Yes. I was not in the plugins directory. My mistake. Here is the copy of the script:
if(description)
{
script_id(90000);
script_version("$Revision: 1.0 $");
name["english"] = "Symantec AntiVirus Version Detection";
script_name(english:name["english"]);
desc["english"] = "
This script determines the version of the remote Norton AntiVirus as
written in the registry of the remote host. It also reports any host
where registry does not exist.
Risk Factor : None";
script_description(english:desc["english"]);
summary["english"] = "Determines the version of the remote NAV";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
family["english"] = "Custom";
script_family(english:family["english"]);
script_dependencies("smb_hotfixes.nasl");
script_require_keys("SMB/Registry/Enumerated");
script_require_ports(139, 445);
exit(0);
}
if ( get_kb_item("SMB/samba") ) exit(0);
if ( ! get_kb_item("SMB/Registry/Enumerated") ) exit(0);
include("smb_func.inc");
name = kb_smb_name();
port = kb_smb_transport();
if(!get_port_state(port)) exit(1);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
soc = open_sock_tcp(port);
if(!soc) exit(0);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
NetUseDel();
exit(1);
}
# "Regular" edition
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Pro
ducts\497CA84818B8A04418EA464733D75B72\InstallProperties";
item = "DisplayVersion";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
# Check for missing registry key and report
if ( isnull(key_h) )
security_hole(port:port, data:"The Symantec Norton Antivirus registry key does n
o exist.");
else
{
# Check the registry value and report it
value = RegQueryValue(handle:key_h, item:item);
if ( !isnull(value) )
{
version = value[1];
set_kb_item(name:"Symantec_Custom/Version", value:version);
security_note(port:port, data:"The remote host has Symantec Norton Antivirus ver
sion " + version + " installed.");
}
RegCloseKey(handle:key_h);
}
RegCloseKey(handle:hklm);
NetUseDel();
Also, I do not get an error in the nessusd.messages file telling me that the plugin could not be loaded upon nessusd startup using nessusd -D. I get the "Inconsistent data" error when I connect with the NessusWX client.
Thanks again.
Simon
Simon Prazak <infosecpw@private> wrote: Renaud,
I got a chance to revisit this issue. My script still does not register properly with nessusd 3.0 engine. When I run the script through the nasl interpreter I get the following output:
Unknown function 'kb_smb_name' (/tmp/PW_prod_3.0TEST.nasl, line 43)
Unknown function 'kb_smb_transport' (/tmp/PW_prod_3.0TEST.nasl, line 44)
Unknown function 'kb_smb_login' (/tmp/PW_prod_3.0TEST.nasl, line 46)
Unknown function 'kb_smb_password' (/tmp/PW_prod_3.0TEST.nasl, line 47)
Unknown function 'kb_smb_domain' (/tmp/PW_prod_3.0TEST.nasl, line 48)
Unknown function 'session_init' (/tmp/PW_prod_3.0TEST.nasl, line 54)
Unknown function 'NetUseAdd' (/tmp/PW_prod_3.0TEST.nasl, line 56)
Unknown function 'RegConnectRegistry' (/tmp/PW_prod_3.0TEST.nasl, line 59)
Unknown function 'NetUseDel' (/tmp/PW_prod_3.0TEST.nasl, line 62)
Unknown function 'RegOpenKey' (/tmp/PW_prod_3.0TEST.nasl, line 70)
Unknown function 'RegQueryValue' (/tmp/PW_prod_3.0TEST.nasl, line 77)
Unknown function 'RegCloseKey' (/tmp/PW_prod_3.0TEST.nasl, line 85)
Unknown function 'RegCloseKey' (/tmp/PW_prod_3.0TEST.nasl, line 88)
Unknown function 'NetUseDel' (/tmp/PW_prod_3.0TEST.nasl, line 89)
It seams that the problem is in the nessusd not finding the functions which leads me to beleive that there is some kind of problem with me having kept the two versions of the nessusd on one system. However I have followed all of the install/upgrade instructions for my particular OS. I have upgrades using the Nessus-3.1.0.0-fbsd5.tbz file as oppose to compiling the sources which I normally do. Again, any help is appreciated.
Thanks
Simon
Renaud Deraison <deraison@private> wrote:
On Dec 15, 2005, at 22:53, Simon Prazak wrote:
> This may not be a question for this list however I will ask it
> since I am not sure where else to go. I have upgraded the nessus
> engine to the 3.0 version today on a FreeBSD 5.4 patch level 8.
> Nessus starts without any problems however when I connect with the
> WX client I get the following message in the nessusd.messages
> indicating that there was a problem loading my custom scripts which
> would load just fine under the older version. The error I get is
>
> [Thu Dec 15 16:41:14 2005][1007] Inconsistent data: "My CUSTOM
> SCRIPT NAME" - not applying this plugin
>
Your plugin does not register itself properly within nessusd -- its
either missing script_name, script_description, or a few other
mandatory calls.
---------------------------------
Yahoo! DSL Something to write home about. Just $16.99/mo. or less_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
---------------------------------
Yahoo! Photos
Ring in the New Year with Photo Calendars. Add photos, events, holidays, whatever.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
This archive was generated by hypermail 2.1.3 : Tue Dec 27 2005 - 10:49:36 PST