Re: antivirus_installed.nasl

As a side note, .audit files for both Windows and Unix systems now include 
multi-line INFO tag functionality which allows you to add verbose 
details to your audit output. Ron mentioned the Unix side in the following blog 
entry: http://blog.tenablesecurity.com/2008/07/full-susudo-sup.html

Paul

John Scherff wrote:
> Couple more points:
>
> (5) The .audit policies are really the best way. I took the "long road"
> because I wanted the plugin output to cite our security policy, point
> the reader to our policy server, and produce detailed output about
> precisely what was wrong (and what was right).
>
> (6) The scripts have a copyright line, but there's no copyright.  Feel
> free to use/abuse them however you want.  When I catch up to Mike
> Vasquez in "giving back to the community," maybe I'll be less sharing ;)
>
> (7) The CVSS score/codes are all made-up. 
>
> -----Original Message-----
> From: nessus-bounces@list.nessus.org
> [mailto:nessus-bounces@list.nessus.org] On Behalf Of John Scherff
> Sent: Thursday, July 17, 2008 9:25 AM
> To: Adrian Raduti; Mike.Vasquez@cityofmesa.org
> Cc: nessus@list.nessus.org
> Subject: RE: antivirus_installed.nasl
>
> Here you go Adrian and Mike.
>
> A few important points:
>
> 0) These go in the /opt/nessus/lib/nessus/plugins directory.
>
> 1) I goofed on the choice of plugin IDs (I chose the 9xxxx range, but
> custom plugins are supposed to be in the 6xxxx range, I think).
>
> 2) There's a perl script included that grabs the last three AV signature
> dates from Symantec.  This script should be used like this to refresh
> the 24hr_savce_01.inc file:
>
>     get-symantec-sigs.pl >
> /opt/nessus/var/nessus/plugins/24hr_savce_01.inc 
>
> 3) The whole thing requires that you scan Windows systems with an
> account that can read the registry.
>
> 4) Please take the 24 Hour Fitness references out of the scripts before
> you use them.
>
> Good luck,
>
> John Scherff
> IT Security Manager
> 24 Hour Fitness
>
> -----Original Message-----
> From: Adrian Raduti [mailto:adrian.raduti@itdev.se]
> Sent: Thursday, July 17, 2008 8:53 AM
> To: John Scherff
> Subject: RE: antivirus_installed.nasl
>
> Sure, please send me yours.
>
> I feel this will also help me in better learning the language.
>
>
> Appreciate your help
> Adrian
>
> On Thu, 2008-07-17 at 08:41 -0700, John Scherff wrote:
> > They're highly customized for our environment, but if you send me a 
> > list of exactly what you need, I'll write a custom plugin for you (may
>
> > take a couple days... pretty busy over here).  Or I can just send you 
> > ours and let you hack them to fit your needs.
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus

-- 
Best Regards,

Paul Davis
Research Engineer
Tenable Network Security Inc
Phone: 410.872.0555
www.tenablesecurity.com

Is your network TENABLE?
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus