Ad Widget

**qix** · 29-08-2007, 17:27

I ran into the same problem with .vbs scripts.
This resulted in having to reboot the server to get the agent working again, so I finally gave up on .vbs scripts.

I have some .bat scripts that run without any problems though...
I use them for filtering out the registry keys that contain the AV .dat version of our AV solution.

Maybe you could try using a .bat?

**Melkor** · 29-08-2007, 17:38

Qix,
This will be a nice solution... can you paste one of these .bat?

I have made lots of test in the servers in production and, if its posible I prefer to get the solution without more test. Thank you in advance

**qix** · 29-08-2007, 18:00

The .bat is for McAfee so I don't know if it would help you a lot.

Also, I have found out that McAfee is changing the way thay are storing the date in the registry about everytime they upgrade a version.

This makes the .bat very annoying to keep up to date.

**Melkor** · 29-08-2007, 18:14

Qix,
Its just for see the structure of a .bat that works for zabbix and see the commands of exit that you use. I think that it will help me a lot

**RohrbaGe** · 29-08-2007, 18:34

Hi,

I have never tried to run .vbs scripts. I think it fails because it is running as a service
try:

cscript.exe xxx.vbs
or
wscript.exe xxx.vbs

as command.
Maybe it is necessary to give the full path to wscript.exe

As far as I know the script can not create any screen output like msgbox,
because it run´s in a different security context.

Gerald

**qix** · 30-08-2007, 10:56

Alright, here goes.
As I stated before, McAfee seems to change the location where it sets the date in the registry from time to time.
So I use some external files to list the registry keys to look for.
However, I noticed McAfee now has changed the way the they set the date, this used to be a string, now it is a Hex value.
I haven't gotten around to resolve this yet.

The main script (virdef.bat):

Code:

@echo off
set output=none
set year=
set month=
set day=
set ddiff=datediff.bat
set datini=avdate.ini
set defini=avdef.ini
set engini=aveng.ini
set debug=no

if [%1]==[] goto help
goto run

:help
if [%debug%]==[yes] echo *** Parameter was empty, so help was called... ***
echo.
echo McAfee AntiVirus definition query utility.
echo Please make sure that McAfee Virusscan has been installed.
echo.
echo Usage: "virdef.bat <virver | virdate | virabd | engver>" 
echo.
goto :end

:run
if [%debug%]==[yes] echo *** Parameter was %1, starting run... ***

if [%1]==[virver] FOR /F "usebackq tokens=* delims=;" %%A IN ("%defini%") DO FOR /F "TOKENS=1,3*" %%G IN ('reg query %%A 2^>NUL') DO if NOT [%%H]==[] set output=%%H 
if [%1]==[engver] FOR /F "usebackq tokens=* delims=;" %%A IN ("%engini%") DO FOR /F "TOKENS=1,3*" %%G IN ('reg query %%A 2^>NUL') DO if NOT [%%H]==[] set output=%%H 
if [%1]==[virdate] FOR /F "usebackq tokens=* delims=;" %%A IN ("%datini%") DO FOR /F "TOKENS=1,3*" %%G IN ('reg query %%A 2^>NUL') DO if NOT [%%H]==[] set output=%%H 
if [%1]==[virabd] FOR /F "usebackq tokens=* delims=;" %%A IN ("%datini%") DO FOR /F "TOKENS=1,3*" %%G IN ('reg query %%A 2^>NUL') DO if NOT [%%H]==[] set input=%%H 
if [%debug%]==[yes] echo *** Output was %output% ***
if [%1]==[virabd] goto chdate

goto result

:chdate
if [%debug%]==[yes] echo *** Parameter was %1, so performing absolute date run ***
if [%debug%]==[yes] echo *** The calculation input is %input% ***
FOR /F %%A IN ('"%ddiff%" %input% 01/01/1970') DO SET days=%%A
if [%debug%]==[yes] echo *** The number of days calculated is %days% ***
set /A output=%days% * 86400
if [%debug%]==[yes] echo *** The number of seconds calculated is %output% ***
goto result

:result
if "%output%"=="none" set output=ZBX_NOTSUPPORTED
echo %output%
:end

I also used a free .bat from Rob van der Woude. For credits see the end of the file.
I have just edited it a tiny bit (datediff.bat):

Code:

 "%OS%"=="Windows_NT" GOTO Syntax
SETLOCAL

:: Check the command line arguments
IF     "%~1"=="" GOTO Syntax
IF NOT "%~3"=="" GOTO Syntax

:: Read the Date format from the registry
CALL :ReadDateFormat

:: Check if the first date is valid
(ECHO.%1) | FINDSTR /R /B /C:"[0-9]*\%sDate%[0-9]*\%sDate%[0-9]*" >NUL
IF ERRORLEVEL 1 (
	ECHO Error: %1 is not a valid date
	ECHO.
	GOTO Syntax
)
:: Use today if no second date was specified
IF "%~2"=="" (
	FOR %%A IN (%Date%) DO SET Date2=%%A
) ELSE (
	SET Date2=%2
)
:: Check if the second date is valid
(ECHO.%Date2%) | FINDSTR /R /B /C:"[0-9]*\%sDate%[0-9]*\%sDate%[0-9]*" >NUL
IF ERRORLEVEL 1 (
	ECHO Error: %Date2% is not a valid date
	ECHO.
	GOTO Syntax
)

:: Parse the first date
CALL :ParseDate %1

:: Convert the parsed Gregorian date to Julian
CALL :JDate %GYear% %GMonth% %GDay%

:: Save the resulting Julian date
SET JDate1=%JDate%

:: Parse the second date
CALL :ParseDate %Date2%

:: Convert the parsed Gregorian date to Julian
CALL :JDate %GYear% %GMonth% %GDay%

:: Calculate the absolute value of the difference in days
IF %JDate% GTR %JDate1% (
	SET /A DateDiff = %JDate% - %JDate1%
) ELSE (
	SET /A DateDiff = %JDate1% - %JDate%
)

:: Format output for singular or plural
SET Days=days
IF %DateDiff% EQU 1 SET Days=day

:: Prefix value with a minus sign if negative
IF %JDate% GTR %JDate1% SET DateDiff=-%DateDiff%

:: Display the result
echo %DateDiff%
:e
GOTO:EOF


::===================================::
::                                   ::
::   -   S u b r o u t i n e s   -   ::
::                                   ::
::===================================::


:JDate
:: Convert date to Julian
:: Arguments : YYYY MM DD
:: Returns   : Julian date
::
:: First strip leading zeroes; a logical error in this
:: routine was corrected with help from Alexander Shapiro
SET MM=%2
SET DD=%3
IF 1%MM% LSS 110 SET MM=%MM:~1%
IF 1%DD% LSS 110 SET DD=%DD:~1%
::
:: Algorithm based on Fliegel-Van Flandern
:: algorithm from the Astronomical Almanac,
:: provided by Doctor Fenton on the Math Forum
:: (http://mathforum.org/library/drmath/view/51907.html),
:: and converted to batch code by Ron Bakowski.
SET /A Month1 = ( %MM% - 14 ) / 12
SET /A Year1  = %1 + 4800
SET /A JDate  = 1461 * ( %Year1% + %Month1% ) / 4 + 367 * ( %MM% - 2 -12 * %Month1% ) / 12 - ( 3 * ( ( %Year1% + %Month1% + 100 ) / 100 ) ) / 4 + %DD% - 32075
FOR %%A IN (Month1 Year1) DO SET %%A=
GOTO:EOF 


:ParseDate
:: Parse (Gregorian) date depending on registry's date format settings
:: Argument : Gregorian date in local date format,
:: Requires : sDate (local date separator), iDate (local date format number)
:: Returns  : GYear (4-digit year), GMonth (2-digit month), GDay (2-digit day)
::
IF %iDate%==0 FOR /F "TOKENS=1-3 DELIMS=%sDate%" %%A IN ('ECHO.%1') DO (
	SET GYear=%%C
	SET GMonth=%%A
	SET GDay=%%B
)
IF %iDate%==1 FOR /F "TOKENS=1-3 DELIMS=%sDate%" %%A IN ('ECHO.%1') DO (
	SET GYear=%%C
	SET GMonth=%%B
	SET GDay=%%A
)
IF %iDate%==2 FOR /F "TOKENS=1-3 DELIMS=%sDate%" %%A IN ('ECHO.%1') DO (
	SET GYear=%%A
	SET GMonth=%%B
	SET GDay=%%C
)
GOTO:EOF


:ReadDateFormat
:: Read the Date format from the registry.
:: Arguments : none
:: Returns   : sDate (separator), iDate (date format number)
::
:: First, export registry settings to a temporary file:
::START /W REGEDIT /E "%TEMP%.\_TEMP.REG" "HKEY_CURRENT_USER\Control Panel\International"
:: Now, read the exported data:
::FOR /F "tokens=1* delims==" %%A IN ('TYPE "%TEMP%.\_TEMP.REG" ^| FIND /I "iDate"') DO SET iDate=%%B
::FOR /F "tokens=1* delims==" %%A IN ('TYPE "%TEMP%.\_TEMP.REG" ^| FIND /I "sDate"') DO SET sDate=%%B
:: Remove the temporary file:
::DEL "%TEMP%.\_TEMP.REG"
:: Remove quotes from the data read:
:: SET iDate=%iDate:"=%
::FOR %%A IN (%iDate%) DO SET iDate=%%~A
:: SET sDate=%sDate:"=%
::FOR %%A IN (%sDate%) DO SET sDate=%%~A

:: Disabled the above checking because McAfee always uses these settings:
set sDate=/
set iDate=0

GOTO:EOF


:Syntax
ECHO DateDiff.bat,  Version 1.10 for Windows NT 4 / 2000 / XP / Server 2003 / Vista
ECHO Calculate the difference (in days) between two dates
ECHO.
ECHO Usage:  DATEDIFF  date  [ date ]
ECHO.
ECHO Where:  "date"  is a "normal" Gregorian date in the local computer's format;
ECHO                 if no second date is specified, today is assumed
ECHO.
ECHO Julian date conversion based on Fliegel-Van Flandern algorithms from
ECHO the Astronomical Almanac, provided by Doctor Fenton on the Math Forum
ECHO (http://mathforum.org/library/drmath/view/51907.html), and converted
ECHO to batch code by Ron Bakowski.
ECHO Bug found by and converted with help from Alexander Shapiro.
ECHO.
ECHO Written by Rob van der Woude
ECHO http://www.robvanderwoude.com

IF "%OS%"=="Windows_NT" ENDLOCAL

And finally the files that list the registry entry's:

aveng.ini:

Code:

"HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx" /v szEngineVer
"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\GROUPSHD6000" /v EngineVersion

avdate.ini:

Code:

"HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx" /v szVirDefDate
"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8600" /v DatDate
"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\GROUPSHD6000" /v DatDate

avdef.ini:

Code:

"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8000" /v DatVersion
"HKLM\SOFTWARE\Network Associates\TVD\Shared Components\VirusScan Engine\4.0.xx" /v szVirDefVer
"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\VIRUSCAN8600" /v DATVersion
"HKLM\SOFTWARE\Network Associates\ePolicy Orchestrator\Application Plugins\GROUPSHD6000" /v DatVersion

And off course, the userparameters in the zabbix agent config file:

Code:

UserParameter=av[virver],"C:\Program Files\Zabbix Agent\virdef.bat" virver
UserParameter=av[virdate],"C:\Program Files\Zabbix Agent\virdef.bat" virdate
UserParameter=av[virabd],"C:\Program Files\Zabbix Agent\virdef.bat" virabd
UserParameter=av[engver],"C:\Program Files\Zabbix Agent\virdef.bat" engver

As always with these kind of things, a disclamer: I take NO responsibility for any damage to your system(s) if you run this.

I'm not a programmer, so consider this to be a hack.

Hope it all makes sense...

**qix** · 30-08-2007, 11:02

RohrbaGe is right, you need to use cscript.exe to start your vbs scripts.

**Melkor** · 30-08-2007, 11:52

Qix & RohrbaGe,
Thank you for the answers, I will try with this two options and if a get some nice information I told you.

Ad Widget

Retrieve text info in Windows files

Retrieve text info in Windows files

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment