(imported topic written by heymon)
Is there a way to show (in an analysis) when the last full antivirus scan was done? One of the COs I support was asking for a report that shows this info from SAV Corporate Edition version 8, 9, and 10…
-Greg
(imported topic written by heymon)
Is there a way to show (in an analysis) when the last full antivirus scan was done? One of the COs I support was asking for a report that shows this info from SAV Corporate Edition version 8, 9, and 10…
-Greg
(imported comment written by brolly3391)
heymon,
I would start by checking out the AV logs here:
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs
Try something like
q: lines whose (it contains “Scan Complete”) of files of folder “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs”
I could not find anything official from Symantec on decoding these log files but I did find this:
http://www.ntsug.org/pipermail/ntsug-users/2005-August/001055.html
Especially of interest is the first field:
The timestamp consists of six hexadecimal octets. They represent the
following:
First octet: Number of years since 1970
Second octet: Month, where January = 0
Third octet: Day
Fourth octet: Hour
Fifth octet: Minute
Sixth octet: Second
For example, 200A13080122 represents November 19, 2002, 8:01:34 AM.
Parsing takes a little more effort due to the format of the log. The date field is the most challenging, give this a whirl:
q: (((hexadecimal integer (character 2 of it & character 3 of it))as string) & “/” & ((hexadecimal integer (character 4 of it & character 5 of it))as string) & “/” & ((hexadecimal integer (character 0 of it & character 1 of it)+1970 )as string) of preceding text of first “,” of it ) of lines whose (it contains “Scan Complete”) of files of folder “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs”
I looked through the above web page above but did not see a solid way to differentiate between a quick scan and a full scan. You might consult your Symantec representative for more details on these logs.
That should give you a good start. We will be happy to provide more assistance as you work through this. Let us know what you finally come up with?
Cheers,
Brolly