cancel
Showing results for 
Search instead for 
Did you mean: 
Marco4Colt
Level 7

Error handler Antivirus identifier

Jump to solution

Hi,

I created an error handler to inform me by email when an update goes good or not. In the email I would like to include the version identifier of the antivirus engine.

What is the variable / property what returns the current identifier?

Regards,

Marco

0 Kudos
1 Solution

Accepted Solutions
eelsasser
Level 15

Re: Error handler Antivirus identifier

Jump to solution

There are no properties available in the rules that indicate version numbers.

However, the Incident.Description property contains a line with version number in it.

Different messages come in at multiple times, but they generally look like this:

Version:AM-DAT=974|AM-Engine=7001.1001.1632|MFE-DAT=6601|MFE-Engine=5400.5001

Version:Avira-Engine=8.2.8.44|Avira-VDF=7.11.21.191|Avira-Savapi=1.2.0.26

Version:TS-Engine=2.0.6.01|TS-Database=31931

Version:AppPrism-DB=3.112

I wanted to do the same thing plus show the database versions on the block pages, so I created some rules.

This rules set is put at the top of the Error Handler rules and fires for every Updater event. It then parses the Incident.Description, pulls 10 different version numbers, and stores them in persistent storage for use by other things like email or block pages.

When you put this rule set at the top of the Error Handlers, these User-Defined variables are availble for use:

User-Defined.AM-Engine

User-Defined.AM-Proactive

User-Defined.AM-Signature

User-Defined.AppPrism-DB

User-Defined.Avira-Engine

User-Defined.Avira-Savapi

User-Defined.Avira-VDF

User-Defined.MFE-DAT

User-Defined.MFE-Engine

User-Defined.TS-Database

User-Defined.TS-Engine

Here is an example of what they might look like at any given time.

Capture.jpg

As we change the Incident.Description message string arbitrarily in the engine and between versions, the rules would have to be changed to set the RegEx in the rules.

Message was edited by: eelsasser [just noted there is now an AppPrism-DB version. Added to rules ] on 1/27/12 9:34:06 AM EST
0 Kudos
1 Reply
eelsasser
Level 15

Re: Error handler Antivirus identifier

Jump to solution

There are no properties available in the rules that indicate version numbers.

However, the Incident.Description property contains a line with version number in it.

Different messages come in at multiple times, but they generally look like this:

Version:AM-DAT=974|AM-Engine=7001.1001.1632|MFE-DAT=6601|MFE-Engine=5400.5001

Version:Avira-Engine=8.2.8.44|Avira-VDF=7.11.21.191|Avira-Savapi=1.2.0.26

Version:TS-Engine=2.0.6.01|TS-Database=31931

Version:AppPrism-DB=3.112

I wanted to do the same thing plus show the database versions on the block pages, so I created some rules.

This rules set is put at the top of the Error Handler rules and fires for every Updater event. It then parses the Incident.Description, pulls 10 different version numbers, and stores them in persistent storage for use by other things like email or block pages.

When you put this rule set at the top of the Error Handlers, these User-Defined variables are availble for use:

User-Defined.AM-Engine

User-Defined.AM-Proactive

User-Defined.AM-Signature

User-Defined.AppPrism-DB

User-Defined.Avira-Engine

User-Defined.Avira-Savapi

User-Defined.Avira-VDF

User-Defined.MFE-DAT

User-Defined.MFE-Engine

User-Defined.TS-Database

User-Defined.TS-Engine

Here is an example of what they might look like at any given time.

Capture.jpg

As we change the Incident.Description message string arbitrarily in the engine and between versions, the rules would have to be changed to set the RegEx in the rules.

Message was edited by: eelsasser [just noted there is now an AppPrism-DB version. Added to rules ] on 1/27/12 9:34:06 AM EST
0 Kudos