Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3264 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Checking Version Numbers - Sophos AV 7.6.21

Puffer

I've been given a task to write a script (probably vbs) that will check the version numbers (detection engine/data/identities) on all our Windows machines. Mostly Win2003 with a few XP workstations.

Writing the script isn't a problem. What I can't find is a location where I can retrieve the numbers that are found in the Product Information panel when you open the software (really don't want to log on to every machine).

I've checked in the registry and directories in Program Files\Sophos - nearest thing I can find is c:\program files\SOPHOS\AutoUpdate\data\status.xml - all this contains is the time stamp of the last update.

Anyone know where these can retrieved from?

:7513


This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    If these are managed machines it would be easier to pull this from the SEC database but for getting information regarding the install from the client I can see a few interfaces to obtain information such as this:

    1. Config files, Factory.xml and machine.xml in the config directory of SAV.  A bit ugly and would sure test your XML parsing.  Not everything is there but one could argue it's an interface of sorts.  The problem is contention between any script and the sav service plus it looks like SAV writes out to this periodically so timing/locking issues, etc..

    2. Registry.

    There are a few things scattered around that might be of interest.  Under HKLM\software\Sophos\

    3. Running SAV32CLI -v and scrape the output but slow and horrendous, and subject to breaking if anything changes.

    5. SAV.txt parsing, again slow (especially as it can get quite large in a month) and subject to subtle changes, although there is essentially a SAV.txt parser in the GUI of SAV, so it's unlikely to change at the drop of a hat I would suggest

    4. Lastly COM, which I think is what you'll like.  Using oleview I managed to work out a few things.  Here is a script that I put together to get some of the info you might want from the client.

    '***********************************************************************
'GLOBAL VARS and OBJECTS

dim componentManager
set componentManager = CreateObject("Infrastructure.ComponentManager")

Dim shell
Set shell = CreateObject("WScript.Shell")
  
'***********************************************************************

Status = "Machine Information: "  & vbcrlf &_
"  Name: " & GetMachineName() & vbcrlf &_ 
"SAV Information:" & vbcrlf &_ 
"  Version: " & GetSAVVersion() & vbcrlf &_
"  On-Access: " & GetSAVOnAccess() & vbcrlf &_
"  Last Update Time: " & GetLastUpdateTimeOfSAV() & vbcrlf &_
"  IDE Count: " & GetIdeCount()

msgbox Status,0,"SAV State at: " & Date & " - " & time

set componentManager = nothing
set shell            = nothing
    
'***********************************************************************

'***********************************************************************
Function GetMachineName()

  set objNetwork = createobject("Wscript.Network")
  GetMachineName = objNetwork.ComputerName
  set objNetwork = nothing

End Function    
'***********************************************************************

'***********************************************************************
Function GetSAVPath()

  'Try both, bit of a hack
  strPathToSAV = ""
  on error resume next  

  strPathToSAV = shell.RegRead ("HKLM\Software\wow6432node\Sophos\SAVService\Application\Path")

  if GetSAVPath = "" then
    strPathToSAV = shell.RegRead ("HKLM\Software\Sophos\SAVService\Application\Path")
  end if

  GetSAVPath = strPathToSAV 

End Function    
'***********************************************************************

'***********************************************************************
Function GetIdeCount()

  Set oFS = CreateObject("Scripting.FileSystemObject")
  Set f = oFS.GetFolder(GetSAVPath())
  Set sf = f.Files

  count = 0
  For Each f1 In sf
    if instr(f1.name,".ide") > 0 then
      count = count + 1
    end if
   Next
   GetIdeCount = count

  Set sf = nothing
  Set f = nothing

End Function    
'***********************************************************************

'***********************************************************************
Function GetLastUpdateTimeOfSAV()

  dim configMgr 
  Set configMgr = componentManager.FindComponent("ConfigurationManager")

  dim node 
  Set node = configMgr.GetNode(2, "ProductInfo/updateDate")   

  dim dateString
  dateString = node.GetAttributeValue("day") & "." &_
               node.GetAttributeValue("month") & "." &_
              node.GetAttributeValue("year")
  
   dim timeString
   timeString = node.GetAttributeValue("hour") & ":" &_
                node.GetAttributeValue("minute") & ":" &_
               node.GetAttributeValue("second")    
    
    
    GetLastUpdateTimeOfSAV = timeString & " " & dateString
End Function    
'***********************************************************************


'***********************************************************************
Function GetSAVVersion()

dim configMgr 
Set configMgr = componentManager.FindComponent("ConfigurationManager")
  
dim node 
Set node = configMgr.GetNode(0, "ProductInfo/productVersion")   

dim verString 
verString = node.GetAttributeValue("major") & "." &_
          node.GetAttributeValue("minor") & "." _
   & node.GetAttributeValue("build")

GetSAVVersion = verString

End Function
'***********************************************************************


'***********************************************************************
Function GetSAVOnAccess()

  dim icManager
  set icManager = componentManager.FindComponent("ICManager")

  select case icManager.GetFilterState
    case 1
       GetSAVOnAccess = "Off"
    case 2
       GetSAVOnAccess = "On"
    case else
       GetSAVOnAccess = "N/A"  
  end select 

  set icManager = nothing


End Function
'***********************************************************************

    Hopefully you can just reuse some of these functions in any code you write.

    I don't know how long this will keep working but I figure these sorts of interfaces are extended rather than removed so it should be good for a while.

    Hope that's useful.

    Jak

    :7803
Reply
  • 0

    Hi,

    If these are managed machines it would be easier to pull this from the SEC database but for getting information regarding the install from the client I can see a few interfaces to obtain information such as this:

    1. Config files, Factory.xml and machine.xml in the config directory of SAV.  A bit ugly and would sure test your XML parsing.  Not everything is there but one could argue it's an interface of sorts.  The problem is contention between any script and the sav service plus it looks like SAV writes out to this periodically so timing/locking issues, etc..

    2. Registry.

    There are a few things scattered around that might be of interest.  Under HKLM\software\Sophos\

    3. Running SAV32CLI -v and scrape the output but slow and horrendous, and subject to breaking if anything changes.

    5. SAV.txt parsing, again slow (especially as it can get quite large in a month) and subject to subtle changes, although there is essentially a SAV.txt parser in the GUI of SAV, so it's unlikely to change at the drop of a hat I would suggest

    4. Lastly COM, which I think is what you'll like.  Using oleview I managed to work out a few things.  Here is a script that I put together to get some of the info you might want from the client.

    '***********************************************************************
'GLOBAL VARS and OBJECTS

dim componentManager
set componentManager = CreateObject("Infrastructure.ComponentManager")

Dim shell
Set shell = CreateObject("WScript.Shell")
  
'***********************************************************************

Status = "Machine Information: "  & vbcrlf &_
"  Name: " & GetMachineName() & vbcrlf &_ 
"SAV Information:" & vbcrlf &_ 
"  Version: " & GetSAVVersion() & vbcrlf &_
"  On-Access: " & GetSAVOnAccess() & vbcrlf &_
"  Last Update Time: " & GetLastUpdateTimeOfSAV() & vbcrlf &_
"  IDE Count: " & GetIdeCount()

msgbox Status,0,"SAV State at: " & Date & " - " & time

set componentManager = nothing
set shell            = nothing
    
'***********************************************************************

'***********************************************************************
Function GetMachineName()

  set objNetwork = createobject("Wscript.Network")
  GetMachineName = objNetwork.ComputerName
  set objNetwork = nothing

End Function    
'***********************************************************************

'***********************************************************************
Function GetSAVPath()

  'Try both, bit of a hack
  strPathToSAV = ""
  on error resume next  

  strPathToSAV = shell.RegRead ("HKLM\Software\wow6432node\Sophos\SAVService\Application\Path")

  if GetSAVPath = "" then
    strPathToSAV = shell.RegRead ("HKLM\Software\Sophos\SAVService\Application\Path")
  end if

  GetSAVPath = strPathToSAV 

End Function    
'***********************************************************************

'***********************************************************************
Function GetIdeCount()

  Set oFS = CreateObject("Scripting.FileSystemObject")
  Set f = oFS.GetFolder(GetSAVPath())
  Set sf = f.Files

  count = 0
  For Each f1 In sf
    if instr(f1.name,".ide") > 0 then
      count = count + 1
    end if
   Next
   GetIdeCount = count

  Set sf = nothing
  Set f = nothing

End Function    
'***********************************************************************

'***********************************************************************
Function GetLastUpdateTimeOfSAV()

  dim configMgr 
  Set configMgr = componentManager.FindComponent("ConfigurationManager")

  dim node 
  Set node = configMgr.GetNode(2, "ProductInfo/updateDate")   

  dim dateString
  dateString = node.GetAttributeValue("day") & "." &_
               node.GetAttributeValue("month") & "." &_
              node.GetAttributeValue("year")
  
   dim timeString
   timeString = node.GetAttributeValue("hour") & ":" &_
                node.GetAttributeValue("minute") & ":" &_
               node.GetAttributeValue("second")    
    
    
    GetLastUpdateTimeOfSAV = timeString & " " & dateString
End Function    
'***********************************************************************


'***********************************************************************
Function GetSAVVersion()

dim configMgr 
Set configMgr = componentManager.FindComponent("ConfigurationManager")
  
dim node 
Set node = configMgr.GetNode(0, "ProductInfo/productVersion")   

dim verString 
verString = node.GetAttributeValue("major") & "." &_
          node.GetAttributeValue("minor") & "." _
   & node.GetAttributeValue("build")

GetSAVVersion = verString

End Function
'***********************************************************************


'***********************************************************************
Function GetSAVOnAccess()

  dim icManager
  set icManager = componentManager.FindComponent("ICManager")

  select case icManager.GetFilterState
    case 1
       GetSAVOnAccess = "Off"
    case 2
       GetSAVOnAccess = "On"
    case else
       GetSAVOnAccess = "N/A"  
  end select 

  set icManager = nothing


End Function
'***********************************************************************

    Hopefully you can just reuse some of these functions in any code you write.

    I don't know how long this will keep working but I figure these sorts of interfaces are extended rather than removed so it should be good for a while.

    Hope that's useful.

    Jak

    :7803
Children
No Data