From c2457de0288f6f77ce4dc19040065c475fcfa44e Mon Sep 17 00:00:00 2001 From: Guillaume Bougard Date: Tue, 11 Sep 2018 19:26:24 +0200 Subject: [PATCH] feature: add F-Secure support Set F-Secure base version to aquarius base version Set F-Secure Expiration date --- Changes | 4 +- .../Agent/Task/Inventory/Win32/AntiVirus.pm | 56 +++++++++++++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) diff --git a/Changes b/Changes index 07fa49e240..e7aba016cc 100644 --- a/Changes +++ b/Changes @@ -7,8 +7,8 @@ inventory: * Fix #299: Added UWP/APPX/Windows Store software inventory * win32 antivirus detection enhanced support: - add support for few antivirus base versions (defender, kaspersky, - EST, avira, MSE, McAfee) - - try to set license expiration date for kaspersky & avira + EST, avira, MSE, McAfee, F-Secure) + - try to set license expiration date for F-Secure, kaspersky & avira * Fix #442: kaspersky not fully recognized in russia * Fix #501: wrong status was reported when windows defender was disabled diff --git a/lib/FusionInventory/Agent/Task/Inventory/Win32/AntiVirus.pm b/lib/FusionInventory/Agent/Task/Inventory/Win32/AntiVirus.pm index f49490873b..6d53e9976a 100644 --- a/lib/FusionInventory/Agent/Task/Inventory/Win32/AntiVirus.pm +++ b/lib/FusionInventory/Agent/Task/Inventory/Win32/AntiVirus.pm @@ -5,6 +5,8 @@ use warnings; use parent 'FusionInventory::Agent::Task::Inventory::Module'; +use UNIVERSAL::require; + use FusionInventory::Agent::Tools; use FusionInventory::Agent::Tools::Win32; @@ -113,6 +115,8 @@ sub doInventory { _setAviraInfos($antivirus); } elsif ($antivirus->{NAME} =~ /Security Essentials/i) { _setMSEssentialsInfos($antivirus); + } elsif ($antivirus->{NAME} =~ /F-Secure/i) { + _setFSecureInfos($antivirus); } $inventory->addEntry( @@ -261,6 +265,58 @@ sub _setMSEssentialsInfos { if $mseReg->{"/AVSignatureVersion"}; } +sub _setFSecureInfos { + my ($antivirus) = @_; + + my $fsecReg = _getSoftwareRegistryKeys( + 'F-Secure\Ultralight\Updates\aquarius', + [ qw(file_set_visible_version) ] + ); + return unless $fsecReg; + + my $found = first { $_->{"/file_set_visible_version"} } values(%{$fsecReg}); + + $antivirus->{BASE_VERSION} = $found->{"/file_set_visible_version"} + if $found->{"/file_set_visible_version"}; + + # Try to find license "expiry_date" from a specific json file + $fsecReg = _getSoftwareRegistryKeys( + 'F-Secure\CCF\DLLHoster\100\Plugins\CosmosService', + [ qw(DataPath) ] + ); + return unless $fsecReg; + + my $path = $fsecReg->{"/DataPath"}; + return unless $path && -d $path; + + # This is the full path for the expected json file + $path .= "\\safe.S-1-5-18.local.cosmos"; + return unless -f $path; + + my $infos = getAllLines(file => $path); + return unless $infos; + + JSON::PP->require(); + my @licenses; + eval { + $infos = JSON::PP::decode_json($infos); + @licenses = @{$infos->{local}->{windows}->{secl}->{subscription}->{license_table}}; + }; + return unless @licenses; + + my $expiry_date; + # In the case more than one license is found, assume we need the one with appid=2 + foreach my $license (@licenses) { + $expiry_date = $license->{expiry_date} + if $license->{expiry_date}; + last if $expiry_date && $license->{appid} && $license->{appid} == 2; + } + return unless $expiry_date; + + my @date = localtime($expiry_date); + $antivirus->{EXPIRATION} = sprintf("%02d/%02d/%04d",$date[3],$date[4]+1,$date[5]+1900); +} + sub _getSoftwareRegistryKeys { my ($base, $values, $callback) = @_;