Added modules for antivirus programs Dr.Web and KESL #931
Conversation
There was a problem hiding this comment.
Hi @AnilAntari
thank you for your PR.
Actually, I can't accept it as is.
SERVER_LICENSE is not supported in the format so you can remove related code.
Time::Piece module is used in piece of code to set UPTODATE but with assumption you can't really use. UPTODATE can only be set if AV really tells you it is up-to-date.
Time::Piece module is also used in piece of code to set EXPIRATION, but there I think it's overkill. Can you better get rid of this new dependency ?
Can you also provide output samples for all the used commands ?
Here is the list I'm thinking of:
LANG=C drweb-ctl --version
LANG=C drweb-ctl baseinfo
LANG=C drweb-ctl license
LANG=C kesl-control --app-info
If you have some difference context case with different output, don't hesitate to add them.
|
Hi @g-bougard I've taken your comments into account and fixed the modules. Example drweb-ctl 11.1.16.2406170954Example Core engine version: 7.00.67.02170
Virus database timestamp: 2025-Jun-16 19:41:35
Virus database fingerprint: 8E170199DE6E9BE7CC621F6BF976B5B2
Virus databases loaded: 98
Virus records: 12529807
Anti-spam core is not loaded
Last successful update: 2025-Jun-16 20:58:34
Next scheduled update: 2025-Jun-16 21:28:34Example License number 152625517, expires 2025-Jul-13 18:46:26 (26 days left)Example The license is granted by the protection serverExample Name: Kaspersky Endpoint Security 12.2 for Linux
Version: 12.2.0.2412
Policy: Not applied
Application license information: The key is valid
Kaspersky Endpoint Security license expiration date: 2025-07-18 16:25:49
MDR BLOB file status: Not loaded
Backup state: No objects in Backup
Backup space usage: Backup size is unlimited
Last run date of the Scan_My_Computer task: Never run
Last release date of databases: 2025-06-16 19:18:00
Application databases loaded: Yes
Kaspersky Security Network usage: Extended KSN mode
Kaspersky Security Network infrastructure: Kaspersky Security Network
Kaspersky Managed Detection and Response Integration: Disabled
Kaspersky Endpoint Detection and Response Optimum Integration: Stopped
File Threat Protection: Available and running
Container Monitoring: Unavailable due to license limitation
System Integrity Monitoring: Unavailable due to license limitation
Firewall Management: Available and stopped
Anti-Cryptor: Available and stopped
Web Threat Protection: Available and stopped
Device Control: Available and running
Removable Drives Scan: Available and stopped
Network Threat Protection: Available and stopped
Behavior Detection: Available and running
Application Control: Available and stopped
Web Control: Available and stopped
Kaspersky Endpoint Detection and Response (KATA) Integration: Available and stopped
KATA Sandbox Integration: Available and stopped
Kaspersky Unified Monitoring and Analysis Platform Integration: Unavailable due to license limitation
Kaspersky Network Detection and Response (KATA) Integration: Available and stopped
Post-update actions: No action required |
There was a problem hiding this comment.
Hi @AnilAntari
thank you for the PR update and command outputs. I'll be able to add tests after the PR merge.
You still have few update to make:
- don't use LANG setting in command run as this is still set by our API. Does glpi-agent really see localized string in outputs ?
- don't forget to add a End-Of-Line char on the last line of files
- expiration date must not include the time of day
I propose also few regexp optimization (not critical).
Also, I propose a piece of code to analyze the expiration for DrWeb AV as we still have an API which can help.
|
Hi @g-bougard thank you for helping me improve the modules. After testing |
There was a problem hiding this comment.
Hi @AnilAntari
thank you for the updates we are now really near to a merge.
I saw you included another change in the first changes commit. But I don't agree with that change. Can you review my comment and tell me if you agree ?
Just for your knowledge, when you make a single commit which includes review requested changes, it's always better to only commit requested changes. It's not forbidden to add commits with other changes: if they are separated, this leaves you the opportunity to just revert it if we don't agree.
But don't worry, this is not dramatic, this is just a good practice.
There was a problem hiding this comment.
Hi @AnilAntari
thank you for the last commit.
Unittests pointed out few minor problems meaning you have to make a last code cleaning commit.
This will be good for a merge after that.
Added modules for antivirus programs Dr.Web and Kaspersky Endpoint Security.
These modules use
Time::Piecefor:1. Data analysis
Converts data strings from the antivirus output (for example, 2025-06-09, February 15, 2023) into temporary objects.
Supports:
2. Time check
Compares the dates with the current time to check:
Some Linux distributions do not include the
Time::Piecemodule by default, requiring manual installation.