Jamf Nation Community

thanks very much this worked :)

No problem! Glad I could help.

Another way which may be a little more reliable would be to get the last column of output with $NF and also use awk's regex matching in one shot.

diskutil list | awk '/RALLY/{print $NF}'

You can replace RALLY with any other disk name, including ones with spaces. No need to escape the spaces:

diskutil list | awk '/Recovery HD/{print $NF}'

Thanks Mike. I uploaded a script to JAMFNATION so i will contact my account manager to relace it with an updated version :)

Unfortunately i've hit another stumbling block

I need to be able to pass the Mount Point as another variable.

this is what i put in

diskutil info disk1s1 | awk -F"/" '/Mount Point/{ print $NF }'

and i get the output

RALLY2 64GB

As you can see my pen drive has a space in it. If i try to use this as a variable it fails because it is looking for /Volumes/RALLY2 64GB/

Can anyone help?

Just quote the variable when you need to use it -

driveName=`diskutil info disk1s1 | awk -F"/" '/Mount Point/{ print $NF }'`

echo "$driveName"

Thanks Mike

Unfortunately when i do that i get

RALLY2 64GB

what i am trying to do is get RALLY2 64GB

if i do

driveName=`diskutil info disk1s1 | awk -F"/" '/Mount Point/{ print $NF }'`

echo "$driveName" | sed 's/ /\ /g'

that gives me RALLY2 64GB

but i am having problems passing that on as a variable because i am wanting to do this command

# Sophos Anti-Virus scan the disk
savscan=`/usr/bin/sweep /Volumes/"$diskName" | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ /\ /g'`

# trigger the virus file to show the gui virus alert to the user
touch "$savscan"

this unfortunately returns

/Volumes/RALLY2 64GB/eicar.com.txt: No such file or directory

Not sure if it'll help, but you can try moving the open quote mark to the left of /Volumes like this:

savscan=`/usr/bin/sweep "/Volumes/$diskName" | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ / /g'`

That quotes the entire string from the /Volumes line, which may prevent the error you're getting.

unfortunately this brings back

touch: /Volumes/RALLY2 64GB/eicar.com.txt
/Volumes/RALLY2 64GB/eicar.com.txt: No such file or directory

If i touch the file manually it works fine

OK, as I don't have anything I can really test your script against, I'm just taking some educated guesses here. but try echoing the results of grabbing the disk name back into a second variable and use that instead.

#!/bin/sh
driveName=`diskutil info disk1s1 | awk -F"/" '/Mount Point/{ print $NF }'`
DiskName=`echo $driveName`

# Sophos Anti-Virus scan the disk
savscan=`/usr/bin/sweep "/Volumes/$DiskName" | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ / /g'`

# trigger the virus file to show the gui virus alert to the user
touch "$savscan"

If that doesn't work, not sure what else to tell you. Perhaps someone that uses Sophos can help out with testing. Its hard for me to know how the /usr/bin/sweep binary is attempting to write the file to disk since we don't use it here.

Edit: Quick variation on the above, using one of the lines from your post a few up this thread. Create a new variable with the echo line that swaps out spaces for escaped spaces, like this-

#!/bin/sh
driveName=`diskutil info disk1s1 | awk -F"/" '/Mount Point/{ print $NF }'`
DiskName=`echo "$driveName" | sed 's/ / /g'

# Sophos Anti-Virus scan the disk
savscan=`/usr/bin/sweep /Volumes/$DiskName | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ / /g'`

# trigger the virus file to show the gui virus alert to the user
touch "$savscan"

That should, in effect, be passing /Volumes/RALLY2 64GB to the command, which hopefully won't trip it up. Didn't test that at all, so I could be talking out of my rear. Hopefully it works though!

Oy. Amateurs. Throw it through awk

diskutil list | grep "Macintosh HD" | awk '{print $3 " " $4}' | awk '{printf(""%s"
", $0);}'

Replace "Macintosh HD" with your "RALLY2" (or whatevs). Encapsulating your path with quotes works the same as escaping the spaces.

no joy im afraid Mike

#!/bin/sh


# Get the disk name of the removable Media
for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }' | egrep "USB|FireWire|SATA") != "" ]]; then
echo "Device $disk is a removable disk"
driveName=`diskutil info $disk | awk -F"/" '/Mount Point/{ print $NF }'`
DiskName=`echo $driveName`
fi
done

# Sophos Anti-Virus scan the disk
savscan=`/usr/bin/sweep "/Volumes/$DiskName" | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ /\ /g'`

# trigger the virus file to show the gui virus alert to the user
touch "$savscan"

i will look at that Jared, i just need to quit the computer for a while before my wife hits me again.

i will look at that Jared, i just need to quit the computer for a while before my wife hits me again.

haha tell her to start helping then :)

Unfortunately doesnt work in my script Jared

Can you clarify exactly what it is you're looking to do here? I'm just not sure what the ultimate goal is. Perhaps there's a better way to handle this?
'Cause I don't see why quoting the disk name variable doesn't work. Quoting items with spaces is standard practice, so something wonky is going on if its not working for you.

For example, the following works fine for me-

#!/bin/sh

for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
    if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }' | egrep "USB|FireWire|SATA") != "" ]]; then
        diskName=$(diskutil info $disk | awk -F: '/Mount Point/{print $NF}' | sed 's/^[ 	]*//' )
        echo "Hello World" > "$diskName/myfile.txt"
    fi
done

It creates a new file at the root of an attached USB drive called "myfile.txt" with the contents of "Hello World"
I tested it with a USB drive named "32 GB thumb drive", so lots of spaces and it had no issue writing the txt file to the drive. Your /usr/bin/sweep command must be doing something different than the norm if it gets tripped up on touching the file to the disk.

The ultimate is to automatically scan external media as soon as it gets plugged in, to then go and touch the virus if it exists to cause the Quarantine Manager to display the warning to the user.

I did the same thing by writing it to a text file and it seemed ok.

I then tried to used the text file in a variable but still didnt work. I think your right with that sweep command doing something different.

Thanks for your help i will keep playing around with it.

strange thing is though

#!/bin/bash

# Get the disk name of the removable Media
for disk in $(diskutil list | awk '/disk[1-9]s/{ print $NF }' | grep -v /dev); do
if [[ $(diskutil info $disk | awk '/Protocol/{ print $2 }' | egrep "USB|FireWire|SATA") != "" ]]; then
diskName=$(diskutil info $disk | awk -F: '/Mount Point/{print $NF}' | sed 's/^[ 	]*//' )

/usr/bin/sweep "$diskName" | grep ">>> Virus" | cut -d"'" -f3 | cut -c 16- | sed 's/ /\ /g'


fi
done

comes back with what i want

/Volumes/RALLY2 64GB/eicar.com.txt

but what ever i do i cant get it in a variable to touch it.

Why can't you jus use a redirect instead of trying to touch the file as a separate step? You're already pulling the info you want with the grep ">>> Virus" part. Just try to redirect the output into the file on the same line with > "$diskName/somefilename"

bikeshed threads like this are fun. *

take a look at using a launchdaemon with a watchpath to do things on volume mount.

or crankd might fit the bill. it uses system events to trigger behaviors. here's a detailed intro:

http://glarizza.com/using-crankd-to-react-to-network-events

or keep writing fragile shell scripts with positional parameters that will break easily.

do be sure to drop some change in your technical debt relief fund when you're done, though.

* i'm really crying here.

@mm2270

i am trying to touch the file to activate the Sophos Quanarantine manager which will then show the user the message and eject the removable media

https://jamfnation.jamfsoftware.com/viewProductFile.html?id=115&fid=634

the sweep command just flags to the shell with >>> Virus where as the gui app says "Threat" in the Sophos Log.

The point is that the sweep command is pants and thanks for your help guys but please refrain from making comments like Oi Amateurs etc Jared

@rockpapergoat

plan to ... but need a working script before i do the next phase which is launch daemon

Hello,

I'm having an issue using the "diskutil secureErase freespace 3/ Volume/name-of-drive" command.

The name of my hard drive is Macintosh HD but the command keeps saying can't find "HD". If I don't put a space, it'll come back with can't find "MacintoshHD"

Any ideas on how to get this to work?

Thanks!

encase it is double quotes:

for example:

diskutil list | grep "Macintosh HD"

@acdesigntech - I'm sorry I don't understand what that means.

sorry, typo. I meant encase it IN double quotes. so take your command and put double quotes around the drive name. That way it will preserve the space between macintosh and hd.

Something like:

diskutil secureErase freespace 3/ Volumes/"name-of-drive"

I get this for a response

Kens-Macbook-Pro:~ Ken1$ diskutil secureErase freespace 3/ Volume/"Macintosh HD"
Could not find the disk Volume/Macintosh HD

I can't think why it can't seem to find my hard drive. The icon on my desktop sayings Macintosh HD in white under the icon. I have to believe that's the name, correct?

Try Volumes & not Volume.

Kens-Macbook-Pro:~ Ken1$ diskutil secureErase freespace 3/ Volumes/"Macintosh HD"
Could not find the disk Volumes/Macintosh HD

lol going insane here

Sorry. Try: /Volumes/ then.

winnah winnah chicken dinnah!! Thank you!! :)

No worries.

I've wasted hours over silly syntax issues too.