RE: [Plugins-writers] Symantec AV Corp Edition

• Previous message: Josh Zlatin: "Re: [Plugins-writers] Symantec AV Corp Edition"
• Maybe in reply to: Terrazas, Jesus: "[Plugins-writers] Symantec AV Corp Edition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Josh:
Yeah, I noticed that after a while, that fixed the error, then I started
getting a bad address error on all plugins, I ran
(/opt/nessus/sbin/nessusd -R) and restarted nessus and that fixed it.
I am posting the final result of the plugin, I have tried it
successfully
Maybe somebody can help clean it up, I am sure there must be a CASE
function to avoid so many if's but I couldn't find it.
I am currently expanding it to detect Trend Micro too, so when I am done
I'll submit it so everybody can use it.
Thx


#<-----Symantec Corporate Edition AntiVirus Version Detect------------>
#
# This script was originally written by Tenable Network Security as SMB
Registry : NT4 Service Pack version
#
#
#

desc["english"] = "
Synopsis :

Symantec Anti Virus Corporate Edition Version.

Description :

By reading the registry key
HKLM\\SOFTWARE\\Intel\\LANDesk\\VirusProtect6\\Currentversion
it was possible to determine which version of Symantec AV CE is
installed.


Risk factor : None";


if(description)
{
script_id(90000);
script_version ("$Revision: 1.00 $");
name["english"] = "SMB Registry : Symantec Anti Virus Corporate Edition
Version";

script_name(english:name["english"]);

script_description(english:desc["english"]);

summary["english"] = "Determines the remote Anti Virus Corporate Edition
Version";
script_summary(english:summary["english"]);

script_category(ACT_GATHER_INFO);

script_copyright(english:"Jesus Terrazas  jesus.terrazas@private");
family["english"] = "Windows";
script_family(english:family["english"]);

script_dependencies("netbios_name_get.nasl", "smb_login.nasl",
"smb_registry_access.nasl");
if ( defined_func("bn_random") )
script_dependencie("ssh_get_info.nasl");

script_require_keys("SMB/transport", "SMB/name", "SMB/login",
"SMB/password", "SMB/registry_access");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
access = get_kb_item("SMB/registry_access");
if(!access)exit(0);
port = get_kb_item("SMB/transport");
if(!port)port = 139;
#---------------------------------------------------------------------#
# Here is our main() #
#---------------------------------------------------------------------#
name = kb_smb_name(); if(!name)exit(0);
login = kb_smb_login(); 
pass = kb_smb_password(); 
domain = kb_smb_domain(); 
port = kb_smb_transport();
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) ) 
{
NetUseDel();
exit(0);
}
key = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion";
item = "ProductVersion";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if ( ! isnull(key_h) )
{
value = RegQueryValue(handle:key_h, item:item);
if (isnull (value))
{
value2 = "Not installed";
set_kb_item(name:"SMB/SymantecVersion", "Not installed");
}
if(value[1] == "55509743")
{
value2 = "7.5.1.847";
set_kb_item(name:"SMB/SymantecVersion", "7.5.1.847");
}
else if(value[1] == "60687096")
{
value2 = "7.6.0.926";
set_kb_item(name:"SMB/SymantecVersion", "7.6.0.926");
}
else if(value[1] == "614335264")
{
value2 = "8.0.0.9374";
set_kb_item(name:"SMB/SymantecVersion", "8.0.0.9374");
}
else if(value[1] == "65537001")
{
value2 = "10.0.1.1000";
set_kb_item(name:"SMB/SymantecVersion", "10.0.1.1000");
}
else if(value[1] == "65995753")
{
value2 = "10.0.1.1007";
set_kb_item(name:"SMB/SymantecVersion", "10.0.1.1007");
}
else if(value[1] == "131073002")
{
value2 = "10.0.2.2000";
set_kb_item(name:"SMB/SymantecVersion", "10.0.2.2000");
}
else if(value[1] == "132383722")
{
value2 = "10.0.2.2020";
set_kb_item(name:"SMB/SymantecVersion", "10.0.2.2020");
}
report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The remote machine is running ", value2);
security_note(data:report, port:port);
}
RegCloseKey(handle:key_h);
RegCloseKey(handle:hklm);
NetUseDel();

#<------------------------------End of script-------------------------->
-----Original Message-----
From: plugins-writers-bounces@private
[mailto:plugins-writers-bounces@private] On Behalf Of Josh
Zlatin
Sent: Sunday, April 09, 2006 2:18 AM
To: plugins-writers@private
Subject: Re: [Plugins-writers] Symantec AV Corp Edition

On Fri, 7 Apr 2006, Terrazas, Jesus wrote:

> Hi,
>
> Been trying to use the SMB Registry : NT4 Service Pack version plugin
to
> come up with a plugin that detects Symantec Corp Edition Antivirus
> version
>
> When trying to load nessus (/opt/nessus/sbin/nessusd -D) I get the
> following error
>
> [4459] Could not allocate a pointer of size 1902128079 !


Try adding semicolons to the end of the lines when you set value2
Note you had the following code:

value2 = "10.0.2.2000"

...

value2 = "10.0.2.2000"

BTW when the 'value[1]' variable is set to '65537001', you set the
'value2' 
variable to '10.0.2.2000', but you set the 'SMB/Symantec/Version' kb
item to 
'10.0.1.1000'. Is that correct?

--
  - Josh
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers
_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers

• Previous message: Josh Zlatin: "Re: [Plugins-writers] Symantec AV Corp Edition"
• Maybe in reply to: Terrazas, Jesus: "[Plugins-writers] Symantec AV Corp Edition"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Apr 10 2006 - 09:55:29 PDT