Forum Discussion

James_P_133560's avatar
James_P_133560
Icon for Nimbostratus rankNimbostratus
Jul 17, 2014

APM Antivirus (EPSEC/OPSWAT) checking

Hi all,

 

First post, long-time crawler.

 

We are currently doing a proof of concept using the built-in APM client-side antivirus checking (EPSEC/OPSWAT) for compliance. I've got everything setup and working as I would expect, but there's one thing I can't quite figure out. We are specifying the antivirus age to be no older than 7 days and are not seeing any resultant session variables set that would indicate database ages out of compliance.

 

Does this function look at the session.check_av.last.item_x.db_time variable? If so, I don't understand the value that is set for this variable (ie. a Kaspersky database dated Apr 20, 2014 gives db_time=1405626209, SEP database dated Jul 17, 2014 gives db_time=1405569600). The end result for both AV checks is check_av.last.result=1, check_av.last.state=1, and check_av.last.error=0, which is a PASS/SUCCESS.

 

If anyone can even shed light on the db_time variable value, then I can just write an iRule and set a custom flag for database age myself. That said, I know that would require the db_time to be consistent across all AV platforms.

 

Thanks for any help that can be provided on this.

 

James

 

3 Replies

  • Hi James,

     

    The date is in epoch and you can use a site like http://www.epochconverter.com/ to find out the human readable time.

     

    Kaspersky database dated Apr 20, 2014 gives db_time=1405626209 (Human Time: Thu, 17 Jul 2014 19:43:29 GMT

     

    SEP database dated Jul 17, 2014 gives db_time=1405569600 (Human Time: Thu, 17 Jul 2014 04:00:00 GMT)

     

    Are you sure the Kaspersky version is dated 4/20/14? Can you post all the session variables from the AV check so we can review?

     

    I wouldn't recommend using an iRule to enforce the db age as that is what the product is supposed to do. Before you do that lets see if we can shed some light on the real issue.

     

    Regards, Seth

     

  • 0 - data is not available non-0 integer - Date of last database update (seconds since 1/1/1970)