log4shell-tool icon indicating copy to clipboard operation
log4shell-tool copied to clipboard

Published 20 hours ago verified publisher icon datto

Add param block and use the actual script location for finding YARA

Open theologos7 opened this issue 3 years ago • 2 comments

Add a param block similar to the following:

[CmdletBinding()]
param (
    [Parameter(Mandatory=$false)][int]$usrScanscope = $env:usrScanscope,
    [Parameter(Mandatory=$false)][bool]$usrUpdateDefs = $env:usrUpdateDefs,
    [Parameter(Mandatory=$false)][char]$usrMitigate = $env:usrMitigate
)

Use this to get the location of the script itself, not the current directory:

$scriptObject = Get-Item -Path $script:PSCommandPath
$script:workingPath = $($scriptObject.DirectoryName)

So that this:

foreach ($iteration in ('yara32.exe','yara64.exe')) {
    if (!(test-path $iteration)) {
        write-host "! ERROR: $iteration not found. It needs to be in the same directory as the script."
        write-host "  Download Yara from https://github.com/virustotal/yara/releases/latest and place them here."
        exit 1
    } else {
        write-host "- Verified presence of $iteration."
    }

becomes this

foreach ($iteration in ('yara32.exe','yara64.exe')) {
    if (!(test-path "$script:workingPath\$iteration")) {
        write-host "! ERROR: $iteration not found. It needs to be in the same directory as the script."
        write-host "  Download Yara from https://github.com/virustotal/yara/releases/latest and place them here."
        exit 1
    } else {
        write-host "- Verified presence of $iteration."
    }

Hope this helps 😊

Edit: Link to the fork which implements these changes: https://github.com/ProVal-Tech/log4shell-tool

theologos7 avatar Dec 14 '21 19:12 theologos7

Hi; This is a great resource for people looking to bolster the script, thank you for adding it. The reason the script is written the way it is is because originally it was intended for use with the Datto RMM solution which does not require the above steps to be taken; however, if we make "generic" scripts in future I will endeavour to bridge this gap a little closer. I won't close this case so everyone can see it. Cheers – SL

Datto-StanLee avatar Dec 15 '21 09:12 Datto-StanLee

For completeness sake, and because with the initial proposed edits alone the script would break, I forked the repo and edited the script to include these edits. I'll also edit the initial issue with the link to the fork. https://github.com/ProVal-Tech/log4shell-tool

theologos7 avatar Dec 15 '21 13:12 theologos7