Symantec Antivirus full scans - last reported time?

(imported topic written by heymon)

Is there a way to show (in an analysis) when the last full antivirus scan was done? One of the COs I support was asking for a report that shows this info from SAV Corporate Edition version 8, 9, and 10…

-Greg

(imported comment written by brolly3391)

heymon,

I would start by checking out the AV logs here:

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs

Try something like

q: lines whose (it contains “Scan Complete”) of files of folder “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs”

I could not find anything official from Symantec on decoding these log files but I did find this:

http://www.ntsug.org/pipermail/ntsug-users/2005-August/001055.html

Especially of interest is the first field:

  1. LI_TIME: Time of event

The timestamp consists of six hexadecimal octets. They represent the

following:

First octet: Number of years since 1970

Second octet: Month, where January = 0

Third octet: Day

Fourth octet: Hour

Fifth octet: Minute

Sixth octet: Second

For example, 200A13080122 represents November 19, 2002, 8:01:34 AM.

Parsing takes a little more effort due to the format of the log. The date field is the most challenging, give this a whirl:

q: (((hexadecimal integer (character 2 of it & character 3 of it))as string) & “/” & ((hexadecimal integer (character 4 of it & character 5 of it))as string) & “/” & ((hexadecimal integer (character 0 of it & character 1 of it)+1970 )as string) of preceding text of first “,” of it ) of lines whose (it contains “Scan Complete”) of files of folder “C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs”

I looked through the above web page above but did not see a solid way to differentiate between a quick scan and a full scan. You might consult your Symantec representative for more details on these logs.

That should give you a good start. We will be happy to provide more assistance as you work through this. Let us know what you finally come up with?

Cheers,

Brolly