public bool check_symantec_av_exist()
{
definfo_path = @"C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.2015.2015.105\Data\Definitions\VirusDefs\definfo.dat";
//Console.WriteLine(OS_System_Type);
//Console.WriteLine(definfo_path);
try {
string[] lines = System.IO.File.ReadAllLines(@".\\SYMANTEC_SEP_PATH.txt");
foreach (string line in lines)
{
definfo_path = line + "\\definfo.dat";
}
} catch (Exception e) {
Log_Writter.write_to_log_AVdebug("SYMANTEC_SEP_PATH.txt is not find, using the default path C:\\ProgramData\\Symantec\\Symantec Endpoint Protection\\12.1.2015.2015.105\\Data\\Definitions\\VirusDefs\\definfo.dat. More Error info : " + e.ToString());
}
if (File.Exists(definfo_path))
{
return(true);
}
else
{
return(false);
}
}
public int FrameworkVersion()
{
try
{
//bool tempbool = CheckDotNETVersion(NetFrameworkInstallationPath, 2);
//Console.WriteLine("dont net version 2 is installed " + tempbool);
return(getHighestVersion(NetFrameworkInstallationPath));
}
catch (SecurityException e)
{
log_Writter.write_to_log_AVdebug("Unable to allocated the .Net Framework Version, the program might not work properly " + e.ToString());
return(-1);
}
}
public bool aS_Definition_is_OutOfDate(int day_difference)
{
if (retrive_InstallLocation_Key() != null & ASSignatureApplied_regkey_value == null)
{
return(true);
}
if (ASSignatureApplied_regkey_value != null)
{
try {
byte[] bytes = (byte[])ASSignatureApplied_regkey_value;
long seconds = bytes[7] * (long)Math.Pow(2, 56) +
bytes[6] * (long)Math.Pow(2, 48) +
bytes[5] * (long)Math.Pow(2, 40) +
bytes[4] * (long)Math.Pow(2, 32) +
bytes[3] * (long)Math.Pow(2, 24) +
bytes[2] * (long)Math.Pow(2, 16) +
bytes[1] * (long)Math.Pow(2, 8) +
bytes[0];
double days = seconds / (1e7 * 86400);
DateTime date = new DateTime(1601, 1, 1);
date = date.AddDays(days);
if ((DateTime.Now - date).Days >= day_difference)
{
return(true);
}
else
{
return(false);
}
} catch (Exception e) {
if (debug_switch == 1)
{
log_Writter.write_to_log_AVdebug("There is something wrong with regKey for microsoft FCS malware, error info " + e.ToString());
}
return(false);
}
}
else
{
if (debug_switch == 1)
{
log_Writter.write_to_log_AVdebug("The ReKey for Microsoft FCS malware doesnt exits, error info, Please manully check the regKey");
}
return(false);
}
}
public Sophos_AV()
{
try {
key_Handler = new RegKey_Handler();
LastUpdateTime = key_Handler.Retrive_Sophos_RegKey_REGBINARY("LastUpdateTime");
Result = key_Handler.Retrive_Sophos_RegKey_REGBINARY("Result");
log_Writter = new Win_Log_Writter();
} catch (Exception e) {
log_Writter.write_to_log_AVdebug("Unable to retrive the regkey, the Program for MS SEP might not work properly " + e.ToString());
}
}
public MS_FEP2010()
{
log_Writter = new Win_Log_Writter();
try {
key_Handler = new RegKey_Handler();
AVSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("AVSignatureApplied");
ASSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("ASSignatureApplied");
} catch (Exception e) {
log_Writter.write_to_log_AVdebug("Error reading the registry key: " + e.ToString());
}
}
public MS_SCEP2012(int debug)
{
debug_switch = debug;
try
{
key_Handler = new RegKey_Handler();
AVSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("AVSignatureApplied");
ASSignatureApplied_regkey_value = key_Handler.Retrive_FEP_RegKey_REGBINARY("ASSignatureApplied");
log_Writter = new Win_Log_Writter();
}
catch (Exception e)
{
log_Writter.write_to_log_AVdebug("Unable to retrive the regkey, the Program for MS SEP might not work properly " + e.ToString());
}
}
public bool aV_Definition_is_OutOfDate(int day_difference)
{
DateTime unix_date = UnixTimeStampToDateTime(Convert.ToDouble(LastUpdateTime));
try {
if ((DateTime.Now - unix_date).Days >= day_difference)
{
return(true);
}
else
{
return(false);
}
} catch (Exception e) {
log_Writter.write_to_log_AVdebug("There is something wrong with regKey for microsoft Anti-virus, error info " + e.ToString());
return(false);
}
}
public void Check_the_OS_Version()
{
try {
OperatingSystem os = Environment.OSVersion;
Version vs = os.Version;
ManagementScope scope = new ManagementScope("\\\\.\\ROOT\\cimv2");
ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_ComputerSystem");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(scope, query);
ManagementObjectCollection queryCollection = searcher.Get();
foreach (ManagementObject m in queryCollection)
{
mo = m;
}
OS_System_Type = mo["systemtype"].ToString();
} catch (Exception e) {
Win_Log_Writter Log_Writter = new Win_Log_Writter();
Log_Writter.write_to_log_AVdebug("Error to check the OS Version " + e.ToString());
}
}
public object Retrive_FEP_RegKey_REGBINARY(string key_name)
{
try {
key = Registry.LocalMachine.OpenSubKey("SOFTWARE\\Microsoft\\Microsoft Antimalware\\Signature Updates\\");
Type type = typeof(RegistryKey);
FieldInfo fi = type.GetField(
"hkey",
BindingFlags.NonPublic | BindingFlags.Instance);
SafeHandle handle = (SafeHandle)fi.GetValue(key);
IntPtr realHandle = handle.DangerousGetHandle();
int errorCode = RegDisableReflectionKey(handle.DangerousGetHandle());
value1 = key.GetValue(key_name);
return(value1);
} catch (Exception e) {
Log_Writter.write_to_log_AVdebug("Registery Read failed for Microsoft End Point Protection, if this software is not installed, you can safely ignore this message");
return(null);
}
}
public bool aV_Definition_is_OutOfDate(int day_difference)
{
if (check_symantec_av_exist())
{
string[] lines = new string[3];
int lines_index = 0;
//= System.IO.File.ReadAllLines(definfo_path);
try {
// Create an instance of StreamReader to read from a file.
// The using statement also closes the StreamReader.
using (StreamReader sr = new StreamReader(definfo_path)) {
String line;
// Read and display lines from the file until the end of
// the file is reached.
while ((line = sr.ReadLine()) != null)
{
lines[lines_index] = line;
lines_index++;
}
}
} catch (Exception e) {
// Let the user know what went wrong.
Log_Writter.write_to_log_AVdebug("definfo.dat File is not in correct format please check or doest exists" + e.ToString());
return(false);
//Console.WriteLine(e.Message);
}
// Console.ReadLine();
curDefs = lines[1];
}
else
{
Log_Writter.write_to_log_AVdebug("The definfo.dat file does not exists, please check the installation of Symantec Anti-virus");
return(false);
}
//Console.WriteLine("this is it" + curDefs);
if (curDefs != null)
{
//Console.WriteLine("format!!!! "+curDefs);
curDefs_year = curDefs.Substring(8, 4);
curDefs_month = curDefs.Substring(12, 2);
curDefs_day = curDefs.Substring(14, 2);
curDefs_rev = curDefs.Substring(17, 3);
try {
curDefs_year_int = Convert.ToInt32(curDefs_year);
// Console.WriteLine("curDefs_year_int" + curDefs_year_int);
curDefs_month_int = Convert.ToInt32(curDefs_month);
// Console.WriteLine("curDefs_month_int" + curDefs_month_int);
curDefs_day_int = Convert.ToInt32(curDefs_day);
// Console.WriteLine("curDefs_day" + curDefs_day);
// Console.WriteLine("curDefs_day_int" + curDefs_day_int);
// Console.WriteLine("coverting test is " + Convert.ToInt32("10"));
// Console.ReadLine();
dt = new DateTime(curDefs_year_int, curDefs_month_int, curDefs_day_int);
// Console.WriteLine("datetime current is " + DateTime.Now);
// Console.WriteLine("datatime of av is " + dt.ToString());
// Console.WriteLine( "test difference"+ (DateTime.Now - dt).TotalDays);
if ((DateTime.Now - dt).TotalDays >= day_difference)
{
Log_Writter.write_to_log_Error("Anti-virus definition is more than " + day_difference + " days old, please contact administrator to review the anti-virus definitions");
return(true);
}
else
{
//Console.WriteLine("this is NOT out of the date");
Log_Writter.write_to_log_info("Anti-virus definition is less than " + day_difference + " days old, No Action is required ");
return(false);
}
} catch (Exception e) {
Log_Writter.write_to_log_AVdebug("Script is not working with following error : " + e.ToString());
return(false);
}
}
return(false);
}
