Importing Data from a VB Script to eWall

Junior Member
User avatar
Posts: 60
Joined: Wed Sep 19, 2007 3:31 pm

Importing Data from a VB Script to eWall

Postby SteveT » Tue Aug 31, 2010 7:55 am

I have a VB Script that will run an AVG 9 virus scan on each message. From this it returneds a ErrorLevel that I can use in EWall. I also have the AVG write a log which I have another script that can phrase it and extract the AVG Version, Virus DB Engine & Version and if the messge is infected or clean. If infected, it also extracts the name of the virus. Now my issue is, how can I get this data into eWall, so I can use it in a rule?

Thanks.
--
Regards,
Steve Topilnycky
ArGoStuff [color="Red"]|[/color] Top Cat Computing

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Tue Aug 31, 2010 10:27 am

If they can write it into a text file, then eWall's scripting could read that file after VBScript completes.

Junior Member
User avatar
Posts: 60
Joined: Wed Sep 19, 2007 3:31 pm

Postby SteveT » Wed Sep 01, 2010 7:57 am

Alex,
Thanks for the reply.

How is that done? I can do VB Script, but I am not with very good with Java or JS. Do you have some sample code?
--
Regards,
Steve Topilnycky
ArGoStuff [color="Red"]|[/color] Top Cat Computing

Developer
User avatar
Posts: 4431
Joined: Tue Apr 20, 2004 3:43 pm

Postby Alexander Telegin » Wed Sep 01, 2010 8:37 pm

I could make an example if you will give me 2-3 samples of results of these AVG scanning VBScripts, i.e. 2-3 files of scanning results, using your VBScripts (clean and infected).

Junior Member
User avatar
Posts: 60
Joined: Wed Sep 19, 2007 3:31 pm

Postby SteveT » Wed Sep 01, 2010 9:44 pm

Alex,
I can do that. To make things easier, and available to other users, how about adding AVG 9 command line scanner to EW 3. I know that the COM version will not be available, but the command line could be an alternative.


Command Line:

avgscanx /HEUR /MACROW /ARCBOMBSW /ARC /scan=<file> /REPORT= <file>

I have attached two reports, one is clean the other is infected.
Attachments

[The extension txt has been deactivated and can no longer be displayed.]

[The extension txt has been deactivated and can no longer be displayed.]

--
Regards,
Steve Topilnycky
ArGoStuff [color="Red"]|[/color] Top Cat Computing

Return to Filters and scripts

Who is online

Users browsing this forum: No registered users and 1 guest