diff options
| author | mboelen <michael@cisofy.com> | 2015-05-04 14:37:36 +0300 |
|---|---|---|
| committer | mboelen <michael@cisofy.com> | 2015-05-04 14:37:36 +0300 |
| commit | c37e2eb9eb593aaa7aa78fda36d37fbf1d97317b (patch) | |
| tree | 3e796575742e272bd644c5f56166df3b9767d748 /include/tests_malware | |
| parent | 22810e58e7949098da1bbbfde3d5232798fabb08 (diff) | |
Extended Sophos detection
Diffstat (limited to 'include/tests_malware')
| -rw-r--r-- | include/tests_malware | 36 |
1 files changed, 15 insertions, 21 deletions
diff --git a/include/tests_malware b/include/tests_malware index 6465ab0e..2fe22ba1 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -23,7 +23,9 @@ ################################################################################# # CLAMD_RUNNING=0 + MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 + SOPHOS_SCANNER_RUNNING=0 # ################################################################################# # @@ -66,27 +68,36 @@ Register --test-no MALW-3280 --weight L --network NO --description "Check if anti-virus tool is installed" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 - MCAFEE_RUNNING=0 logtext "Test: checking process cma or cmdagent (McAfee)" # cma is too generic to match on, so we want to ensure that it is related to McAfee first if [ -x /opt/McAfee/cma/bin/cma ]; then IsRunning cma - if [ ${RUNNING} -eq 1 ]; then MCAFEE_RUNNING=1; fi + if [ ${RUNNING} -eq 1 ]; then MCAFEE_SCANNER_RUNNING=1; fi else IsRunning cmdagent - if [ ${RUNNING} -eq 1 ]; then MCAFEE_RUNNING=1; fi + if [ ${RUNNING} -eq 1 ]; then MCAFEE_SCANNER_RUNNING=1; fi fi - if [ ${MCAFEE_RUNNING} -eq 1 ]; then + if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then FOUND=1 Display --indent 2 --text "- Checking McAfee" --result "FOUND" --color GREEN logtext "Result: Found McAfee" MALWARE_SCANNER_INSTALLED=1 AddHP 2 2 fi + # Sophos savscand/SophosScanD + logtext "Test: checking process savscand" + IsRunning savscand + if [ ${RUNNING} -eq 1 ]; then + FOUND=1 + SOPHOS_SCANNER_RUNNING=1; + fi logtext "Test: checking process SophosScanD" IsRunning SophosScanD if [ ${RUNNING} -eq 1 ]; then FOUND=1 + SOPHOS_SCANNER_RUNNING=1; + fi + if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then Display --indent 2 --text "- Checking Sophos" --result "FOUND" --color GREEN logtext "Result: Found Sophos" MALWARE_SCANNER_INSTALLED=1 @@ -114,7 +125,6 @@ logtext "Result: clamscan couldn't be found" fi fi - # ################################################################################# # @@ -186,22 +196,6 @@ # ################################################################################# # - # Test : MALW-3292 - # Description : Check if at least one malware scanner is installed -# Register --test-no MALW-3292 --weight L --network NO --description "Check for at least one malware scanner" -# if [ ${SKIPTEST} -eq 0 ]; then -# if [ ${MALWARE_SCANNER_INSTALLED} -eq 1 ]; then -# logtext "Result: At least one malware scanner is installed" -# Display --indent 2 --text "- Checking presence malware scanner" --result "FOUND" --color GREEN -# #AddHP 3 3 -# else -# logtext "Result: No malware scanners found" -# Display --indent 2 --text "- Checking presence malware scanner" --result "NOT FOUND" --color YELLOW -# ReportSuggestion ${TEST_NO} "Install at least one malware scanner to perform periodic integrity tests on the system" -# #AddHP 0 3 -# fi -# fi -# ################################################################################# # # Other projects: maldetect (rfxn) |