Personally I would prefer to find out the version directly from the vendor. That way there is only two points of failure (not counting Mcafee forgetting update the ini) my Internet or their Internet. Since I obviously have checks dealing with my Internet and they have checks dealing with theirs that is not really a problem. If I set up my alerting not to alert me at 3am for an out of date virus scan then it should not be a problem. Also if I set my AV check to run only every several hours then I would not get a lot of gratuitous alerts. So although I do not want you to stop exploring the issue I would like to be assured that I am able to do my AV check directly against the vendor. Whether it be two different checks or one check with a multitude of options makes no difference to me. Thanks for listening.
Jason Passow Mississippi Welders Supply [EMAIL PROTECTED] ph: (507) 494-5178 fax: (507) 454-8104 "If you do everything right, nobody will realize you've done anything at all." Dirk Bulinckx wrote: > Cron 1: get info from AV-webs and insert in into the db > Cron 2: remove old info from db > > > The COM check that is used by the real users does an HTTP GET of a PHP > file that checks the timetamp and returns timestamp, and the COM > checks for the difference (to be able to alert if older then ...) > > > That leaves the part of updating the remote dbs. If this would be > done in a lower frequence then the polling then we could get an > out-of-date issue. That's why I was thinking that whenever the master > does an update (and that will be just a few per day max) then it sends > via a HTTP POST (example) the updates to the remote dbs. On the > remote system you could run the same DELETE cron OR the master could > force that via another HTTP POST. > > > > > > Dirk Bulinckx. > > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Michael Shook > *Sent:* Tuesday, August 22, 2006 3:56 PM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > I think I'd lean more towards offloading the updating and maintaining > of the cache file to the hoster (a cron job on the web server), then > there would simply have to be a 2nd layer check created that the > hosters would run to ensure that their AV cache is up to date. The > reason being that my web server (hosted) is more likely to be stable > than the box I use to check things with (old POS laptop). > > that's 3 parts then: > > part one: Cron job on the webserver to run a php page to create and > keep updated a hosted AV version list > part two: COM check to ensure that the Cache file is up to date (used > by hosters only) > part three: COM check to check local system version against a hosted > cache file OR the companies' sites. > > OR > > Woodstone creates the cache file as a plain file using internal > super-secret processes, then pushes it (FTP?) to remote hosts for use. > That way youse' guys is in total control of the content, and the hosts > would be completely passive. > > To handle the issue of up-todate cache files or not, have the com > check update it's list of "most favored" hosts each check from > Woodstone, if the host chosen in the check is no longer in the list of > hosts from woodstone (because they couldn't get updated , fell off the > planet, etc...) then a random host could be chosen. > > Michael D. Shook > Technical Analyst > Saddle Creek Corporation > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 863 668 4477 (work) > 863 860 4070 (cell) > 863 665 1261 (fax) > _www.saddlecrk.com_ <http://www.saddlecrk.com/> > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Dirk Bulinckx > *Sent:* Tuesday, August 22, 2006 9:16 AM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > My idea (just thinking out loud not saying that want/am going to do > this!!) > > mySQL db > php page > > HTTP GET av.php?AV=<name>&VER=<version> > > in the php > select TIMESTAMP from avdb where AV=<name> and > VER=<version> (let's call the result fTimestamp) > if FOUND then > select TIMESTAMP,VERSION from avdb where AV=<name> and > TIMESTAMP>fTimestamp order by TIMESTAMP > if non found > your version is the latest known version > else > ' your version is not the latest > bTimestamp (timestamp of the FIRST > retrieved row in the last select statement, this is the latest that is > in the db) > your version is out of date by bTimestamp > - fTimestamp > endif > else > unknown version/AV > endif > > > Now getting the info in the db. > Process that runs every <times> and gets the versions for each of the > products. > POST avpost.php?AV=<name>&VER=<version>&TIMESTAMP=<currenttimestamp> > select VER from avdb where AV=<name> and VER=<version> > if not found then > insert into avdb > set AV=<name>,VER=<version>,TIMESTAMp=<currenttimestamp> > endif > > I suppose that should work? > > BUT if you have several of those DBs around the world, how will you > populate all those DBs? And how will you be sure that they are > "up-to-date"? > What if the "main" system looses connection with the internet? Then > we would loose a couple of versions and/or have a wrong timestamp. > > From a bandwidth point of view, this can become big too. Not only > doing those checks (for all AVs) every <times> (often!), updating the > other dbs and people doing there AVcheck and doing the HTTP GET to get > the version. > > > > > > > Dirk Bulinckx. > > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Michael Shook > *Sent:* Tuesday, August 22, 2006 3:01 PM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > Yup. Have to keep a history as well. Say for the last 6 months. > > Pretty big limb ain't it. > > :-) > > Michael D. Shook > Technical Analyst > Saddle Creek Corporation > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 863 668 4477 (work) > 863 860 4070 (cell) > 863 665 1261 (fax) > _www.saddlecrk.com_ <http://www.saddlecrk.com/> > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Dirk Bulinckx > *Sent:* Tuesday, August 22, 2006 8:56 AM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > This would mean that this list would have for each AV that we > 'support', the signature version and the release date of it. > And that the AV check would query that list to see how old his/her > version is, right? > > > Dirk Bulinckx. > > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Michael Shook > *Sent:* Tuesday, August 22, 2006 2:46 PM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > Well, with such a list the you could tell folks just how out of date > their version of AV is, as Ian would like. > > I'd have to agree, as having a version that is 1 or days out of date > isn't really something I want to woken up at 3am over. > > So, this way you can give the users some parameters (How old, x number > of version old, etc...) > > You could even use this to send a non-down email that a new version > became available 5 minutes ago, without incurring a DOWN penalty that > might be set if the version is 5 days old. > > Michael D. Shook > Technical Analyst > Saddle Creek Corporation > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 863 668 4477 (work) > 863 860 4070 (cell) > 863 665 1261 (fax) > _www.saddlecrk.com_ <http://www.saddlecrk.com/> > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Dirk Bulinckx > *Sent:* Tuesday, August 22, 2006 8:31 AM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > Can you elaborate? > What would be the purpose of such a list? > > > Dirk Bulinckx. > > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Michael Shook > *Sent:* Tuesday, August 22, 2006 2:11 PM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > I'm gonna go WAY out on a limb here.... > > But if Woodstone (or another party) were to keep a publicly available > cache file of all the versions and the dates they first appeared, then > the check could reference that list instead of just grabbing the most > recent version number from the manufacturer. > > Perhaps with a few mirror sites around the globe... > > I wouldn't mind hosting such a list on the Users Group site. > > Michael D. Shook > Technical Analyst > Saddle Creek Corporation > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > 863 668 4477 (work) > 863 860 4070 (cell) > 863 665 1261 (fax) > _www.saddlecrk.com_ <http://www.saddlecrk.com/> > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of *Dirk Bulinckx > *Sent:* Tuesday, August 22, 2006 3:31 AM > *To:* Servers Alive Discussion List > *Subject:* RE: [SA-list] AV Check > > Not all the AV products have "numbers" as version, so that wouldn't > realy work out well... > > > Dirk Bulinckx. > > > > ------------------------------------------------------------------------ > *From:* Servers Alive Discussion List [mailto:[EMAIL PROTECTED] *On > Behalf Of [EMAIL PROTECTED] > *Sent:* Tuesday, August 22, 2006 9:21 AM > *To:* Servers Alive Discussion List > *Subject:* [SA-list] AV Check > > > A suggestion for an enhancement to the AV check (which is working very > well). > > I wonder if it would be possible to measure not whether the local > version equals the remote version, but the difference between them. In > other words, if the local version was 543 and the remote version was > 544, the result would be -1. The benefit of this is that you could > choose to ignore (or treat differently) a machine that is only just > out of date, but take more seriously a machine that was several > versions out of date. > > Just a thought. > > Ian > _________________________________ > Ian K Gray > OEL IS - European Infrastructure Support > Tel: +44 1236 502661 > Mob: +44 7881 518854 > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > -------------------------------------- > The information contained in this message is intended only for the use > of the addressee. If the reader of this message is not the intended > recipient or agent of the intended recipient, you are hereby notified > that any dissemination, distribution, or copying of the message is > strictly prohibited. > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > -------------------------------------- > The information contained in this message is intended only for the use > of the addressee. If the reader of this message is not the intended > recipient or agent of the intended recipient, you are hereby notified > that any dissemination, distribution, or copying of the message is > strictly prohibited. > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > -------------------------------------- > The information contained in this message is intended only for the use > of the addressee. If the reader of this message is not the intended > recipient or agent of the intended recipient, you are hereby notified > that any dissemination, distribution, or copying of the message is > strictly prohibited. > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > -------------------------------------- > The information contained in this message is intended only for the use > of the addressee. If the reader of this message is not the intended > recipient or agent of the intended recipient, you are hereby notified > that any dissemination, distribution, or copying of the message is > strictly prohibited. > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. > > > > To unsubscribe send a message with UNSUBSCRIBE as subject to > [email protected] > If you use auto-responders (like out-of-the-office messages), then > make sure that they are not send to the list nor to the individual > members of the list that send a message. Doing this will get you > removed from the list. To unsubscribe send a message with UNSUBSCRIBE as subject to [email protected] If you use auto-responders (like out-of-the-office messages), then make sure that they are not send to the list nor to the individual members of the list that send a message. Doing this will get you removed from the list.
