$Logfile = "c:\$(Get-Content env:COMPUTERNAME).log" Function LogWrite { Param ([string]$logstring) Add-content $Logfile -value $logstring } # This is a sample code for the "Post Action" feature of Metadefender V4.8.0 written in powershell script # # This script is for illustrative puposes only and is not guaranteed to work under production conditions. # # The script is intended to sort files to different folders based on their scan_results. # Allowed files are copied to a destination taken from an environment variable named %allowed_destination% # Blocked files are copied to a destination taken from an environment variable named %blocked_destination% # # input: # 1. It is your responsability to create and populate these system context variables with valid folder names before running the script !!! # # 2. The function accepts the currently scanned file location as its last parameter # # 3. The script expects to find the scan results json on STDIN. it is read into the variable $scan_results # # if process_info.result equals 'allowed' the currently scanned file is copied to the allowed destination # if process_info.result equals 'blocked' the currently scanned file is copied to the blocked destination # # output: # The function has 5 possible return values: # 0 - Success # 1 - Json Parse error # 2 - Copy error # 3 - file path of currently scanned file is invalid # 4 - the destination path of either allowed/blocked or both is invalid. LogWrite "--------------------------------------------------------------------------------------------------------------------" $date_time = Get-Date | Out-String LogWrite $date_time #get destination from environment $allowed_destination = (get-item env:allowed_destination).Value LogWrite "allowed_destination = $allowed_destination" $blocked_destination = (get-item env:blocked_destination).Value LogWrite "blocked_destination = $blocked_destination" #get current file path from the last argumane on the command line $current_file_path = $args[$args.Count-1] LogWrite "current_file_path = $current_file_path" #initialize $restval to 0 $retval = 0 #proceed only if both destinations are valid if (($allowed_destination | Test-Path) -and ($blocked_destination | Test-Path)) { LogWrite "in the first if, all paths tested True" #convert json from stdin to object try { $input_var=[Console]::In.ReadLine(); LogWrite "stdin input = $input_var" $scan_results = $input_var | Out-String | ConvertFrom-Json -ErrorAction Stop } catch { $retval = 1 #json parse error LogWrite "retval = $retval" } #if all fine till here check scan results if ($retval -eq 0 ){ #append actual file name (from result JSON) to the destination paths $display_name = $scan_results.file_info.display_name if ($display_name){ $allowed_destination += "\$display_name" $blocked_destination += "\$display_name" } if ([System.IO.File]::Exists($current_file_path)) { LogWrite "current_file_path (currently scanned file) exists..." try { switch ($scan_results.process_info.result.ToLower()) { 'allowed'{ LogWrite 'copying allowed' Copy-Item $current_file_path $allowed_destination -ErrorAction Stop; break } 'blocked'{ LogWrite 'copying blocked' Copy-Item $current_file_path $blocked_destination -ErrorAction Stop; break } default {LogWrite 'none of the above ...'; break} } } Catch { $retval = 2 # Copy error LogWrite "retval = $retval" } } else { $retval = 3 #currently scanned file path invalid LogWrite "retval = $retval" } } } else { $retval = 4 #invalid destination LogWrite "retval = $retval" } exit $retval