Help

SEP 14 Definitions Attribute

Treger
Contributor

Posted on ‎05-25-2017 01:51 AM

Hi guys, anyone got a working SEP 14 Extension Attribute that works with the definitions, I am still using an older version for 12.

Labels:
0 Kudos
Reply
6 REPLIES 6

pchen_plaid
New Contributor II

Posted on ‎05-25-2017 09:43 AM

Don't remember who I got this from but I use:

!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; then VERSION=/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat | /usr/bin/cut -c 9-20
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; then echo "<result>$VERSION</result>"
else YEAR=/bin/echo $VERSION | cut -c 1-4 MO=/bin/echo $VERSION | cut -c 5-6 DAY=/bin/echo $VERSION | cut -c 7-8 DATE=/bin/echo $YEAR-$MO-$DAY 00:00:00 echo "<result>$DATE</result>"
fi

0 Kudos
Reply

Lessi
New Contributor

Posted on ‎06-16-2017 03:33 PM

it don't working
Which position to modify to work?
please, Thank You.

0 Kudos
Reply

RobertHammen
Valued Contributor II

Posted on ‎08-16-2017 09:03 AM

Cleaned it up a little...

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi
0 Kudos
Reply

rickdsp
New Contributor

Posted on ‎07-30-2020 10:31 AM

Does anyone have an extension attribute that works with SEP 14.2 RU2 MP1 and later for definition date? It seems Symantec made changes to the file structure and the current one no longer works.

0 Kudos
Reply

carlo_anselmi
Contributor III

Posted on ‎07-30-2020 02:16 PM

Hi @rickdsp I have changed the one above from @RobertHammen adding the location for RU2 MP1 so that it can be used for any SEP 14 version. Logic and sintax can surely be improved by anyone better than me at scripting... ...but it works.

DATA TYPE: Date (YYYY:MM:DD hh:mm:ss)

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16


elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`



else VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/MES/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi
Reply

McGinn
Contributor

Posted on ‎01-20-2021 12:55 PM

Thanks @carlo.anselmi ! I just tested this and it's working for me with SEP Version 14.2.2 (14.2 RU2 MP1) build 5580 (14.2.5580.2100)....what a mouthful of a version number.

0 Kudos
Reply