clients. Although, I might check a client or > two per LAN as a way to confirm that the clients are getting their > updates from the parent server. As for the action/alert, I had not > really thought that far. For now, all I am after is a way to check the > version and date of the antivirus definitions and display that info to > my existing SA generated web page(s). Perhaps the check would compare > the retrieved date of the definitions to an age the user configured. > e.g. If AV def dates retrieved by SA older than 7 days then > action/alert. > > > >From: [EMAIL PROTECTED] on behalf of Dirk Bulinckx > Sent: Tue 2/15/2005 11:12 AM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > "How about the ability to query the state of anti virus products > (Symantec)? I'd like to be able to check that AV software running on > server X is running definitions version Y dated Z. Yes, I know that > there is some combination of add-on products and scripts that would do > this for me, but that's not why I use SA. If I could or wanted to code, > I wouldn't need SA." > > => this would mean that IF there is an updated AV definition and your > servers (I suppose you want to check AV server and not all the clients!) > do > have the update that SA could start giving all downs...just because you > didn't update the AV version on SA yet. Wouldn't that give more trouble > then good? > > > Dirk. > > -----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf > Of David Webster > Sent: Tuesday, February 15, 2005 12:06 AM > To: [email protected] > Subject: RE: [SA-list] Major product checks missing? > > > > > > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive > To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] > With the following in the body of the message: > unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive |
