In response to this idea of checking against rolling data, Dirk has it been discussed about the possibility of using check "A"s %e information as the comparison value for check "B"?
What I'm thinking is have check "A" retrieve the value of the latest update from say symantec's website, then check "B" does a check (haven't seen a clean way for this - ALTHOUGH I believe that this info is available from SNMP OIDs) that compares the %e from "A" and compares against it's own %e for a determination of status? Even if it was restricted to only being able to get the %e of the dependor check, that should work fine. The nice thing about this is you'd never have to update the checks with the current version value. I would expect that this would be extremely useful for all sorts of version checking issues related to anti-virus, spam, site-blocking, etc... Michael D. Shook [EMAIL PROTECTED] 863 665 0966 x 4477 (work) 478 256 9318 (cell) 863 665 1261 (fax) www.saddlecrk.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Stone Sent: Thursday, August 05, 2004 9:36 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions The original request was to return the version. A web page, the Response column in the console, or the %e variable in email will show that. If you want more... The event log shows the version that was downloaded, you could then compare the check result with the versions on the Symantec download site(http://securityresponse.symantec.com/avcenter/download.html) using ASP, PHP, or Perl. The one problem with using the event log is that the COM check only returns results on log entries that have occurred since the last check cycle. This means that one the next cycle after a result you will not get a result. Great for alerting but not for reporting. I think Robert's file method is more useful but would require touching each system you want to monitor. In my environment that won't scale, for a few systems it should be fine. -Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gene Martinez Sent: Thursday, August 05, 2004 4:57 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions At 04:26 PM 8/5/04 -0400, you wrote: >Or you could test for an update of C:\Program Files\Common >Files\Symantec Shared\VirusDefs\definfo.dat. How would you do this, and then how do you reset it for the new file? It would seem you would have to edit you check each time you got an up-date, no??? Regards, Gene [EMAIL PROTECTED] http://www.eclipse.net/~njkat ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive