Right, but in this case the idea is to catch the case where a plist does not exist so stderr needs to be redirected to assign it to the variable. The non existence of these plist files is the only case we know about.
I'm not following your logic.
If you didn't redirect and grep the stderr stream, the value assigned to the variable is "" (empty string). How is that not a definitive indicator that there is either no such file, or no such key?
It's conceivable that the file does exist, and the key exists with a value of "" (empty string), and this would not be a uniquely detectable condition. I'm not seeing how it's harmful, though, since it means DYLD_INSERT_LIBRARIES is defined to be the empty string. How is that harmful?
If it were strictly necessary to detect "no such file or no such key", then checking the exit status of 'defaults' is simpler:
Code:
example=$(defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES 2>/dev/null || echo "###")
If defaults has any non-zero exit status (i.e. no such file or no such key), then
example will be assigned the string "###" (any other distinctive string would suffice). It's not necessary to parse the stderr messages looking for a grep pattern. Using the exit status of defaults is sufficient in this case.
I also see that your example is still using the wrong syntax for defaults [1]. So it will behave as if the file and/or key doesn't exist, producing a false negative.
Likewise for the removal, a script can't be made by the information posted by Fsecure since the exact output is not known.
It is entirely possible to script the "use the path retrieved from the plist" procedure using PListBuddy. It's also possible using defaults and awk. I'm not going to suggest it's trivial, or even simple (as such scripts go). It is, however, quite possible to get the value assigned to DYLD_INSERT_LIBRARIES and do something with that pathname.
I surmise that Fsecure simply isn't interested in producing a free solution, since they explicitly say that non-advanced users should contact their support.
There may even be a better choice of scripting language than bash. Perhaps python or perl.
Personally, I'm not going to spend a lot of time on it, because none of the Mac users I know personally have this infection, and the ones I talked to recently are well aware of how to avoid it.
[1] according to
this Fsecure web page and
this one.
----------
Really? If you are not capable of writing it, how are you going to assess that the script you are using is correct? The best is to follow the exact instructions given by Fsecure.
You're right, I rescind my suggestion.
The best strategy is to not compound one mistake with another, and to not trust scripts posted from unknown sources, no matter how good they might look at first glance.