Comprehensive Antivirus Report

by Dave Breslin
February 18, 2013

The Antivirus report template details issues with antivirus software and highlights malware and botnet detection. It’s common to find antivirus software issues go hand in hand with malware infections and the template can be used to establish links through its host based reporting.

Each template chapter contains an opening description of the Nessus plugins, Nessus ‘.audit’ files or filtering technique used in building a chapter’s table and graph components.

Template chapters “Vulnerable Antivirus Software” and “Antivirus Configuration Checks” can be viewed as a framework or how-to. They will require some modification to remove the sections reporting on a particular vendor’s enterprise antivirus software not applicable to your enterprise or to add in new sections representing enterprise antivirus software not currently covered.

Template chapter “Vunerable Antivirus Software” relies on using NIST’s CPE, Common Platform Enumeration, to filter on vulnerabilities applicable to your enterprise antivirus software. It is recommended you periodically test the effectiveness of this method of filtering for your environment’s scan results using SecurityCenter’s Cumulative vulnerability view and its filters. You may wish to filter using the appropriate Nessus plugin IDs representing antivirus vulnerabilities after performing some vulnerability research applicable to your enterprise antivirus solution or in response to a new vulnerability.

Empty sections in the report indicate no results to report and are normal. For example, unless an enterprise is heavily overrun from both the interior (private IP range) and exterior (public IP range) with malware it’s unlikely there will be hosts reported under all four Botnet Detection chapters.

The report example provided shows 7 day trend graphs. The report template is defaulted to 25 day trend graphs.

Please feel free to post questions to Tenable’s discussion forum.