Geek Speak.

Like every server administrator, we maintain a list of server names at my current employer. There is a department here that is in charge of evaluating virus definitions and making sure that all of the servers that list are secure against the next big outbreak.

Every once in a while, though, I'll log into a machine and notice the little shield icon with an exclamation point over it. This is Symantec Anti-Virus' way of letting me know that it's virus definition files are out of date.

For one reason or another there will often be a server or two in our environment that isn't getting updated and we don't recognize the problem until it's too late. Resolution to these problems is usually pretty easy, it is just a major hassle to log into hundreds, or possibly even thousands of machines to ensure that they are up to date.

This is what makes scripts great. It is easy to script a task that would otherwise be tedious and monotonous. So, how can I tell what version of definitions are installed on any given machine? Well Symantec stores the currently installed version in the following file: "C:\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat".

If we open up this file, it looks just like a standard INI file. With properties and their corresponding values assigned to them. Scrolling through the file reveals that "CurDefs=" holds the value of the currently installed definitions. Great! Now we can write up a little script to pull that information, parse it, and return the value of the currently installed virus definitions.

Function GetVirusDefDate(sServerName)   'This function will check the sServerName for the currently installed   'Anti-Virus definitions for Symantec Anti-Virus. You can use these   'same concepts to parse other files for content too.   '   'This script is provided under the Creative Commons license located   'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not   'be used for commercial purposes with out the expressed written consent   'of NateRice.com   Const OpenAsDefault = -2   Const FailIfNotExist = 0   Const ForReading = 1   Set oFSO = CreateObject("Scripting.FileSystemObject")   If oFSO.FileExists("\\" & sServerName & _   "\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat") Then       Set fFile = oFSO.OpenTextFile("\\" & sServerName & _       "\c$\Program Files\Common Files\Symantec Shared\VirusDefs\definfo.dat", _       ForReading, FailIfNotExist, OpenAsDefault)   Else     GetVirusDefDate = 0     Set oFSO = Nothing     Exit Function   End If   sResults = fFile.ReadAll   fFile.Close       aSplitAtCurDefs = Split(sResults, "CurDefs=")   aSplitAtLF = Split(aSplitAtCurDefs(1), vbLf)   GetVirusDefDate = Replace(aSplitAtLF(0), vbCr, "")   Set oFSO = Nothing End Function

Enjoy!