====== Forefront Security for Exchange 2007 ====== ^ Author | [[ david@stenhouseconsulting.com | David Gilmore ]] | ^ Compatibility | Xymon 4.2 | ^ Requirements | Windows Server 2003 x64/Exchange 2007/Forefront Security Server for Exchange 2007/BBWin | ^ Download | None | ^ Last Update | 2007-07-12 | ===== Description ===== VBS Script that checks the status of multiple AV engines used by Microsoft’s Forefront Security Server for Exchange and reports status under the FSE column. ===== Installation ===== === Client side === - Add to BBWin.cfg in externals This may work as well '========================================================================================================== ' ' VBScript Source File ' ' NAME: MSForefront.vbs (formerly BBantigen-V8.vbs) ' Script to be used with BBWin to check ForeFront Server for Exchange 2007 virus definition version ' ' Version: 1.5 ' ' AUTHOR: David Gilmore; david@stenhouseconsulting.com ' DATE : 07/11/2007 ' ' COMMENT: This script will check a range of engines which are used in ForeFront Server for Exchange 2007 ' It will Warn or Alarm as configured and report the information back to the ' configured Xymon Server. It requires the BBWin client installed. ' You can put the script in the Externals Scripts or you can schedule it as a scheduled task. ' Since it is recommended to use no more than five engines you will need to modify script for engines ' in use. ' ' ' LICENSE: ' Copyright (c) 2005, Roos-IT ' All rights reserved. ' ' Redistribution and use in source and binary forms, with or without ' modification, are permitted provided that the following conditions are met: ' ' - Redistributions of source code must retain the above copyright notice, ' this list of conditions and the following disclaimer. ' - Redistributions in binary form must reproduce the above copyright notice, ' this list of conditions and the following disclaimer in the documentation ' and/or other materials provided with the distribution. ' - Neither the name of Roos-IT nor the names of its contributors ' may be used to endorse or promote products derived from this software without ' specific prior written permission. ' ' THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY ' EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ' OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT ' SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, ' SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT ' OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ' HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR ' TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, ' EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ' ' VERSION HISTORY: ' 0.1 - Initial Release ' 0.2 - fixe one engine with all status report ' 0.3 - fixe more engines with all status report ' 0.4 - fixe one engine with own status report ' 0.5 - fixe more engines with own status report ' 0.6 - counters for Admins ' 0.7 - page status warning by engines ' 0.8 - HTML layout dressing ' 0.9 - now change the page name in bb ' 1.0 - changed external path, read from registry ' ' 1.5 - script modified and updated for use with MS ' Forefront Server for Exchange 2007 and new ' engines. ' '========================================================================================================== '---Dimensionering. Dim zPageName,zRevChk,zPageStatus,zDateDiff,zOutFile,zRedChk,zYellowChk,zRedChk1,zYellowChk1,zShell,zExtPath,zFSO Dim aShell,aDef,aDate,aVer,aRev,aNDate,aToday,aTime,aEng,aRevDef Dim bShell,bDef,bDate,bVer,bRev,bNDate,bToday,bTime,bEng,bRevDef Dim cShell,cDef,cDate,cVer,cRev,cNDate,cToday,cTime,cEng,cRevDef Dim dShell,dDef,dDate,dVer,dRev,dNDate,dToday,dTime,dEng,dRevDef Dim eShell,eDef,eDate,eVer,eRev,eNDate,eToday,eTime,eEng,eRevDef Dim fShell,fDef,fDate,fVer,fRev,fNDate,fToday,fTime,fEng,fRevDef Dim gShell,gDef,gDate,gVer,gRev,gNDate,gToday,gTime,gEng,gRevDef Dim hShell,hDef,hDate,hVer,hRev,hNDate,hToday,hTime,hEng,hRevDef Dim iShell,iDef,iDate,iVer,iRev,iNDate,iToday,iTime,iEng,iRevDef Dim jShell,jDef,jDate,jVer,jRev,jNDate,jToday,jTime,jEng,jRevDef Dim oShell,oDef,oDate,oVer,oRev,oNDate,oToday,oTime,oEng,oRevDef '***********************************Begin configurable counters for Admins*********************************** ' ---How many days before the engine defintion files expire and the warning status will change. zRevChk = 7 '---Warning levels for expired definition files. ' * how many engines are out of date to change the page status to yellow zYellowChk = 2 ' * how many engines are out of date to change the page status to red zRedChk = 4 '---Change the following path to point to your BBWin EXTERNALPATH location if the registry read does not work. '---There is a "'" in front of the line you don't want tot use. Set zShell = WScript.CreateObject("Wscript.Shell") zExtPath = zShell.RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\BBWin\tmppath") ' Const zExtPath = "D:\Program Files (x86)\BBWin\tmp" '---Name of the header on page zPageName = "fse" '***********************************End configurable counters for Admins*********************************** '---Create BB object. Set zFSO= CreateObject("Scripting.FileSystemObject") '---Create Output file. Set zOutFile = zFSO.CreateTextFile (zExtPath &"\"& zPageName) '---resetting counters zPageStatus = 0 '---Check Virus Def Date by reading value from registry for AhnLab V3 Engine Set oShell = WScript.CreateObject("Wscript.Shell") oRev = oShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\AhnLab\Signature Version") oEng = oShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\AhnLab\Engine Version") oDef = oShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\AhnLab\Last Updated") oVer = Right(oDef,19) oTime = Right(oVer,8) oDate = Left(oVer,8) oYear = Mid(oDate,6,2) oMonth = Left(oDate,2) oDay = Mid(oDate,3,2) oNDate = oVer oToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB oDateDiff = DateDiff("d", oNDate, oToday) If (oDateDiff > zRevChk) then oRevDef = "yellow" Else oRevDef = "green" End If '---Check Virus Def Date by reading value from registry for CA Vet Set bShell = WScript.CreateObject("Wscript.Shell") bRev = bShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\CAVet\Signature Version") bEng = bShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\CAVet\Engine Version") bDef = bShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\CAVet\Last Updated") bVer = Right(bDef,19) bTime = Right(bVer,8) bDate = Left(bVer,8) bYear = Mid(bDate,6,2) bMonth = Left(bDate,2) bDay = Mid(bDate,3,2) bNDate = bVer bToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB bDateDiff = DateDiff("d", bNDate, bToday) If (bDateDiff > zRevChk) then bRevDef = "yellow" Else bRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Command Set cShell = WScript.CreateObject("Wscript.Shell") cRev = cShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Command\Signature Version") cEng = cShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Command\Engine Version") cDef = cShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Command\Last Updated") cVer = Right(cDef,19) cTime = Right(cVer,8) cDate = Left(cVer,8) cYear = Mid(cDate,6,2) cMonth = Left(cDate,2) cDay = Mid(cDate,3,2) cNDate = cVer cToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB cDateDiff = DateDiff("d", cNDate, cToday) If (cDateDiff > zRevChk) then cRevDef = "yellow" Else cRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Kaspersky Set dShell = WScript.CreateObject("Wscript.Shell") dRev = dShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Kaspersky5\Signature Version") dEng = dShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Kaspersky5\Engine Version") dDef = dShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Kaspersky5\Last Updated") dVer = Right(dDef,19) dTime = Right(dVer,8) dDate = Left(dVer,8) dYear = Mid(dDate,6,2) dMonth = Left(dDate,2) dDay = Mid(dDate,3,2) dNDate = dVer dToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB dDateDiff = DateDiff("d", dNDate, dToday) If (dDateDiff > zRevChk) then dRevDef = "yellow" Else dRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Norman Data Defense Set fShell = WScript.CreateObject("Wscript.Shell") fRev = fShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Norman\Signature Version") fEng = fShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Norman\Engine Version") fDef = fShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Norman\Last Updated") fVer = Right(fDef,19) fTime = Right(fVer,8) fDate = Left(fVer,8) fYear = Mid(fDate,6,2) fMonth = Left(fDate,2) fDay = Mid(fDate,3,2) fNDate = fVer fToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB fDateDiff = DateDiff("d", fNDate, fToday) If (fDateDiff > zRevChk) then fRevDef = "yellow" Else fRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Sophos Anti-Virus Set gShell = WScript.CreateObject("Wscript.Shell") gRev = gShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Sophos\Signature Version") gEng = gShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Sophos\Engine Version") gDef = gShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\Sophos\Last Updated") gVer = Right(gDef,19) gTime = Right(gVer,8) gDate = Left(gVer,8) gYear = Mid(gDate,6,2) gMonth = Left(gDate,2) gDay = Mid(gDate,3,2) gNDate = gVer gToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB gDateDiff = DateDiff("d", gNDate, gToday) If (gDateDiff > zRevChk) then gRevDef = "yellow" Else gRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Sybari Worm List Set iShell = WScript.CreateObject("Wscript.Shell") iRev = iShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\WormList\Signature Version") iEng = iShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\WormList\Engine Version") iDef = iShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\WormList\Last Updated") iVer = Right(iDef,19) iTime = Right(iVer,8) iDate = Left(iVer,8) iYear = Mid(iDate,6,2) iMonth = Left(iDate,2) iDay = Mid(iDate,3,2) iNDate = iVer iToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB iDateDiff = DateDiff("d", iNDate, iToday) If (iDateDiff > zRevChk) then iRevDef = "yellow" Else iRevDef = "green" End If '---Check Virus Def Date by reading value from registry for Virus Buster Set jShell = WScript.CreateObject("Wscript.Shell") jRev = jShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\VBuster\Signature Version") jEng = jShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\VBuster\Engine Version") jDef = jShell.RegRead ("HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\VBuster\Last Updated") jVer = Right(jDef,19) jTime = Right(jVer,8) jDate = Left(jVer,8) jYear = Mid(jDate,6,2) jMonth = Left(jDate,2) jDay = Mid(jDate,3,2) jNDate = jVer jToday = FormatDateTime(Now, vbShortDate) '---Determine age of virus definitions, if more thn 7 days old display yellow on BB jDateDiff = DateDiff("d", jNDate, jToday) If (jDateDiff > zRevChk) then jRevDef = "yellow" Else jRevDef = "green" End If '---determine page error status If (oDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (aDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (bDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (cDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (dDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (eDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (fDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (gDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (hDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (iDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If If (jDateDiff > zRevChk) then zPageStatus = zPageStatus + 1 Else zPageStatus = zPageStatus End If '---Page status to green, yellow or red If (zPageStatus > zYellowChk) then zDateDiff = "yellow+25h" If (zPageStatus > zRedChk) then zDateDiff = "red+25h" End If Else zDateDiff = "green+25h" End If '---write results to file zOutFile.WriteLine zDateDiff & vbCrLf zOutFile.WriteLine vbCrLf &"Found Forefront Security v1 for Exchange 2007" & vbCrLf zOutFile.WriteLine zPageStatus & " Virus Scanner definition file(s) is/are out of date" & vbCrLf & vbCrLf zOutFile.WriteLine "AhnLab V3 Engine" zOutFile.WriteLine oRevDef & " Engine version: " & vbTab & oEng zOutFile.WriteLine oRevDef & " Definition version: " & vbTab & oRev & vbTab &" date: "& oNDate zOutFile.WriteLine " Virus definitions are "& oDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "CA Vet" zOutFile.WriteLine bRevDef & " Engine version: " & vbTab & bEng zOutFile.WriteLine bRevDef & " Definition version: " & vbTab & bRev & vbTab &" date: "& bNDate zOutFile.WriteLine " Virus definitions are "& bDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Command" zOutFile.WriteLine cRevDef & " Engine version: " & vbTab & cEng zOutFile.WriteLine cRevDef & " Definition version: " & vbTab & cRev & vbTab &" date: "& cNDate zOutFile.WriteLine " Virus definitions are "& cDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Kaspersky" zOutFile.WriteLine dRevDef & " Engine version: " & vbTab & dEng zOutFile.WriteLine dRevDef & " Definition version: " & vbTab & dRev & vbTab &" date: "& dNDate zOutFile.WriteLine " Virus definitions are "& dDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Norman Data Defense" zOutFile.WriteLine fRevDef & " Engine version: " & vbTab & fEng zOutFile.WriteLine fRevDef & " Definition version: " & vbTab & fRev & vbTab & vbTab &" date: "& fNDate zOutFile.WriteLine " Virus definitions are "& fDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Sophos Anti-Virus" zOutFile.WriteLine gRevDef & " Engine version: " & vbTab & gEng zOutFile.WriteLine gRevDef & " Definition version: " & vbTab & gRev & vbTab & vbTab &" date: "& gNDate zOutFile.WriteLine " Virus definitions are "& gDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Sybari Worm List" zOutFile.WriteLine iRevDef & " Engine version: " & vbTab & iEng zOutFile.WriteLine iRevDef & " Definition version: " & vbTab & iRev & vbTab &" date: "& iNDate zOutFile.WriteLine " Virus definitions are "& iDateDiff &" day(s) old" & vbCrLf zOutFile.WriteLine "Virus Buster" zOutFile.WriteLine jRevDef & " Engine version: " & vbTab & jEng zOutFile.WriteLine jRevDef & " Definition version: " & vbTab & jRev & vbTab & vbTab &" date: "& jNDate zOutFile.WriteLine " Virus definitions are "& jDateDiff &" day(s) old" & vbCrLf & vbCrLf & vbCrLf zOutFile.WriteLine "

" & ZpageName & " script updated by stenhouseconsulting.com

" '---Close log file zOutFile.Close ===== Known Bugs and Issues ===== ===== To Do ===== ===== Credits ===== [[ http://www.deadcat.net/viewfile.php?fileid=924 | BBantigen-V8.vbs ]] ===== Changelog ===== * **2007-07-12** * Initial release