Wandy
September 4, 2020, 9:13am
44
Hi again
wonder if you could help with another on of this Custom signature.
Im trying to find a file in a specific with this code, but I dont get anything, when I test it with the wscansw command.
<?xml version="1.0" encoding="UTF-8"?>
<Signatures version="1.0" xmlns="http://www.ibm.com/Tivoli/Signatures" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.ibm.com/Tivoli/Signatures signatures.xsd">
<Signature guid="TESTGUID" type="OtherSignature">
<Instance>
<Variable name="IS_INSTALLED" export="true">
<Compare relation="ne" type="string">
<VectorToScalar>
<Vector filter="d:?apps?atlassian-confluence-7.2.0?bin">
<FindFilePathEx name="Tomcat9.exe"/>
</Vector>
</VectorToScalar>
<ValueOf value=""/>
</Compare>
</Variable>
<Condition withVariable="IS_INSTALLED">
<Action do="SKIP" onValue="false"/>
</Condition>
</Instance>
</Signature>
</Signatures>
Wandy,
Try the following signature. Make sure the case matches with the information you are trying to compare with.
<?xml version="1.0" encoding="UTF-8"?>
<Signatures>
<Signature guid="EXTENDED SIGNATURE TEST" name="EXTENDED SIGNATURE TEST" type="OtherSignature">
<Variable name="IS_INSTALLED" export="true">
<Compare type="string" relation="ne">
<VectorToScalar>
<Vector filter="d:?apps?atlassian-confluence-7.2.0?bin?">
<FindFilePathEx name="Tomcat9.exe"/>
</Vector>
</VectorToScalar>
<ValueOf value="" />
</Compare>
</Variable>
</Signature>
</Signatures>
1 Like
Wandy
September 17, 2020, 5:38am
47
Hi
Thanks for your answer, now I get this output
<?xml version="1.0" encoding="UTF-8"?>
<MatchedSignatures>
<MatchedSignature guid="EXTENDED SIGNATURE TEST" name="EXTENDED SIGNATURE TEST">
<Variable name="IS_INSTALLED" value="false"/>
</MatchedSignature>
</MatchedSignatures>
But I get this output no matter what file name I write in the “FindFilePathEx name=”
Wandy
September 17, 2020, 5:44am
48
Hi again
I know that signatures on .exe files can be made from the scanned file data, but the thing is that I need to finde this file in this specifik path and not just anywhere.
Wandy,
Can you post screen shot of the exact directory location and file name from the machine where you are testing the signature?
Wandy,
Update the signature by changing the line
<Vector filter="d:?apps?atlassian-confluence-7.2.0?bin?">
to
<Vector filter="D:?apps?atlassian-confluence-7.2.0?bin?">
Then test it.
Wandy
September 29, 2020, 7:42am
52
Hi
sorry for the late answer, I have been on vacation
But now it seems to work, now I get this:
<?xml version="1.0" encoding="UTF-8"?>
<MatchedSignatures>
<MatchedSignature guid="EXTENDED SIGNATURE TEST" name="EXTENDED SIGNATURE TEST">
<Variable name="IS_INSTALLED" value="true"/>
</MatchedSignature>
</MatchedSignatures>
so now its “true”
Thanks again