SEP 14 Definitions Attribute

Treger
Contributor

Hi guys, anyone got a working SEP 14 Extension Attribute that works with the definitions, I am still using an older version for 12.

6 REPLIES 6

pchen_plaid
New Contributor II

Don't remember who I got this from but I use:

!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; then VERSION=/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat | /usr/bin/cut -c 9-20
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; then echo "<result>$VERSION</result>"
else YEAR=/bin/echo $VERSION | cut -c 1-4 MO=/bin/echo $VERSION | cut -c 5-6 DAY=/bin/echo $VERSION | cut -c 7-8 DATE=/bin/echo $YEAR-$MO-$DAY 00:00:00 echo "<result>$DATE</result>"
fi

Lessi
New Contributor

it don't working
Which position to modify to work?
please, Thank You.

RobertHammen
Valued Contributor II

Cleaned it up a little...

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi

rickdsp
New Contributor

Does anyone have an extension attribute that works with SEP 14.2 RU2 MP1 and later for definition date? It seems Symantec made changes to the file structure and the current one no longer works.

carlo_anselmi
Contributor III

Hi @rickdsp I have changed the one above from @RobertHammen adding the location for RU2 MP1 so that it can be used for any SEP 14 version. Logic and sintax can surely be improved by anyone better than me at scripting... ...but it works.

DATA TYPE: Date (YYYY:MM:DD hh:mm:ss)

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16


elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`



else VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/MES/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi

McGinn
New Contributor III

Thanks @carlo.anselmi ! I just tested this and it's working for me with SEP Version 14.2.2 (14.2 RU2 MP1) build 5580 (14.2.5580.2100)....what a mouthful of a version number.