Sophos have just released version 10.0 of their Sophos Anti-Virus for Mac - at least in the form of their paid for Sophos Central (cloud) managed version. I cannot speak with regards to Sophos Home etc. but typically these other variants are very similar to each other.
Sophos Anti-Virus version 10.0 has made some significant changes to the software such that the Jamf authored Extension Attribute and a 3rd party authored one I previously used have stopped working. In the case of the Jamf authored one this is because the sweep command-line tool has been moved from /usr/bin/sweep to /usr/local/bin/sweep and hence the Jamf script can no longer find and use it. In the case of the 3rd party script it seems the plist it was trying to read from is either differently named, located in a different location or has different field names.
Regardless the following is a script that should work for both previous versions of Sophos and the new 10.0 version.
if [ -f "/usr/bin/sweep" ]; then
result=`/usr/bin/sweep --version | grep "Product version" | awk '{print $4}'`
echo "<result>$result</result>"
else
if [ -f "/usr/local/bin/sweep" ]; then
result=`/usr/local/bin/sweep --version | grep "Product version" | awk '{print $4}'`
echo "<result>$result</result>"
else
echo "<result>Not installed</result>"
fi
fi
If rather than the product version you want to return the virus definition version the use the following line instead in the appropriate places in the script.
result=`/usr/local/bin/sweep --version | grep "Virus data version" | awk '{print $5}'`
If you want to find the engine version then use the following.
result=`/usr/local/bin/sweep --version | grep "Engine version" | awk '{print $4}'`
