Jamf Nation Community

Report Inappropriate Content · ‎09-26-2011

Hey guys/gals

Just wondering if anyone has a way of getting the SEP virus definitions
date/version into Casper? I've looked through Symantec's support site (out
of desperation) and went through the various files in the
/Library/Application Support/Symantec folder with no joy. I'm considering
hacking up something nasty and pulling the latest date from the What's New
file but I can hear the ghosts of programmers long gone turning in their
graves. Anyone have a semi-reasonable way of getting the date?

Sven

jszaszvari · ‎09-26-2011

Hi Sven

If you go to add a Extension Attribute under the "Inventory Collection Preferences" screen - There is a template there for Symantec products.

Probably worth taking a look at it and seeing how it works and seeing if you can make it work for you -

Here is a copy of the script they include with the template

"This attribute returns the Virus Definitions Date for Symantec. This attribute template applies to Norton AntiVirus (v 10), and Norton AntiVirus (v 11)."

#!/bin/sh
#This script has been verified to work on Norton AntiVirus (v 10, v11).

#Check to see if Norton v10 is installed
if [ -f "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" ]; then
result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Norton Solutions Support/Norton AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "%Y-%m-%d 00:00:00"
echo "<result>$result</result>"
else
#Check to see if Norton v11 is installed
if [ -f "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" ]; then result=/bin/date -j -f "%b %d, %Y" "$(cat "/Library/Application Support/Symantec/AntiVirus/Engine/WHATSNEW.TXT" | grep "Symantec Security Response" | awk '{print $5, $6, $7}')" "%Y-%m-%d 00:00:00" echo "<result>$result</result>"
else echo "<result>Not installed</result>"
fi
fi

Regards
John

jhalvorson · ‎09-27-2011

The extension attribute correctly reports our systems running SEP 11. Just letting you know it does work on versions besides NAV and SAV.

It does not report any date on Macs running Mac OS X 10.4 with SAV or NAV. I haven't figured out why.

Jason

nessts · ‎09-27-2011

I have to ask, why would you ever care what version of the AV definitions you package? tomorrow they will be out of date, why not just make liveupdate run and be done with it?
--
Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

jhalvorson · ‎09-27-2011

The extension attrib captures what is currently on the system when an inventory is done.

Most of our users do not know to set live update schedules. There are problems with the symsched command and/or the run live update script in the resource kit with some of our systems.

Our windows centric admin for Symantec won't let me run the clients in managed mode. Over the years the trust Symantec less and less and don't want us to go through the same.

By capturing and inventorying the def dates, I can figure out which ones are not being kept current and focus on those.

Is life easier with a solution from Sophos? Anyone using that?

Jason

nessts · ‎09-27-2011

The whole point of SEP is that you have a server backend with policies
set, that set the updates and scan times etc. you don't have to let the
clients worry about it.

now if you are using the consumer product and not SEP then that would make
a difference, but I had written scheduling jobs with older versions that
randomly picked a time to download the updates and that worked just fineŠ
I attached the one from version 11 we did.

-- Todd Ness
Technology Consultant/Non-Windows Services
Americas Regional Delivery Engineering
HP Enterprise Services

Jamf Nation Community

SEP AV definitions date/version