Lavim All American 945 Posts user info edit post |
All of my professional and most of my personal programming experience has been for Unix based OSs. Thus, I am having trouble picking from the myriad of Windows Scripting options available to perform the following, relatively simple, task:
An executable that will download the latest Anti-virus definitions (that will be kept on a thumb drive) and a similiar executable that will then upload those definitions to another machine and have the anti-virus software either run it's own update or rig an update to have the definitions on that second machine updated. The second machine in this case is being kept off the net and will only be used ask a scanning tool for the group.
I've used Perl for many tasks before (I'm not a one-liner wizard), but before I explore that option, is there another language that would be preferable for this task? 10/6/2009 6:04:33 PM |
smoothcrim Universal Magnetic! 18969 Posts user info edit post |
I would do it in batch. you will need an extra util, winscp or wget. the question is why this is necessary if the 2nd machine has no network connection... 10/6/2009 7:22:49 PM |
evan All American 27701 Posts user info edit post |
don't use batch, use vbscript/WSH. 10/7/2009 1:06:20 AM |
Lavim All American 945 Posts user info edit post |
Some stupid people at my work introduced and spread an internal worm specifically written to attack our network. This caused the higher-ups to freak out big time, so now my direct boss wants a computer that is kept off the network that he plans on making anyone bringing in outside media (CDs, thumb drives, etc) to put in the off-network machine to scan.
Thus, I'm writing a script that I will store on a thumb-drive kept with the off-network machine. Users will plug the thumb drive into a networked machine, run the script to grab the latest definitions and other updates, plug it back into the non-networked machine, run a script to update the machine. Then they can scan their outside media.
It's amazing how ridiculous computer security has gotten around here (this scheme of my bosses is honestly very minor compared to what has been done lab-wide).
VBScript was what I was looking at overnight, thanks evan. 10/7/2009 1:01:18 PM |
qntmfred retired 40818 Posts user info edit post |
jesus christ. 10/7/2009 1:05:38 PM |
Shaggy All American 17820 Posts user info edit post |
Put the "off-network" computer inside your DMZ, outside you firewall, or anywhere it can get to the internet but not your internal network. Keep virus defs up to date from the internet. Scan media with it.
Alternatively, install an AV client on all internal network computers, have them get daily virus def updates from a central server, and have the central server configure them to scan attached devices. 10/7/2009 1:10:31 PM |
Lavim All American 945 Posts user info edit post |
Jesus Christ indeed. They put software on all the internal computers that doesn't allow *any* executable to run outside of a specific list they've approved. Only developers can get 'approval' access and execute things outside of this list (which is not very large).
Shaggy - I'd much prefer a simple option like that, but I discussed something similar with the boss and he is adamant about having the computer be completely offline. We already have anti-virus software on every computer that automatically scans any attached device. This is apparently not enough.
On another note, we do have material on our internal network that wouldn't be good if it got into the hands of other countries, etc. Nothing classified, obviously, since that is kept on a completely separate network, but sensitive. 10/7/2009 1:46:33 PM |
smoothcrim Universal Magnetic! 18969 Posts user info edit post |
but you can daisy chain executables quite easily... I bet you could even launch a bin simply by changing its file handle 10/7/2009 1:54:50 PM |