Ok, can you share that signature xml file?
it wont show the file content it just show up blanch
but I use the signature file as I used early in this thread
thats looks mutch better, nov I get this:
What is the issue here,
The part that you added, is that also to be added to the final signature or is that only when testing it with wscansw tools.
What about the GUID? isen’t that a value that Bigfix is creating ? and not something that we manual add.
To paste tags into the forum you have to wrap it in a code block. Highlight the text and hit the code icon above the editor window - it looks like </>
1 Like
thanks 
For test purpose, I created siganture with “testguid”, but when you create signature via UI it will be created by BFI. Output shows that siganture was matched.
<MatchedSignature guid="TESTGUID">
<Variable name="IS_INSTALLED" value="true"/>
The reason your xml file did not work, because it was just signature there, but you need to wrap it so it is valid catalog file for scanner.
so if I was going to put the signature that you made into the GUI I would only use this part:
<?xml version="1.0" encoding="UTF-8"?>
<MultipleInstance>
<Iterator export="false" name="file_list">
<FindFilePathEx name="tq.ini"/>
</Iterator>
<Instance>
<Variable export="false" name="file_read">
<ReadFile path="$(file_list)tq.ini"/>
</Variable>
<Variable name="IS_INSTALLED">
<Compare relation="ne" type="string">
<VectorToScalar>
<Vector filter="*teamquest*">
<ValueOf value="$(file_read)"/>
</Vector>
</VectorToScalar>
<ValueOf value=""/>
</Compare>
</Variable>
<Condition withVariable="IS_INSTALLED">
<Action do="SKIP" onValue="false"/>
</Condition>
</Instance>
</MultipleInstance>
</Signature>
</Signatures><MultipleInstance>
<Iterator export="false" name="file_list">
<FindFilePathEx name="tq.ini"/>
</Iterator>
<Instance>
<Variable export="false" name="file_read">
<ReadFile path="$(file_list)tq.ini"/>
</Variable>
<Variable name="IS_INSTALLED">
<Compare relation="ne" type="string">
<VectorToScalar>
<Vector filter="*teamquest*">
<ValueOf value="$(file_read)"/>
</Vector>
</VectorToScalar>
<ValueOf value=""/>
</Compare>
</Variable>
<Condition withVariable="IS_INSTALLED">
<Action do="SKIP" onValue="false"/>
</Condition>
</Instance>
</MultipleInstance>When using UI to create it you just need part above, when testing you need wrapper.
Thank you for your help.
One more useful testing tip.
When testing new siganture, remove:
<Condition withVariable="IS_INSTALLED">
<Action do="SKIP" onValue="false"/>
</Condition>
This will cause scan results show:
<MatchedSignature guid="TESTGUID"> <Variable name="IS_INSTALLED" value="false"/>
When signature WORKS, but does not match.
another quistions, I trying to test a signature, looking for a specific path, but I get the same result whether or not it find it.
This is my signature:
<?xml version="1.0" encoding="UTF-8"?>
<Signatures version="1.0" xmlns="http://www.ibm.com/Tivoli/Signatures" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com/Tivoli/Signatures signatures.xsd">
<Signature guid="TESTGUID_OUD" type="OtherSignature">
<Variable name="IS_INSTALLED" export="true">
<Compare type="string" relation="ne">
<VectorToScalar>
<PathExists absolutePath="/opt/BESServer/Bigfix_scripts" />
</VectorToScalar>
<ValueOf value=""/>
</Compare>
</Variable>
</Signature>
</Signatures>
and I get this output i get whether or not it find the path.
<?xml version="1.0" encoding="UTF-8"?>
<MatchedSignatures>
<MatchedSignature guid="TESTGUID_OUD">
<Variable name="IS_INSTALLED" value="true"/>
</MatchedSignature>
</MatchedSignatures>PathExists returns true or false value, and you compare it to NOT empty string, so result is always true.