diff options
author | fbomj <frank.bourdeau@ocsinventory-ng.org> | 2019-11-06 23:49:54 +0300 |
---|---|---|
committer | fbomj <frank.bourdeau@ocsinventory-ng.org> | 2019-11-06 23:49:54 +0300 |
commit | 2b8f761efa685b5e36e1eb20efef6766dbfb84b9 (patch) | |
tree | e42883b3512c0e9b49df973628118ffb36ce8023 /include/tests_malware | |
parent | 0fe16a286e5671802582b10d33016a3cf9cdfdbb (diff) |
MALW-3280: Kaspersky detection
Diffstat (limited to 'include/tests_malware')
-rw-r--r-- | include/tests_malware | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/include/tests_malware b/include/tests_malware index b260c488..e8d680c1 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -33,6 +33,7 @@ CLAMSCAN_INSTALLED=0 ESET_DAEMON_RUNNING=0 FRESHCLAM_DAEMON_RUNNING=0 + KASPERSKY_SCANNER_RUNNING=0 MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 SOPHOS_SCANNER_RUNNING=0 @@ -155,6 +156,22 @@ Report "malware_scanner[]=cylance-protect" fi + # Kaspersky products + LogText "Test: checking process wdserver or klnagent (Kaspersky)" + # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first + if [ -x /opt/kaspersky/kesl/libexec/kesl_launcher.sh ]; then + if IsRunning "wdserver"; then KASPERSKY_SCANNER_RUNNING=1; fi + else + if IsRunning "klnagent"; then KASPERSKY_SCANNER_RUNNING=1; fi + fi + if [ ${KASPERSKY_SCANNER_RUNNING} -eq 1 ]; then + FOUND=1 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: Found Kaspersky" + MALWARE_SCANNER_INSTALLED=1 + Report "malware_scanner[]=kaspersky" + fi + # McAfee products LogText "Test: checking process cma or cmdagent (McAfee)" # cma is too generic to match on, so we want to ensure that it is related to McAfee first |