Ron, These are extra (custom) plugins, not modifications to existing ones. However, I agree with your point; nasl scripting isn't for the feint-of-heart (the language is ridiculously easy, but it requires a lot of knowledge about how nessus works under-the-hood). My recommendation for anyone wanting to go down that road is to spend a LOT of time looking through KB files to see how nessus keeps track of things as it scans a host.
Have you guys made the nasl3 programming guide/API publicly available? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ron Gula Sent: Thursday, July 17, 2008 8:21 AM To: [email protected] Subject: Re: antivirus_installed.nasl Adrian Raduti wrote: > Really a big newbe, could somebody please help with the code that I > should use for reporting systems without AV installed. If you are new to Nessus, I don't think your first step should be modifying NASL code. I would recommend you perform your scans with the current Tenable plugins and then use the Nessus Client to filter the results. You could use a filter of ID 16193 to see which hosts had anti-virus reported, and which didn't and then use further filtering to see if they had Symantec running. Keep in mind this plugin only reports if there is an anti-virus solutions installed AND it is out of date, not that there is NO anti-virus installed. http://blog.tenablesecurity.com/2007/02/auditing_antivi.html You could also look at plugin 20811 "Software Enumeration (via SMB)", and look for Symantec products with a text filter. More ideas on using this technique are here: http://blog.tenablesecurity.com/2006/12/enterprise_soft.html Ron Gula Tenable Network Security _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
