Don't remember who I got this from but I use:

!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; then VERSION=/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat | /usr/bin/cut -c 9-20
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; then echo "<result>$VERSION</result>"
else YEAR=/bin/echo $VERSION | cut -c 1-4 MO=/bin/echo $VERSION | cut -c 5-6 DAY=/bin/echo $VERSION | cut -c 7-8 DATE=/bin/echo $YEAR-$MO-$DAY 00:00:00 echo "<result>$DATE</result>"
fi

it don't working
Which position to modify to work?
please, Thank You.

Cleaned it up a little...

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16
elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
else VERSION="Not Installed"
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi

Does anyone have an extension attribute that works with SEP 14.2 RU2 MP1 and later for definition date? It seems Symantec made changes to the file structure and the current one no longer works.

Hi @rickdsp I have changed the one above from @RobertHammen adding the location for RU2 MP1 so that it can be used for any SEP 14 version. Logic and sintax can surely be improved by anyone better than me at scripting... ...but it works.

DATA TYPE: Date (YYYY:MM:DD hh:mm:ss)

#!/bin/sh

if [ -f "/Library/Application Support/Symantec/AntiVirus/engine.mfst" ] ; 
then VERSION=/bin/cat /Library/Application Support/Symantec/AntiVirus/engine.mfst  | /usr/bin/cut -c 2-16


elif [ -f "/Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat" ] ; 
then VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/NFM/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`



else VERSION=`/usr/bin/grep CurDefs /Library/Application Support/Symantec/Silo/MES/Definitions/virusdefs/definfo.dat  | /usr/bin/cut -c 9-20`
fi

if [ "$VERSION" = "Not Installed" ] ; 
then echo "<result>$VERSION</result>"
else 
        YEAR=`/bin/echo $VERSION | cut -c 1-4` 
        MO=`/bin/echo $VERSION | cut -c 5-6`
        DAY=`/bin/echo $VERSION | cut -c 7-8` 
        DATE=`/bin/echo $YEAR-$MO-$DAY 00:00:00` 
        echo "<result>$DATE</result>"
fi

Thanks @carlo.anselmi ! I just tested this and it's working for me with SEP Version 14.2.2 (14.2 RU2 MP1) build 5580 (14.2.5580.2100)....what a mouthful of a version number.