Symantec v10.1 Reporting Server


#1

Hello all,
I have a problem with Symantec Corporate Edition Av and the reporting server.
I have gone throught the rather useless Symantec troubleshooting and verified that php is running and linked to iis5.
The box does not have the iis lockdown installed.
The reporting server works apart from pulling down the latest alerts and stuff from the Symantec website.
In the Event Log I get this message along with a couple of others relanting to getThreatCon.

Any help would be appreciated.

The description for Event ID ( 2 ) in Source ( PHP-5.1.2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: php[4512], PHP Warning: fsockopen() [function.fsockopen[/url]]: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:Program FilesSymantecReporting ServerWebdashboardgetThreatCon.php on line 15.

This is line 15,16,17 from getThreatCon.php

 $fp = fsockopen ($host, 80, $errno, $errstr, 30);
 // set non blocking, this is important!
   stream_set_blocking($fp,FALSE);

#2

Sounds like your $host variable contains an invalid host name. What’s its value?

Btw, is this third-party (i.e. Symantec’s) software? If so, we’d suggest contacting Symantec to request assistance, as they developed it :wink:


#3

Yes it is Symantec software, the problem is that I do not have our account or support details. This is handled by head office in the states and they haven’t responded with the info yet.
I’m trying to find out if its a Symantec problem, or something on the server causing it.
Its also quite interesting trying to understand and pick through the code :-)
This is a piece of code from getThreatCon.php.
If I manually paste the url into a browser I can download the zip file, I’ve also tried unzipping it into the temp dir to see if it brings up the threat status, but it doesn’t.

//TODO: handle null case, update threatcon level only, not lastModified string
function getThreatCon()
{
global $gl_threatcon_last_modified, $gl_threatcon_level;
global $conn_id;
// defaults to global var
$lastMod = $gl_threatcon_last_modified;
$threatcon_level = $gl_threatcon_level;

$remote_file = "http://securityresponse.symantec.com/avcenter/threatcon.zip";

 // dissect URL
 $remote_file = ereg_replace('http://','',$remote_file);
 $endHostPos = strpos($remote_file,'/');
 if(!$endHostPos) $endHostPos = strlen($remote_file);
 $host = substr($remote_file,0,$endHostPos);
 $doc = substr($remote_file,$endHostPos,strlen($remote_file)-$endHostPos);
 if($doc == '') $doc = '/';
 // if invalid threatcon level, we need to get it again
 if ($threatcon_level > 4 || $threatcon_level < 1) {
 	$lastMod = "";
 }
// check if we have a new file
$array = has_new_zip_file($host,$doc, $lastMod);


if (is_null($array)){
	// connection errror
	//echo '<p>'.$remote_file.' connection error</p>';
	$threatcon_level = 0;

}
else if(sizeof($array) == 0) {
	// no new file, use current threatcon level
	//echo "no new element, current level is $threatcon_level; <BR>";
}
else {
	// new zip file available
	// update timestamp
	$lastMod = $array['Last-Modified'];
	// dont update global yet, we want to keep in sync
	//$lastMod = "Thu, 02 Mar 2006 23:28:35 GMT";

	//echo '<p>'.$remote_file.' was last modified on raw date '.$lastMod.'</p>';

	$RET_MSG = "";
	// new file exists
	// try to unzip
	try {
		$mi = new COM("pmem.MachineInfo.1", NULL, CP_UTF8);
		// unzip
		$mi->Unzip("./Temp/threatcon.zip", "./Temp");
	} catch (com_exception $ce) {
		$RET_MSG = I18n::$ERR_UNZIP;
	}

    if ($RET_MSG == ""){
	    $threatcon_xml = "../Temp/threatcon.xml";
	    // now read threatcon status
	    if (file_exists($threatcon_xml)) {
		// open file
		$frh = fopen($threatcon_xml, 'r');
		if ($frh != FALSE) {
			$theData = fread($frh, 2048);
			if (ereg("<Level>([1-4]{1})</Level>",$theData, $regs)) {
				$threatcon_level = $regs[1];
			}
		}

		fclose($frh);
		}
    	else {
			//echo "$threatcon_xml does not exist <BR>";
		// maybe unzip error
		$threatcon_level = 0;
		}
} // if unzip successfully

} // else sizeof($array) > 0

$url_icon = "../Images/transparent.gif";
if ($threatcon_level >= 1 && $threatcon_level <= 4){
$url_icon = "../Images/threatcon_level".$threatcon_level.".gif";
 }

// now at long last, update
// now lets write them back to db.
if (strcmp($lastMod , $gl_threatcon_last_modified) != 0){
	$query = "update guiparms set Value = N'$lastMod' where Parameter = N'thcon_last_modified'";
	$result = sav_query($query, $conn_id);
}
if ($threatcon_level != $gl_threatcon_level){
	$query = "update guiparms set Value = N'$threatcon_level' where Parameter = N'thcon_level'";
	$result = sav_query($query, $conn_id);
}

   $gl_threatcon_last_modified = $lastMod;
   $gl_threatcon_level = $threatcon_level;

?>

<? }

#4

Sounds like a business case, in which case contacting the software provide for support is pretty much the only way to go. Keep in mind that modifying the script in any way might void the warrantee (much like seal stickers on hardware void warrantee when removed or broken).


#5

Thanks for the reply Zyppora,
There’s nothing worst then having to wait and rely on another department.
Cheers anyway