[MALW-3280] Added detection of Symantic components

2017-04-29 14:22:40 +02:00 · 2017-04-29 14:22:40 +02:00 · 5ccd0912cf
parent a331d26ea7
commit 5ccd0912cf
1 changed files with 42 additions and 23 deletions
--- a/include/tests_malware
+++ b/include/tests_malware
@ -36,6 +36,7 @@
    MCAFEE_SCANNER_RUNNING=0
    MALWARE_SCANNER_INSTALLED=0
    SOPHOS_SCANNER_RUNNING=0
+    SYMANTEC_SCANNER_RUNNING=
 #
 #################################################################################
 #
@ -104,11 +105,10 @@
        IsRunning esets_daemon
        if [ ${RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found ESET security product"
            ESET_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found ESET security product"
            Report "malware_scanner[]=eset"
        fi

@ -117,11 +117,10 @@
        IsRunning bdagentd
        if [ ${RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Bitdefender security product"
            BITDEFENDER_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Bitdefender security product"
            Report "malware_scanner[]=bitdefender"
        fi

@ -130,11 +129,10 @@
        IsRunning com.avast.daemon
        if [ ${RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Avast security product"
            AVAST_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Avast security product"
            Report "malware_scanner[]=avast"
        fi

@ -143,11 +141,10 @@
        IsRunning avqmd
        if [ ${RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Avira security product"
            AVIRA_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Avira security product"
            Report "malware_scanner[]=avira"
        fi

@ -156,11 +153,10 @@
        IsRunning CylanceSvc
        if [ ${RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi
            LogText "Result: found CylancePROTECT service"
            AVAST_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
            Report "malware_scanner[]=cylance-protect"
        fi

@ -176,13 +172,12 @@
        fi
        if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi
            LogText "Result: Found McAfee"
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
            Report "malware_scanner[]=mcafee"
-
        fi
+
        # Sophos savscand/SophosScanD
        LogText "Test: checking process savscand"
        IsRunning savscand
@ -197,29 +192,53 @@
            SOPHOS_SCANNER_RUNNING=1
        fi
        if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then
-            Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi
            LogText "Result: Found Sophos"
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
            Report "malware_scanner[]=sophos"
        fi

+        # Symantec rtvscand/smcd/symcfgd
+        LogText "Test: checking process rtvscand"
+        IsRunning rtvscand
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        LogText "Test: checking process Symantec management client service"
+        IsRunning smcd
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        LogText "Test: checking process Symantec Endpoint Protection configuration service"
+        IsRunning symcfgd
+        if [ ${RUNNING} -eq 1 ]; then
+            SYMANTEC_SCANNER_RUNNING=1
+        fi
+        if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found one or more Symantec components"
+            MALWARE_SCANNER_INSTALLED=1
+            FOUND=1
+            Report "malware_scanner[]=symantec"
+        fi
+
        # TrendMicro (macOS)
        LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)"
        IsRunning TmccMac
        if [ ${RUNNING} -eq 1 ]; then
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: found Trend Micro component"
            FOUND=1
-            Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN
-            LogText "Result: found Trend Micro"
-            AVAST_DAEMON_RUNNING=1
            MALWARE_SCANNER_INSTALLED=1
-            AddHP 2 2
            Report "malware_scanner[]=trend-micro-av"
        fi

        if [ ${FOUND} -eq 0 ]; then
            LogText "Result: no commercial anti-virus tools found"
            AddHP 0 3
+        else
+            LogText "Result: found one or more commercial anti-virus tools"
+            AddHP 2 2
        fi
    fi
 #