I’m wanting to put together an action script that will download and launch an EXE if certain criteria is met on an endpoint. The EXE often gets replaced, sometimes several times a day.
Is there a way for me to still check the sha1 value of that file when it gets downloaded? Is there a way to do something like also download and parse a text file that contains the current sha1 value for the EXE that’s in the dowload folder?
I want to make sure the EXE is valid before launching it on the endpoint but am not exactly sure the best way to do it.
As of 7.1, we don’t currently support a “dynamic download” that changes underneath the system for a single aciton. The easiest way to illustrate this is to note that once a server/relay gets the file that matches the SHA1, they keep it and they don’t bother checking for further updates. So in the current architecture, if you want to change a file, you will need to reissue the action… The most common way to do this is to use the BES API to make a custom script…
Here is something that might help:
See the “BESImportFile” commandline tool that we wrote – http://forum.bigfix.com/viewtopic.php?pid=8659#p8659 – The nice thing about this tool is that it has changed the work necessary for using the API to editing the XML file (rather than programming in a language supported by the API) for purposes like you building…
You can contact our services department if you want them to build something custom for you, but they will need to first scope the project and give you a cost estimate.
please can you explain … " as of 7.1 we don’t support ‘dynamic downloads’ "
we are using the commands like the one shown below in policy actions … that reads a file for the size and sha1, are you saying this is no longer supported or have i got the wrong end of the stick
continue if {(size of it = ((key “Def Size” of section “Symantec” of file “avconfigsymantec64.ini” of client folder of site “myfixletsite”) as integer) and sha1 of it = ((key “Def SHA1” of section “Symantec” of file “avconfigsymantec64.ini” of client folder of site “myfixletsite”) as string)) of file ((key “Def Version” of section “Symantec” of file “avconfigsymantec64.ini” of client folder of site “myfixletsite”) as string & “-i64.exe”) of folder “__Download”}
I believe Ben means that once the fixlet is created and the file downloaded you dont get to change the file, it’s downloaded, put into a folder with the SHA1 of it as the name and that’s it, no check for newer versions or anything. Once it’s downloaded to the relays they wont check for another “updated” file. If you want to change the file you will have to edit or create another fixlet but it’s not “dynamic”.