Re: [Plugins-writers] Checking NAV

From: Uri Gilad (ugilad@private)
Date: Sun Jan 02 2005 - 06:40:34 PST 

As far as I understand it, there are two issues with these plugins: 
1. The logging in problem - which is something in the nessus-engine. 
2. The problem of knowing the most updated version of the DATs. 

I am assuming the tenable team is working on #1, so here is a question
about #2 :

Suppose we get all the correct files into the plugin code, the will
remain a challenge of
chasing the DAT file versions. As far as I can see from current code,
the plugin contains the date statically in the nasl code.
Is it possible for the plugin to "include" a file which I will be
dynamically update (using a deamon looking at the vendors web sites).
This file will contain the relevant date/version info for the dat ?

Thanks, 

Uri. 


On Thu, 30 Dec 2004 12:30:41 -0800 (PST), Noah Roberts
<nroberts@private> wrote:
> Uri Gilad said:
> > Hi,
> > I have recently spotted the nav_installed.nasl plugin (12106).
> > Does it work on XP ?
> >  - on XP SP 2 ?
> >
> > has anyone had any experience with it ?, it fails utterly on my XP SP2
> > machine.
> 
> It seems that the antivirus scanners have a few problems:
> 
> * Needs full access to registry - in other words Administrator.  Failure
> to get this access means the plugin just doesn't report; it is the same
> for a negative result so you cannot tell if it is not installed or the
> plugin couldn't check!
> 
> * Both seem to only scan for specific product versions and not others.
> For instance, the Norton version only checks the DEFWATCH_10 data item
> when it should also check NAVCORP_70, NAVNT_50_AP1, NAV95_50_AP1, and
> NAV9x_50_NAVW.  My version uses the NAVNT_50_AP1 item and when it didn't
> find DEFWATCH_10 it just continues and says Norton is installed and
> working even though I purposfully had way out of date vdefs!  McAfee has
> similar problems with the added problem that it scans the date wrong now
> (sometime back they changed the format of that data item and the plugin
> uses the old way).
> 
> Basically, they are useless plugins that only work correctly under very
> exacting circumstances and don't report problems adiquately to actually
> use to verify that an antivirus is installed or not.  I had planned on
> using nessus to check for SP2 and antivirus software in conjunction with
> NetReg, but because of these problems it just won't work dependably as is.
>  It might be possible to fix these issues, I don't know.  In one case I
> couldn't get nessus to log into the remote machine correctly even though I
> gave it numerous ways in including blank admin passwords!
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers
> 


-- 
         --- Uri
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

This archive was generated by hypermail 2.1.3 : Sun Jan 02 2005 - 06:41:18 PST