Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Antivirus listing
From: "Debasis Mohanty" <mail () hackingspirits com>
Date: Sat, 12 Feb 2005 00:08:49 +0530

There are many ways that you can achieve it. I doubt if there is any single
API (correct me if I am wrong) which can enumerates all the installed AVs.
Most of the cases an AV will prompt you to un-install previously installed
AVs before installing. One such classic example is Symantec and McAfee, both
are mutually exclusive ;). But in your case assuming that you have more than
one AV, there are many ways you can enumerate the list of AVs installed.
Find below various possible ways: 

First you need to create a list of various entries being made by the AV in
the system when they gets installed. i.e. entries in the registry, service
control manager, local folders etc etc... 

Then you can follow either of the below given options - 

1.      Enumerating Services and Searching for those entries
        Use APIs like "OpenSCManager" and "EnumServicesStatus"

2.      Enumerating Registry Keys and searching for those entries
        Look for Installed Avs here "HKLM\Software" . 
        Use APIs like "RegEnumKey"

3.      Enumerating Browser Helper Objects and look for those entries

4.      Enumerating Running Services 
        "EnumWindows" or "Toolhelp32Snapshot"

5.      Looking for Installed Components and look for those entries
        Use "FindFirstFile" or "FindFile"       

And there are many more like this but all of them are more or less same. It
all depends which one you choose. In my opinion, option 1 and 2 are better

Refer MSDN incase you need to have more ideas about the above APIs. 

Debasis Mohanty

-----Original Message-----
From: full-disclosure-bounces () lists netsys com
[mailto:full-disclosure-bounces () lists netsys com] On Behalf Of weninson rêgo
Sent: Friday, February 11, 2005 6:14 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Antivirus listing


   Anyone know if there is an API to list the antivirus that are installed
in a windows machine and retrieve if the antivirus is up to date? Or any way
to retrieve these informations, i need to do a program to acomplish these
   I've searched all sites but got none yet. Only OPSWAT SDK but it is a
payd SDK.

Thanks in advance

DSL Komplett von GMX +++ Superg|nstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]