Re: Antivirus engine check utility

From: Michel Gallant (MVP) (neutron@istar.ca)
Date: 11/02/02 

Date: Sat, 02 Nov 2002 09:49:45 -0500
From: "Michel Gallant (MVP)" <neutron@istar.ca>

I would like to know why these NT systems are different from the NT4 you
verified below.
Please verify the Java version (final MV version is 1.1.4) on those systems using:
   http://www3.sympatico.ca/mitchg/detectjvm

The Java code in AVCheck checks two Java system properties:
   user.dir and os.name
to determine where to generate the temp. files etc..

Please verify what these system-property values are using this utility (which displays ALL
your available Java system properties, for either MV JVM or Netscape JVM):
   http://home.istar.ca/~neutron/properties

I want to keep the applet sufficiently generic so that it will be portable for Java
on mac and also Netscape browser, so although I can get the TEMP envar from
Java quite easily (using J/Direct), that would lock it to MS JVM too much ;-)

Cheers,
 - Mitch

Ned Flanders wrote:

> On NT the file arrives in %TEMP%, which coincidentally happens to be
> C:\TEMP. BUT on my other machine (where NT is installed on the D: drive...)
> the View Shared Folders does not produce an output window, and the Verify AV
> part generates this:
>
> Antivirus Operation Verification
> AVCheck 1.0 11/01/2002
> ----------------------------------------------------------------------------
> ----
> The Antivirus Status Java applet cannot run properly because either:
>
> You did not grant the request privileges
> -->Reload the page (Ctrl + F5 for IE) and grant privileges ... or
>
> You do not have the required CA certificate installed
>
> Creating a directory named TEMP on the C: drive fixed both problems.
>
> "Ned Flanders" <nedfla@hotmail.com> wrote in message
> news:eY0FTihgCHA.2008@tkmsftngp08...
> > Works like a champ on Win2K SP3 and WinNT4 SP6a, except for the littering
> up
> > of my desktop with the batch file ;-) One thing I noticed is on my
> machine
> > that has 40-odd shares the NET SHARE command doesn't wait after a
> screenful
> > so some just scroll off the screen. Also - I'm completely unfamiliar with
> > Java, but isn't there a way to make the applet aim at %TEMP% instead of
> the
> > desktop? That way I won't care if there's an extra file on the system,
> and
> > my nightly %TEMP% cleanup will get it anyway. I'm *quite* anal retentive
> > about keeping my desktop tidy :-)
> >
> > Alternatively, make it a self-destructing batch file like so:
> >
> > @echo off
> > net share | more
> > pause
> > del %0 <EOF goes on THIS line to avoid "batch file missing" messages>
> >
> > That's the only nits I have to pick, and they're pretty small ones.
> >
> > "Michel Gallant (MVP)" <neutron@istar.ca> wrote in message
> > news:3DC2C400.13427A07@istar.ca...
> > > I have developed a utility to proactively check if your antivirus engine
> > > is actually working and that it is configured properly to scan all file
> > types.
> > > Don't rely on that icon-tray .... make SURE it actually is working!
> > >
> > > Originally targetted at NAV, I have reduced the functionality to
> implement
> > > an AV engine check from a digitally-signed web page to:
> > >
> > > - attempt to write the standard EICAR virus string, as a text file, to
> > the
> > > local client and detect the AV engine response (the EICAR string is
> > byte-wise
> > > embedded in the signed Java applet)
> > >
> > > - invoking the "cmd /K net share" command on NT, 2000 or
> > "netwatch.exe" for Win9x
> > > to easily allow any user to see their network shares (again for
> > non-savy users)
> > >
> > > Might be interesting to see if any firewalls/gateways are intelligent
> > enough to pick up
> > > the eicar string embedded this way :-)
> > >
> > > Anyone wishing to try the utility, email me for the link.
> > >
> > > - Michel Gallant
> > > MVP Security
> > > http://home.istar.ca/~neutron
> > >
> > >
> >
> >

Relevant Pages

  • import magic
    ... I understand that I import classes in Java so that it can figure out ... Font temp = x.getFont; ... It seem on first breath they are equally difficult problems. ... bearing on something so overarching as imports. ...
    (comp.lang.java.programmer)
  • Re: Trying to understand some C/C++ code
    ... It is converted to a network byte order integer netval. ... My stab of the code above in Java is something like this - ... Use a ByteBuffer to wrap the byte array, then we can use the byte ordered ...
    (comp.lang.java.programmer)
  • Trying to understand some C/C++ code
    ... I am trying to understand a piece of C++ code that I am trying to port ... void Buffer::packInteger{ ... My stab of the code above in Java is something like this - ...
    (comp.lang.java.programmer)
  • Re: Trying to understand some C/C++ code
    ... I am trying to understand a piece of C++ code that I am trying to port ... void Buffer::packInteger{ ... My stab of the code above in Java is something like this - ...
    (comp.lang.java.programmer)
  • Re: how best to obfuscate email address in applet
    ... > My ISP does not provide CGI or java servlets to residential users and I ... > will not use a mailto: ... > about how to get the applet to SMTP mail the form data to me. ... You could use your Java applet to open a mailto:url in the client browser. ...
    (comp.lang.java.gui)