From 5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 Mon Sep 17 00:00:00 2001 From: Michael Boelen Date: Sat, 29 Apr 2017 14:22:40 +0200 Subject: [PATCH] [MALW-3280] Added detection of Symantic components --- include/tests_malware | 65 ++++++++++++++++++++++++++++--------------- 1 file changed, 42 insertions(+), 23 deletions(-) diff --git a/include/tests_malware b/include/tests_malware index 3bdc469b..03773bc1 100644 --- a/include/tests_malware +++ b/include/tests_malware @@ -36,6 +36,7 @@ MCAFEE_SCANNER_RUNNING=0 MALWARE_SCANNER_INSTALLED=0 SOPHOS_SCANNER_RUNNING=0 + SYMANTEC_SCANNER_RUNNING= # ################################################################################# # @@ -104,11 +105,10 @@ IsRunning esets_daemon if [ ${RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN - LogText "Result: found ESET security product" ESET_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} ESET daemon" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found ESET security product" Report "malware_scanner[]=eset" fi @@ -117,11 +117,10 @@ IsRunning bdagentd if [ ${RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN - LogText "Result: found Bitdefender security product" BITDEFENDER_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Bitdefender agent" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Bitdefender security product" Report "malware_scanner[]=bitdefender" fi @@ -130,11 +129,10 @@ IsRunning com.avast.daemon if [ ${RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN - LogText "Result: found Avast security product" AVAST_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avast daemon" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Avast security product" Report "malware_scanner[]=avast" fi @@ -143,11 +141,10 @@ IsRunning avqmd if [ ${RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN - LogText "Result: found Avira security product" AVIRA_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Avira daemon" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Avira security product" Report "malware_scanner[]=avira" fi @@ -156,11 +153,10 @@ IsRunning CylanceSvc if [ ${RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} CylancePROTECT" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: found CylancePROTECT service" AVAST_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 Report "malware_scanner[]=cylance-protect" fi @@ -176,13 +172,12 @@ fi if [ ${MCAFEE_SCANNER_RUNNING} -eq 1 ]; then FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} McAfee" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found McAfee" MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 Report "malware_scanner[]=mcafee" - fi + # Sophos savscand/SophosScanD LogText "Test: checking process savscand" IsRunning savscand @@ -197,29 +192,53 @@ SOPHOS_SCANNER_RUNNING=1 fi if [ ${SOPHOS_SCANNER_RUNNING} -eq 1 ]; then - Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Sophos" --result "${STATUS_FOUND}" --color GREEN; fi LogText "Result: Found Sophos" MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 Report "malware_scanner[]=sophos" fi + # Symantec rtvscand/smcd/symcfgd + LogText "Test: checking process rtvscand" + IsRunning rtvscand + if [ ${RUNNING} -eq 1 ]; then + SYMANTEC_SCANNER_RUNNING=1 + fi + LogText "Test: checking process Symantec management client service" + IsRunning smcd + if [ ${RUNNING} -eq 1 ]; then + SYMANTEC_SCANNER_RUNNING=1 + fi + LogText "Test: checking process Symantec Endpoint Protection configuration service" + IsRunning symcfgd + if [ ${RUNNING} -eq 1 ]; then + SYMANTEC_SCANNER_RUNNING=1 + fi + if [ ${SYMANTEC_SCANNER_RUNNING} -eq 1 ]; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Symantec" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found one or more Symantec components" + MALWARE_SCANNER_INSTALLED=1 + FOUND=1 + Report "malware_scanner[]=symantec" + fi + # TrendMicro (macOS) LogText "Test: checking process TmccMac to test for Trend Micro anti-virus (macOS)" IsRunning TmccMac if [ ${RUNNING} -eq 1 ]; then + if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN; fi + LogText "Result: found Trend Micro component" FOUND=1 - Display --indent 2 --text "- ${GEN_CHECKING} Trend Micro anti-virus" --result "${STATUS_FOUND}" --color GREEN - LogText "Result: found Trend Micro" - AVAST_DAEMON_RUNNING=1 MALWARE_SCANNER_INSTALLED=1 - AddHP 2 2 Report "malware_scanner[]=trend-micro-av" fi if [ ${FOUND} -eq 0 ]; then LogText "Result: no commercial anti-virus tools found" AddHP 0 3 + else + LogText "Result: found one or more commercial anti-virus tools" + AddHP 2 2 fi fi #