1 Reply Latest reply on Jan 27, 2012 8:34 AM by eelsasser

    Error handler Antivirus identifier

      Hi,

       

      I created an error handler to inform me by email when an update goes good or not. In the email I would like to include the version identifier of the antivirus engine.

       

      What is the variable / property what returns the current identifier?

       

      Regards,

       

      Marco

        • 1. Re: Error handler Antivirus identifier

          There are no properties available in the rules that indicate version numbers.

           

          However, the Incident.Description property contains a line with version number in it.

           

          Different messages come in at multiple times, but they generally look like this:

           

          Version:AM-DAT=974|AM-Engine=7001.1001.1632|MFE-DAT=6601|MFE-Engine=5400.5001

          Version:Avira-Engine=8.2.8.44|Avira-VDF=7.11.21.191|Avira-Savapi=1.2.0.26

          Version:TS-Engine=2.0.6.01|TS-Database=31931

          Version:AppPrism-DB=3.112

           

           

          I wanted to do the same thing plus show the database versions on the block pages, so I created some rules.

          This rules set is put at the top of the Error Handler rules and fires for every Updater event. It then parses the Incident.Description, pulls 10 different version numbers, and stores them in persistent storage for use by other things like email or block pages.

           

          When you put this rule set at the top of the Error Handlers, these User-Defined variables are availble for use:

          User-Defined.AM-Engine

          User-Defined.AM-Proactive

          User-Defined.AM-Signature

          User-Defined.AppPrism-DB

          User-Defined.Avira-Engine

          User-Defined.Avira-Savapi

          User-Defined.Avira-VDF

          User-Defined.MFE-DAT

          User-Defined.MFE-Engine

          User-Defined.TS-Database

          User-Defined.TS-Engine

           

          Here is an example of what they might look like at any given time.

          Capture.jpg

           

          As we change the Incident.Description message string arbitrarily in the engine and between versions, the rules would have to be changed to set the RegEx in the rules.

           

          Message was edited by: eelsasser [just noted there is now an AppPrism-DB version. Added to rules ] on 1/27/12 9:34:06 AM EST