[MALW-3280] Added detection of Symantic components

author: Michael Boelen <michael.boelen@cisofy.com> 2017-04-29 15:22:40 +0300
committer: Michael Boelen <michael.boelen@cisofy.com> 2017-04-29 15:22:40 +0300
commit: 5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (patch)
tree: e1e4250161f08225296fcc187dda8540953846c1 /include/tests_malware
parent: a331d26ea7c75cabed8948374f5ccd8b382013a2 (diff)
1 files changed, 42 insertions, 23 deletions
diff --git a/include/tests_malware b/include/tests_malware
index 3bdc469b..03773bc1 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -36,6 +36,7 @@
     MCAFEE_SCANNER_RUNNING=0
     MALWARE_SCANNER_INSTALLED=0
     SOPHOS_SCANNER_RUNNING=0
+    SYMANTEC_SCANNER_RUNNING=
 #
 #################################################################################
 #
@@ -104,11 +105,10 @@
         IsRunning esets_daemon
         if [ ${RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found ESET security product"
             ESET_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found ESET security product"
             Report "malware_scanner[]=eset"
         fi
 
@@ -117,11 +117,10 @@
         IsRunning bdagentd
         if [ ${RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Bitdefender security product"
             BITDEFENDER_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Bitdefender security product"
             Report "malware_scanner[]=bitdefender"
         fi
 
@@ -130,11 +129,10 @@
         IsRunning com.avast.daemon
         if [ ${RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Avast security product"
             AVAST_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Avast security product"
             Report "malware_scanner[]=avast"
         fi
 
@@ -143,11 +141,10 @@
         IsRunning avqmd
         if [ ${RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Avira security product"
             AVIRA_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Avira security product"
             Report "malware_scanner[]=avira"
         fi
 
@@ -156,11 +153,10 @@
         IsRunning CylanceSvc
         if [ ${RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
             LogText "Result: found CylancePROTECT service"
             AVAST_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
             Report "malware_scanner[]=cylance-protect"
         fi
 
@@ -176,13 +172,12 @@
         fi
         if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
             LogText "Result: Found McAfee"
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
             Report "malware_scanner[]=mcafee"
-
         fi
+
         # Sophos savscand/SophosScanD
         LogText "Test: checking process savscand"
         IsRunning savscand
@@ -197,29 +192,53 @@
             SOPHOS_SCANNER_RUNNING=1
         fi
         if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
-            Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
             LogText "Result: Found Sophos"
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
             Report "malware_scanner[]=sophos"
         fi
 
+        # Symantec rtvscand/smcd/symcfgd
+        LogText "Test: checking process rtvscand"
+        IsRunning rtvscand
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        LogText "Test: checking process Symantec management client service"
+        IsRunning smcd
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        LogText "Test: checking process Symantec Endpoint Protection configuration service"
+        IsRunning symcfgd
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found one or more Symantec components"
+            MALWARE_SCANNER_INSTALLED=1
+            FOUND=1
+            Report "malware_scanner[]=symantec"
+        fi
+
         # TrendMicro (macOS)
         LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
         IsRunning TmccMac
         if [ ${RUNNING} -eq 1 ]; then
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Trend Micro component"
             FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Trend Micro"
-            AVAST_DAEMON_RUNNING=1
             MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
             Report "malware_scanner[]=trend-micro-av"
         fi
 
         if [ ${FOUND} -eq 0 ]; then
             LogText "Result: no commercial anti-virus tools found"
             AddHP 0 3
+        else
+            LogText "Result: found one or more commercial anti-virus tools"
+            AddHP 2 2
         fi
     fi
 #
author	Michael Boelen <michael.boelen@cisofy.com>	2017-04-29 15:22:40 +0300
committer	Michael Boelen <michael.boelen@cisofy.com>	2017-04-29 15:22:40 +0300
commit	5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (patch)
tree	e1e4250161f08225296fcc187dda8540953846c1 /include/tests_malware
parent	a331d26ea7c75cabed8948374f5ccd8b382013a2 (diff)