Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 2247 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LaunchDaemon - How to create a plist.

ASGR

First of all guys... Fantastic product ;-)

I'm trying to make a plist LaunchDaemon using the sweep command line.

Although the LaunchDaemon executes, the Logs show this entry,

Command line qualifiers are: -exclude 

I'm not sure if the directories using the -exclude option are actually excluded.

The ProgramArguments are as follows:

Item 1 /usr/bin/sweep

Item 2 /

Item 3 -exclude

Item 4 /dev

Item 5 /net

Item 6 /tmp

Item 7 /Volumes

According to the plist documentation, this is how it is supposed to be coded. Please

can you confirm whether the directories following the -exclude will be excluded and

achieve the desired objective.

A.

:1005543


This thread was automatically locked due to age.
  • 0

    Hey Guys,

    Upon further reading the manual, I've noticed the --skip-special

    option. However, I feel that it won't exclude directories like /tmp

    and the /Volumes hierarchy.

    :1005547
  • 0

    Have you attempted running that command from the terminal to verify?

     /usr/bin/sweep / -exclude /dev /net /tmp /Volumes

    You are correct that --skip-special will not ignore all of those; it just ignores the special BSD paths.  Other relevant extended flags include:  --stay-on-machine will avoid remote mount points, and --stay-on-filesystem will provide the same result as excluding /Volumes.  As you can see from running sweep -h, --follow-symlinks, --stay-on-machine, --skip-special, --backtrack-protection and --preserve-backtrack are all enabled by default; the others are not.

    Please also take note of order of operations for command-line flags; -include and -exclude should be at the end; the rest can be anywhere with the last one listed taking precedence.

    :1005553
  • 0

    Thanks for the reply.

    I ran sweep from the command line and it displayed the same message

    in the terminal as in the logs (as above). It does seem as though it lists

    only the options and not any parameters.

    Taking the above into considration, will this command line achive all

    that I wanted to achive in the original post,

    /usr/bin/sweep --no-follow-symlinks --stay-on-filesystem /

    Thanks again.

    :1005557
  • 0

    Yes, I think that should do it.  That should have the added benefit of not scanning any time machine devices as well :)

    Now you just need to decide whether you want archive scanning enabled or not, and you should be able to create your scheduled scan.

    :1005559
  • 0

    Fantastic!

    I'm experimenting with the OS partition at the moment and it takes

    almost an hour for it to do a quick scan so I've not enabled it for now.

    However, a weekly deep scan once a week on the OS might not be

    a bad idea.

    There is one more issue that I wanted to start a new topic for but it's

    not a priority. When I include the -p (log file option) it echos the

    messages generated to the Console as well as to the new log file.

    When using other binaries, it diverts all ouput to the new file and doesn't

    duplicate the logs. Soft error or not, it can be resolved by using the

    StandardOutPath option in the plist without the -p option.

    A.

    :1005561
  • 0

    Thanks for the feedback!

    Not too many people seem to use the process level or applescript features of the free product, so we don't get much of it.

    :1005563
  • 0

    Yeah it is a shame that more users over this side of the pond

    don't get into the more 'behind-the-scene' aspect of apps.

    I've always preferred the command line, so much more control

    and features the front-end don't allow. I'll keep up the hacking.

    A.

    :1005573