I was recently visting with my close friend Bruce and we were doing the geek-speak thing about scripting and automation. He had written some uber code using
KiXtart that automated many mundane IT management tasks. One of the functions of his program was to query registry values of all of the computers on the domain and report on the status of the antivirus definitions. This was of particluar interest to me because I had a bad experience attempting to get a simple report like this out of the management tool provided by Network Associates (ePolicy Orchestrator) and I still needed better solution.
So, with that that inspiration I set out to write my own script. I have more experience with DOS Batch files so I decided to stick with that rather than going with VB, KiXtart, etc. That said I am still a relative n00b.
Long sorted story short, I did a lot of Googling for sample code and a lot of reading of reference material, and after about of week of working on this off and on I was successful. Essentially what I ended up with was a batch program that takes a text file with a list of computer names as input and produces an output text file that shows me the status of the antivirus definitions on each computer. I also used
blat(a command line mailer) to have the results automatically emailed to me.
I am sure that there are many coders out there that can produce more efficient code as there is always more than one way to "skin the cat." Here is my code:
@echo off
REM IF the user does not enter a file to parse for computer names send a message and stop
if not exist "%~1" echo Please enter the name of the file to parse.&goto :EOF
REM delete the last result file.
if exist results.txt del results.txt
REM Create the header for the results file
echo %date% %time% >> Results.txt
echo. >> Results.txt
echo EngineVer Defs Ver Defs Date Computer >> Results.txt
echo. >> Results.txt
REM Go through the names in the file and send them off to be processed
set filename=%~1
for /f %%a in (%~1) do call :PROCESS %%a
ECHO. >> Results.txt
ECHO Done processing %filename%! >> Results.txt
blat message.txt -attach results.txt -server SERVERNAME -to email@yourdomain.com -f email@sendersemail.com -subject "Currentl AV Status"
GOTO :EOF
:PROCESS
REM Ping the host to verify it is up. Also, check that we are not at the end of the list of names.
if /i %~1==%filename% goto :EOF
ping -w 20 -n 1 %~1 | find "TTL=" && goto :CHECKVIRUSDEFS
ping -w 20 -n 1 %~1 | find "TTL=" || echo %~1 is not responding! >> Results.txt
goto :NOTRESPONDING
:CHECKVIRUSDEFS
REM Check to make sure that the appropriate registry entries exist before processing.
SET INSTALLED=Y
REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefDate" || SET INSTALLED=N
REM Query the registry, store the findings in variables and write results to results.txt
REM NOTE: temp.txt is created so that it can be parsed for the exact value needed since I couldn't get this to work all in one command.
IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefDate" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3,4,5" %%A IN (temp.txt)DO (SET Day=%%C&SET Month=%%D&SET Year=%%E)
IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szVirDefVer" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3" %%J IN (temp.txt)DO (SET DefVer=%%L)
IF %INSTALLED%==Y REG QUERY "\\%~1\HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine" /s | find "szEngineVer" > temp.txt
IF %INSTALLED%==Y For /F "tokens=1,2,3" %%X IN (temp.txt)DO (SET Engine=%%Z)
IF %INSTALLED%==Y echo %Engine% -- %DefVer% -- %Month% %Day%, %Year% -- %~1 >> Results.txt
IF %INSTALLED%==N echo %~1 ---- DOES NOT appear to have antivirus installed! >> Results.txt
IF %INSTALLED%==Y del temp.txt
:NOTRESPONDING
Here are all of the files that I used to get this working:
- checkav.bat -- This is the main file (contents above.)
- names.txt -- This is a file that can be any name that contains a list of the computer names to check. You start the program by typing CHECKAV NAMES.TXT at the command prompt.
- message.txt -- This is a text file that simply contains the body email message that is generated with the results.txt file attached. The contents of my file simply just says "Scan Results". You can put in whatever you want.
- blat.exe -- this is the little program that I use to automate sending the results file.
Here is a sample results.txt file output from this program:
Networking Considerations
In order to get this to work you need to run this in the security context of a domain administrator or something similar since you must have enough access to remotely query the registry of all of the machines in your names file. I run my scans logged in as a domain administrator.
The windows firewall can be a problem when you are attempting to do this type of thing. I ended up disabling the windows firewall on the computers so that I could perform this scan. This may or may not be prudent depending on how secure your environment needs to be. In my case I have other security measures in place - intrusion detection, network firewall, network level antivirus, content filter, and all of my host machines are operating under restricted user profiles. There is always a trade-off with implementing security measures and I figured the added ease of managing all of my antivirus installations outweighed the security risk of disabling the windows firewall.
I am also using Group Policy startup & shutdown scripts to disable & re-enable the windows firewall. This is mainly for the laptop users so that when they shut down their computers and take them out of the office the windows firewall is back on by default. Thanks again to Bruce for suggesting that one. Here is a link to the
Microsoft Enterprise Logon Script white paper for your reading enjoyment.
Here are several more links that I have used as resources for batch file scripting:
Computer HopeYahoo Batch File Grouphttp://www.robvanderwoude.comhttp://www.ss64.comMicrosoft's Technet A-Z Command ReferenceConTEXT -- This is a great freeware text file / script editor that makes things easier.
Finally, please feel free to use, modify, or pass along the above code. I hope that someone may find it useful.
Ok. This has been floating around for quite some time now. However, if you haven't seen this clip of John Stewart making fun of Senator Ted "The Tubes" Stevens then your online experience is certainly incomplete. Enjoy...
