Help - Search - Members - Calendar
Full Version: Example: Monitor Symantec AV definition files
Intellipool Network Monitor - Forum > Intellipool Network Monitor > Lua scripts
RA
Mar 8 2006, 11:06 AM
CODE
----------------------------------------------------------------------------------------------------------
-- Name: SymantecAVDefs.lua
-- Author: Intellipool AB
-- Required INM version: 3.0.5
-- Version: 1.0
-- Date: 2006-03-06
-- Description: Checks if Symantec AV definition files is uptodate
-- Arguments:
-- Name and path to ini file
-- Max age in days
----------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------
-- Creates a table of all lines ending with CR in the text file
function MakeTable(s)
    local sInData = s;
    iLastPos = 0;
    
    t = {};
    max = string.len(sInData);
    for count = 0, max do
        cCharacter = string.byte(sInData,count);
        if cCharacter == 10 then
            local sTemp = string.sub(sInData,iLastPos,count-1);
            table.insert(t,sTemp);
            iLastPos = count+1;
        end
    end
    return t;
end

----------------------------------------------------------------------------------------------------------
-- Start
sFileName = GetArgument(0);
iMaxDaysOld = tonumber(GetArgument(1));

File = TLuaFile:new();
iLength = File:GetFileSize(sFileName);

if File:Open(sFileName) == 0 then
    SetExitStatus("Cant open AV definition file",false);
    File:Close();
    return;
end

Data = "";
Data,iLength = File:Read(iLength);
if iLength==0 then
    SetExitStatus("AV definition file is empty",false);
    File:Close();
    return;
end
File:Close();

StringTable = MakeTable(Data);
----------------------------------------------------------------------------------------------------------
-- Find the line with "CurDefs"
nTableMax = table.getn(StringTable);
if nTableMax == 0 then
    SetExitStatus("Failed to parse AV file",false);
    return;
end
-- Parse table
for count=1, nTableMax do
    sTemp = StringTable[count];
    if string.find(sTemp,"DefDates]") ~= nil then
        sCurDefs = StringTable[count+1];
        sCurDefs = string.sub(sCurDefs,-13);
        sCurDefs = string.sub(sCurDefs,1,8);
        
        sYear = string.sub(sCurDefs,1,4);
        sMonth = string.sub(sCurDefs,5,6);
        sDay = string.sub(sCurDefs,7,8);
        -- Got a date
        DateInFile = TLuaDateTime:new();
        DateInFile:Create(tonumber(sYear),tonumber(sMonth),tonumber(sDay),0,0,0);
        
        DateSpan = TLuaDateTime:new();
        DateSpan:CreateSpan(iMaxDaysOld*24,0,0);

        DateInFile:Add(DateSpan);

        currentTime = TLuaDateTime:new()
        if currentTime:Less(DateInFile) == false then
            SetExitStatus("AV definition file is out of date",false);
            return;
        else
            SetExitStatus("AV definition file is up to date",true);
            return;
        end
    end
end
SetExitStatus("CurDefs not found in AV definition file",false);
Steve.Vale
Mar 9 2006, 06:51 PM
Thanks Robert.

I must admit, I had some trouble getting the "definfo.dat" filespec into the script as an argument, so I amended it to hardcode this location. (it's in the same place on all of our systems). I assume that LUA is unable to evaluate system environment variables on the target server, otherwise this could help for such issues.

I've also added some additional information into the response (error details when file open fails, and current definition details when it gets it successfully).

CODE
----------------------------------------------------------------------------------------------------------
-- Name: SymantecAVDefs.lua
-- Author: Intellipool AB
-- Required INM version: 3.0.5
-- Version: 1.1
-- Date: 2006-03-09
-- Description: Checks if Symantec AV definition files is uptodate
-- Arguments:
-- Max age in days
-- History: Version 1.1, Steve Vale, Hardcoded file location, and included error details + AV definittion version in return string.
----------------------------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------------------------
-- Creates a table of all lines ending with CR in the text file
function MakeTable(s)
    local sInData = s;
    iLastPos = 0;
    
    t = {};
    max = string.len(sInData);
    for count = 0, max do
        cCharacter = string.byte(sInData,count);
        if cCharacter == 10 then
            local sTemp = string.sub(sInData,iLastPos,count-1);
            table.insert(t,sTemp);
            iLastPos = count+1;
        end
    end
    return t;
end

----------------------------------------------------------------------------------------------------------
-- Start
sFileName = "C:\\Program Files\\Common Files\\Symantec Shared\\VirusDefs\\definfo.dat"
iMaxDaysOld = tonumber(GetArgument(0));

File = TLuaFile:new();
iLength = File:GetFileSize(sFileName);

if File:Open(sFileName)  == 0 then
    iRes = GetLastError();
    sRes = FormatErrorString(iRes)
    SetExitStatus("Cant open AV definition file - "..sRes,false);
    File:Close();
    return;
end

Data = "";
Data = File:Read(iLength);
if iLength==0 then
    SetExitStatus("AV definition file is empty",false);
    File:Close();
    return;
end
File:Close();

StringTable = MakeTable(Data);
----------------------------------------------------------------------------------------------------------
-- Find the line with "CurDefs"
nTableMax = table.getn(StringTable);
if nTableMax == 0 then
    SetExitStatus("Failed to parse AV file",false);
    return;
end
-- Parse table
for count=1, nTableMax do
    sTemp = StringTable[count];
    if string.find(sTemp,"DefDates]") ~= nil then
        sCurDefs = StringTable[count+1];
        sCurDefs = string.sub(sCurDefs,-13);
        sRepDefs = sCurDefs
        sCurDefs = string.sub(sCurDefs,1,8);
        
        sYear = string.sub(sCurDefs,1,4);
        sMonth = string.sub(sCurDefs,5,6);
        sDay = string.sub(sCurDefs,7,8);
        -- Got a date
        DateInFile = TLuaDateTime:new();
        DateInFile:Create(tonumber(sYear),tonumber(sMonth),tonumber(sDay),0,0,0);
        
        DateSpan = TLuaDateTime:new();
        DateSpan:CreateSpan(iMaxDaysOld*24,0,0);

        DateInFile:Add(DateSpan);

        currentTime = TLuaDateTime:new()
        if currentTime:Less(DateInFile) == false then
            SetExitStatus("AV definition file is out of date - "..sRepDefs,false);
            return;
        else
            SetExitStatus("AV definition file is up to date - "..sRepDefs,true);
            return;
        end
    end
end
SetExitStatus("CurDefs not found in AV definition file",false);
John T.
Mar 9 2006, 07:29 PM
I still can't seem to get this to work. With the dat file hard coded it can now find the file, but I get the following error. Anyone else have any luck with this?

Cant open AV definition file - The process cannot access the file because it is being used by another process.

Thanks,

-John
Steve.Vale
Mar 9 2006, 09:40 PM
QUOTE(John T. @ Mar 9 2006, 06:29 PM) *
I still can't seem to get this to work. With the dat file hard coded it can now find the file, but I get the following error. Anyone else have any luck with this?

Cant open AV definition file - The process cannot access the file because it is being used by another process.

I had this error when running the script in test mode from the editor, but assumed it was because I also had a copy running in my eval INM. Anyway, when I dropped the updated version into INM & tested it from there it worked ok!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.