Even if it were in a db then still it would be "linked" to the check and kept in memory just like it is now. Getting it from a db instead of out of memory would be a HUGE overhead, aspecialy in time.
Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael D. Shook Sent: Friday, August 06, 2004 3:01 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions Well, even if the current version value were held in a 3rd party SQL db, then a SQL check for "A" could be used to retrieve the right value. Then, you would at least reduce the version tracking and value updateing to one place (the db) and not each individual check. I would think the reduction in labor for a large server farm would make even this a pleasant option. Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dirk Bulinckx Sent: Friday, August 06, 2004 8:41 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions This hasn't been discussed before. But if it would be "limited" to the %e of the dependor then it would mean that the checks (in the example) depends on the site of Symantec being up. To be honest IF we get to implementing a compare based on the %e of another check then I don't think it would be a good idea to limit this to the dependor. The important word is "IF". :-) Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael D. Shook Sent: Friday, August 06, 2004 2:34 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions In response to this idea of checking against rolling data, Dirk has it been discussed about the possibility of using check "A"s %e information as the comparison value for check "B"? What I'm thinking is have check "A" retrieve the value of the latest update from say symantec's website, then check "B" does a check (haven't seen a clean way for this - ALTHOUGH I believe that this info is available from SNMP OIDs) that compares the %e from "A" and compares against it's own %e for a determination of status? Even if it was restricted to only being able to get the %e of the dependor check, that should work fine. The nice thing about this is you'd never have to update the checks with the current version value. I would expect that this would be extremely useful for all sorts of version checking issues related to anti-virus, spam, site-blocking, etc... Michael D. Shook [EMAIL PROTECTED] 863 665 0966 x 4477 (work) 478 256 9318 (cell) 863 665 1261 (fax) www.saddlecrk.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Stone Sent: Thursday, August 05, 2004 9:36 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions The original request was to return the version. A web page, the Response column in the console, or the %e variable in email will show that. If you want more... The event log shows the version that was downloaded, you could then compare the check result with the versions on the Symantec download site(http://securityresponse.symantec.com/avcenter/download.html) using ASP, PHP, or Perl. The one problem with using the event log is that the COM check only returns results on log entries that have occurred since the last check cycle. This means that one the next cycle after a result you will not get a result. Great for alerting but not for reporting. I think Robert's file method is more useful but would require touching each system you want to monitor. In my environment that won't scale, for a few systems it should be fine. -Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of gene Martinez Sent: Thursday, August 05, 2004 4:57 PM To: [EMAIL PROTECTED] Subject: RE: [SA-list] Check Version of Symantec anti virus definitions At 04:26 PM 8/5/04 -0400, you wrote: >Or you could test for an update of C:\Program Files\Common >Files\Symantec Shared\VirusDefs\definfo.dat. How would you do this, and then how do you reset it for the new file? It would seem you would have to edit you check each time you got an up-date, no??? Regards, Gene [EMAIL PROTECTED] http://www.eclipse.net/~njkat ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive