-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_sophos.vbs
72 lines (60 loc) · 2.3 KB
/
check_sophos.vbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
' Script: check_sophos.vbs
' Ripped from the check_av plugin by Matt White
' Version: 0.2
' changelog: added check x64 support 6-DEC-2012
' Updated code by [email protected]
' Date: Nov. 11, 2011
' Details: Check that the current virus definition date for Sophos Antivirus is within acceptable bounds
' NSC.ini:
' check_sophos=cscript.exe //NoLogo scripts\check_sophos.vbs /W:$ARG1$ /c:$ARG2$
' Call with:
' ./check_nrpe -H 10.9.48.185 -c check_sophos -a 0 1
' Define Constants for the script exiting
Const intOK = 0
Const intWarning = 1
Const intCritical = 2
Const intUnknown = 3
Dim intWarnLevel, intCritLevel, intDate, intDateDifference
' Create required objects
Set ObjShell = CreateObject("WScript.Shell")
Set ObjProcess = ObjShell.Environment("Process")
' Parse Arguments to find Warning and Critical Levels
If Wscript.Arguments.Named.Exists("w") Then
intWarnLevel = Cint(Wscript.Arguments.Named("w"))
Else
intWarnLevel = 2
End If
If Wscript.Arguments.Named.Exists("c") Then
intCritLevel = Cint(Wscript.Arguments.Named("c"))
Else
intCritLevel = 4
End If
' Sophos
Dim tZ, uKey, shell, lastUp
dim dateValue
tZ = +1 'time relative to GMT
' Determine CPU architecture for correct location of the registry key
strCPUArch = objProcess("PROCESSOR_ARCHITECTURE")
If InStr(1, strCPUArch, "x86") > 0 Then
uKey ="HKLM\Software\sophos\AutoUpdate\UpdateStatus\LastUpdateTime"
ElseIf InStr(1, strCPUArch, "64") > 0 Then
uKey ="HKLM\SOFTWARE\Wow6432Node\Sophos\AutoUpdate\UpdateStatus\LastUpdateTime"
End If
Set shell =CreateObject("WScript.Shell")
lastUp = shell.RegRead (uKey)
dateValue = DateAdd ("h",tZ,(DateAdd("s",lastUp,"01/01/1970 00:00:00")))
if isDate(dateValue) = false then
wscript.echo "Not a valid date format: " & dateValue
wscript.quit(intUnknown)
end if
intDateDifference = DateDiff("d", dateValue, Now)
' Output current version and definition age as Performance data
Wscript.Echo("Sophos virus definitions are " & intDateDifference & " days old" & VbCrLf & "Last Updated: " & FormatDateTime(dateValue,1))
If intDateDifference > intCritLevel Then
Wscript.Quit(intCritical)
ElseIf intDateDifference > intWarnLevel Then
Wscript.Quit(intWarning)
ElseIf intDateDifference <= intWarnLevel Then
Wscript.Quit(intOK)
End If
Wscript.Quit(intUnknown)