lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: cfaigle at richmond.edu (Faigle, Chris)
Subject: VirusLogger - Script to sort and e-mail Symantec Corporate Anti-Virus Logs available

Hi,

	We use Symantec Corporate Anti-Virus here at the University of
Richmond for all faculty, staff and student Windows machines.

	Several institutions have expressed interest in a script that I
wrote to have the logs from the virus server sorted and e-mailed daily.

	It is now available (under GPL) at
http://is.richmond.edu/techsupport/security/Downloads.htm 

	In brief:

		It uses Symantec's VHistExp tool (on the CD, in the
Tools\Nosuprt\VHistExp\ folder) to pull the logs.

		It then buckets each entry into "Left Alone", "Deleted",
"Cleaned", "Quarantined" and "Unknown".

		It also makes a bucket for "Special" entries, which are
keywords set to "Blaster", "Welchia", "Gaobot", "Sasser", etc. [I use
these as an additional resource to determine if a machine is patched.]

		It then saves these reports and e-mails them to the
addresses specified.

	I have it set up as a Scheduled Task on our SAV server to run at
3 am, using "VirusLogger.py -yesterday", so every morning I receive a
fresh report of the previous day's activity. (As does our help-desk.)

	Each morning, I go through the "Left Alone" report and use the
server to verify if each virus still exists and make decisions as to how
each machine should be handled.

	I go through the "Special" report if it is not empty as these
machines have a patch issue.

	Further, I also run quickly check the "Deleted" report to keep
an eye on what is coming through, but getting deleted.

	It requires Python, keeps an extensive log and has reasonably
good exception handling.  It has been running stably for months now.

	Hope this is useful.

	Please reply off-list.

Best,
Chris Faigle
IS Security
University of Richmond

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ