Doesn't the CA engines use the same signature
files?
When I used CA Enterprise I don't remember having to
update two sets...
From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Michael Shook
Sent: 16 August 2006 13:26
To: Servers Alive Discussion List
Subject: RE: [SA-list] Anti-virus signature checker
Ok, here's what I have:
CA eTrust
With the check looking for the software, it doesn't find the local
info
With the check NOT looking for the software, it does find the
info.
Also, since CA best practices call for the real time scan to use one
engine and the full files scan to use the other engine, the check really needs
to examine both signature files.
Also, shouldn't we be examining the engine version as
well?
Great work!!!!!
Michael D. Shook
Technical Analyst
Saddle Creek Corporation
Michael.Shook@saddlecrk.com
863 668 4477 (work)
863 860 4070 (cell)
863 665 1261 (fax)
www.saddlecrk.com
Technical Analyst
Saddle Creek Corporation
Michael.Shook@saddlecrk.com
863 668 4477 (work)
863 860 4070 (cell)
863 665 1261 (fax)
www.saddlecrk.com
From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx
Sent: Wednesday, August 16, 2006 5:51 AM
To: Servers Alive Discussion List
Subject: RE: [SA-list] Anti-virus signature checker
Change was done.
There is an option in the GUI, were you can say "Local system must have
AV product installed". If that is enabled then it will give a down
when the AV is not installed (the %e parameter will include the version from the
web), with this option disabled (default) the %e parameter will only show the
webserver (without any other text).
As for the McAfee version issue, that's also fixed in build 7 which can
be downloaded from http://beta.woodstone.nu/soft/setup_avcom.exe
Dirk Bulinckx.
From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx
Sent: Wednesday, August 16, 2006 11:26 AM
To: Servers Alive Discussion List
Subject: RE: [SA-list] Anti-virus signature checker
People will also use it ,just to get the latest info.
Maybe that I should add an option in the GUI for it. That way the
mesage (%e parameter) can also be different.
As for the version thing with McAfee....I'll remove the first digit from
the web-version before doing the compare.
Dirk Bulinckx.
From: Servers Alive Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, August 16, 2006 9:57 AM
To: Servers Alive Discussion List
Subject: Re: [SA-list] Anti-virus signature checker
*Very* cool Dirk. One immediate problem, when I try it with McAfee: it finds version 4830 on the web, but version 830 on the machine (i.e. it's losing the initial digit).
What's the logic of giving an "up" if there's nothing in the registry? I would have thought that nothing in the reg implies that AV isn't installed, which would be a *bad* thing.
Ian
_________________________________
Ian K Gray
OEL IS - European Infrastructure Support
Tel: +44 1236 502661
Mob: +44 7881 518854
| "Dirk Bulinckx"
<[EMAIL PROTECTED]> Sent by: Servers Alive Discussion List <[email protected]> 15/08/2006 17:50
|
|
A while ago (June) there were some talks about a COM check that would see if
your anti-virus product was up-to-date or not.
We have a little COM check that is already able to do a little.
* Aladin eSafe:
get the version number from the internet (if they change the
look of their website we have a problem)
* Symantec AV:
get the version number from the internet (if they change the
look of their website we have a problem)
* CA eTrust (both for the VET and the Innoculate engine)
get the version number from a TXT file they have on the
internet
* McAfee (NAI)
get the version number from an INI file they have on the
internet
compare that to the version that is in the registry of the
system running SA.
* versions are the same gives an up
* versions are different gives a down
* nothing in the registry give an up too
All of them (except for CA eTrust which uses FTP) are using the HTTP
protocol to get the info from the internet. This is via a direct connection
(NO proxy support!)
This is a FIRST version. We would like to extend the possibilities to more
AV products (internet part) and also the local part (get the version numbers
on the local system too).
So if you have info on were we can find the info (internet & local) for a
specific product, then please let us know so we can extend/enhance this
check.
You can download it from http://beta.woodstone.nu/soft/setup_avcom.exe
Dirk Bulinckx.
To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected]
If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected]
If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected]
If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected]
If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
--------------------------------------
The information contained in this
message is intended only for the use of the addressee. If the reader of this
message is not the intended recipient or agent of the intended recipient, you
are hereby notified that any dissemination, distribution, or copying of the
message is strictly prohibited.
To unsubscribe send a message with
UNSUBSCRIBE as subject to [email protected]
If you use auto-responders
(like out-of-the-office messages), then make sure that they are not send to the
list nor to the individual members of the list that send a message. Doing this
will get you removed from the list.
To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected]
If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
