Can the Qualys VM scan report on the whether installed anti-virus software is up to date?
Yes, there are several QIDs for various anti-virus vendors that will report this information (e.g., QID 105000 - Sophos Antivirus Scanner Detected).
Additionally, you can create a report template, in which you make your AV package a "required service", meaning that we'll post a severity 5 QID if we don't detect the service as running.
Hope this helps,
Thanks. But is QID 105000 not just detecting the anti-virus scanner is installed as opposed to being installed and up to date with the latest signitures?
While each QID does list the current version/last-update for the installed definition file, QualysGuard currently does not have a way to verify that the defintion file is the "latest". We are however investigating ways to provide this level of validation. As you might imagine, each AV vendor has a different way of doing things, and there are at least 40 mainstream AV vendors to work with.
Retrieving data ...