Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1596
Views
5
Helpful
2
Replies

SSL VPN - LUA and AV Checks

rrfield
Level 1
Level 1

‎12-18-2009 07:29 AM

Hi,

Using the help file I have been able to force a DAP to check for the existance of an AV program...

assert( function()
    for k,v in pairs(endpoint.av) do
        if (EVAL(v.exists, "EQ", "true", "string")) then
            return CheckAndMsg(false, "AV Not Installed.", "AV Installed")
        end
    end
    return CheckAndMsg(true, "Please install antivirus software before connecting.", "Good, AV Installed")
end)()

This JUST checks for the existance of AV.  I have not had any luck combining this with checking for up to date defininitions of any AV client (I'm not a programmer!).

Has anyone done this, or have hints for getting this working?

Labels:
0 Helpful
2 Replies 2

Paul Carco
Level 1
Level 1

‎12-31-2009 02:14 PM

had this working recently  we want DATs no less  than 15 days old..

EVAL(endpoint.av.McAfeeAV.lastupdate,"LT","1296000","integer")))

15 x 86400 = 1296000  (I am almost certain this is the calculation  ie, 86400 sec's a day)

rrfield
Level 1
Level 1
In response to Paul Carco

‎01-05-2010 12:40 PM

That's close to what I found online somewhere, I don't remember where now to give propper credit...this works for any AV program.  I did have to upgrade to a beta version of CSD to get some AV's to work, notably AVG.  This is set to 7 days.

assert(function()
     local block_connection = true
     local update_threshold = "604800"
     for k,v in pairs(endpoint.av) do
          if CheckAndMsg(EVAL(v.exists, "EQ", "true", "string"), nil, k.." is not enabled") then
               if CheckAndMsg((type(v.lastupdate) == "string" and
tonumber(v.lastupdate) ~= nil), nil, "No virus definition file information was received for "..k) then
                    if CheckAndMsg(EVAL(v.lastupdate, "LT", update_threshold, "integer"), nil,
                                   k.." is enabled.  The virus definition file was updated "..string.sub((tonumber(v.lastupdate)/86400), 1, 3).." days ago. Please update to current signatures.") then
                         block_connection = false
                    end
               end
          end
     end
     return block_connection
end)()

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents