Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.
Posted: by KDawG
Downloads: 242
Download

Synopsis

#!/bin/bash

######################################## HISTORY ###########################################################
#                                                                                                          #
# By Tim Kimpton                                                                                           #
#                                                                                                          #
# 21/2/2013                                                                                                #
#                                                                                                          #
# Version 1.0                                                                                              #
#                                                                                                          #
# To be used in conjunction with a launch daemon with watch paths to /Library/Logs/Sophos\ Anti-Virus.log  #
#                                                                                                          #
# If a SAV Threat is detected in the SAV log then the external device is ejected                           #
#                                                                                                          #
############################################################################################################

######################################## VARIABLES #########################################################

# Get the Volume name from the SAV log
diskName=`grep "Threat" /Library/Logs/Sophos\ Anti-Virus.log | grep "Volumes" | cut -d"/" -f3`

# Get the disk identifier
identifier=`diskutil list | grep "${diskName}" | awk '{print $7}'`

date=`date "+%d-%m-%y_%H.%M"`

################################# DO NOT MODIFY BELOW THIS LINE #############################################

# Check to see if Threat exists
if grep "Threat" /Library/Logs/Sophos\ Anti-Virus.log ;then

# Eject the volume
hdiutil eject -force "${identifier}"

# Rename the log
mv /Library/Logs/Sophos\ Anti-Virus.log /Library/Logs/"${date}"_Sophos\ Anti-Virus.log

# Update SAV to receate the log
/usr/bin/sophosupdate

Description

This is to be used in conjunction with a launch daemon running all the time. You can get Lingon here to create the launch daemon http://sourceforge.net/projects/lingon/files/Lingon/2.1.1/

Preview

Generating Preview...