Durante as operações diárias, você pode executar uma varredura por solicitação rápida (ODS) para um arquivo específica em um ambiente ENSLTP. Este ODS é obtido por meio de uma varredura com o botão direito em ENS para Windows. Com o ENSLTP, uma solução é criar uma tarefa de ODS e programá-la para "ser executada imediatamente." No entanto, ele requer interação com o administrador do ePolicy Orchestrator (ePO).
Este artigo descreve uma solução alternativa que cria uma tarefa de ODS local para um arquivo especificado usando o recurso interface de linha de comando (CLI) do ENSLTP, em vez do ePO.
Crie um script de shell conforme mostrado abaixo. Esse script é fornecido como um exemplo personalizável que você pode modificar de acordo com suas necessidades.
Nota: O Suporte técnico não é compatível com o uso de scripts personalizados.
Esse script é executado com dois argumentos. O primeiro argumento é o arquivo de destino e o segundo argumento é o nome da tarefa. O script cria uma tarefa de ODS, obtém a ID da tarefa criada, executa a tarefa, exclui a tarefa e mostra o relatório de tarefas.
ENSLTP 10.6.6 e versões posteriores:
$ cat targetscan.sh
#!/bin/bash
TARGET=$1
TASKNAME=$2
rm -rf /var/McAfee/ens/log/tp/odsreport/archive/$TASKNAME-*.zip
/opt/McAfee/ens/tp/bin/mfetpcli --addodstask --name $TASKNAME --scanpath $TARGET
INDEX=`/opt/McAfee/ens/tp/bin/mfetpcli --listtask | grep $TASKNAME | awk '{print $1}' | tr -d "|"`
/opt/McAfee/ens/tp/bin/mfetpcli --runtask --index $INDEX
sleep 45
/opt/McAfee/ens/tp/bin/mfetpcli --deltask --index $INDEX
zcat /var/McAfee/ens/log/tp/odsreport/archive/$TASKNAME-*.zip
Por exemplo, abaixo está o registro quando você faz a varredura de um teste local arquivo nomeado
eicar.com.txt , onde o nome da tarefa é
ODSscan.
./targetscan.sh $PWD/eicar.com.txt ODSscan
ODS Task was successfully added
Task was successfully started
Task was successfully deleted
YYYY-MM-DD HH:MM:SS.000Z|LEVEL |FACILITY |PROCESS | PID| TID|TOPIC |FILE_NAME(LINE) | MESSAGE
2022-07-04 19:04:16.539Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(167) | Scan started core-analyzer\root ODSscan
2022-07-04 19:04:17.744Z|Activity|AMODSScanManager |mfetpd | 30335| 30350|ODS |AMODSScanManager.cpp(802) | core-analyzer\root ran the "ODSscan" on-demand scan, which detected the Test named EICAR test file while scanning /home/appsadm/ODS/eicar.com.txt The file was deleted.
2022-07-04 19:04:17.744Z|Activity|AMODSScanManager |mfetpd | 30335| 30350|ODS |AMODSScanManager.cpp(803) | Additional information:
2022-07-04 19:04:17.744Z|Activity|AMODSScanManager |mfetpd | 30335| 30350|ODS |AMODSScanManager.cpp(804) | Primary Action: Clean
2022-07-04 19:04:17.744Z|Activity|AMODSScanManager |mfetpd | 30335| 30350|ODS |AMODSScanManager.cpp(805) | Secondary Action: Delete
2022-07-04 19:04:17.744Z|Activity|AMODSScanManager |mfetpd | 30335| 30350|ODS |AMODSScanManager.cpp(807) | Event ID: 1278
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(844) | Scan Summary core-analyzer\root Scan Summary
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(846) | Scan Summary core-analyzer\root Task Name : ODSscan
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(848) | Scan Summary core-analyzer\root Start time : Mon Jul 4 19:04:16 2022
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(850) | Scan Summary core-analyzer\root End time : Mon Jul 4 19:04:18 2022
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(852) | Scan Summary core-analyzer\root Total Requests : 1
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(854) | Scan Summary core-analyzer\root No of files skipped : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(856) | Scan Summary core-analyzer\root No. of Good files : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(858) | Scan Summary core-analyzer\root No. of Cache hit : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(860) | Scan Summary core-analyzer\root No of Files Excluded : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(862) | Scan Summary core-analyzer\root No. of Infections : 1
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(864) | Scan Summary core-analyzer\root Timeout : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(866) | Scan Summary core-analyzer\root ScanError : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(868) | Scan Summary core-analyzer\root No of files cleaned : 0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(870) | Scan Summary core-analyzer\root No of files deleted : 1
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(872) | Scan Summary core-analyzer\root Time taken : 2.122491s
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(874) | Scan Summary core-analyzer\root Engine version : 6400.9594
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(876) | Scan Summary core-analyzer\root DAT version : 5022.0
2022-07-04 19:04:18.662Z|Activity|AMODSScanManager |mfetpd | 30335| 30335|ODS |AMODSScanManager.cpp(879) | Scan completed core-analyzer\root ODSscan(2.122491s)
2022-07-04 19:04:18.662Z|Activity|ScanFactory |mfetpd | 30335| 30335|ODS |ScanFactory.cpp(477) | ODS Scan Manager is shutting down gracefully
ENSLTP 10.6.5 e versões anteriores:
$ cat targetscan.sh
#!/bin/bash
TARGET=$1
TASKNAME=$2
/opt/isec/ens/threatprevention/bin/isecav --addodstask --name $TASKNAME --scanpath $TARGET
INDEX=`/opt/isec/ens/threatprevention/bin/isecav --listtask | grep $TASKNAME | awk '{print $1}' | tr -d "|"`
/opt/isec/ens/threatprevention/bin/isecav --runtask --index $INDEX
/opt/isec/ens/threatprevention/bin/isecav --deltask --index $INDEX
cat /opt/isec/ens/threatprevention/var/odsreport/$TASKNAME.log
Por exemplo, abaixo está o registro quando você faz a varredura de um teste local arquivo nomeado
eicar.com.txt, onde está
170901scan o nome da tarefa.
$ ./targetscan.sh $PWD/eicar.com.txt 170901scan
ODS Task was successfully added
Task was successfully started
Task was successfully deleted
EVENT = ODS_START | NAME = 170901scan | TIME = 1504224836 | USER = 0
ERROR AMODSScanner [25440] Infection caught File Name: /home/user1/test/eicar.com.txt File Size: 68 Infection Name: EICAR test file Time: 1504224836 Process Name: User Name: root Profile Type: 0
EVENT = ODS_INFECTION | FILENAME = /home/user1/test/eicar.com.txt | VIRUSNAME = EICAR test file | VIRUSTYPE = 6 | ACTION = DELETED
EVENT = ODS_STOP | NAME = 170901scan | TIME = 1504224837 | USER = 0
EVENT = ODS_SUMMARY |
Task Name : 170901scan
Start time : 01/09/17 00:13:56 UTC
End time : 01/09/17 00:13:57 UTC
Total Requests : 1
No of files skipped : 0
No. of Good files : 0
No. of Cache hit : 0
No of Files Excluded : 0
No. of Infections : 1
Timeout : 0
ScanError : 0
No of files cleaned : 0
No of files deleted : 1
Time taken : 1.153279s
Engine version : 5900.7806
DAT version : 8634.0
INFO ScanFactory [25440] ODS Scan Manager is shutting down gracefully