#!/bin/bash

# =======================================================================================
#
#  Copyright 2013 Sophos Ltd. All rights reserved.
#
#  Sophos and Sophos Anti-Virus are registered trademarks of Sophos Ltd.
#
#  All other product and company names mentioned are trademarks or registered
#  trademarks of their respective owners.
#
# =======================================================================================

# this script will remove an existing installation of Sophos Anti-Virus for Mac version 9
# probably not a good idea to run it on a version 8 installation

if [ "`whoami`" != "root" ] ; then echo "error: must be root" ; exit ; fi

echo ""
echo "WARNING: this script permenantly removes Sophos Anti-Virus for Mac version 9"
echo "         it should NOT be used on a version 8 installation"
echo ""
echo "if there are errors reported by this script, run it again (it fixes itself)"
echo ""

# run with -f to skip the 5 second delay
if [ "$1" != "-f" ]; then
    echo "press control-C now to abort (automatically continues in 5 seconds)"
    echo "run with -f (next time) to skip the 5 second delay"
    sleep 1
    for i in 1 2 3 4 5 ; do
        echo -n "."
        sleep 1
    done
    echo ""
fi

function delete_from_filesystem # path
{
    if [ -e "$1" ] ; then
        echo "removing $1"
        rm -rf "$1"
    fi
}

function stop_uiserver
{
    while [ 1 -eq 1 ] ; do
        COUNT=`ps -ef | grep SophosUIServer | grep -v grep | wc -l`
        if [ $COUNT -ne 0 ] ; then
            UISERVER_USERID=`ps -ef | grep SophosUIServer | grep -v grep | head -n 1 | cut -c 3-5`
            if [ "$UISERVER_USERID" != "" ] ; then
                echo "removing launchagent com.sophos.uiserver for user $UISERVER_USERID"
                for i in 1 2 3 4 5 6 7 8 9 10 ; do
                    if [ $i -eq 10 ] ; then
                        echo "error: failed to remove launchagent com.sophos.uiserver for user $UISERVER_USERID"
                        exit -1
                    fi
                    sudo -u "#$UISERVER_USERID" launchctl remove com.sophos.uiserver > /dev/null 2>&1
                    sleep 2
                    sudo -u "#$UISERVER_USERID" launchctl list | grep -q com.sophos.uiserver
                    if [ $? -ne 0 ] ; then
                        break
                    fi
		    sudo -u  "#$UISERVER_USERID" killall -9 SophosUIServer
                done
            fi
        else
            # no more UIServer instances
            break
        fi
    done
    delete_from_filesystem "/Library/LaunchAgents/com.sophos.uiserver.plist"
}

function stop_and_remove_ui
{
    COUNT=`ps -ef | grep "Sophos Anti-Virus" | grep -v grep | wc -l`
    if [ $COUNT -ne 0 ] ; then
        echo "stopping Sophos Anti-Virus.app"
        killall "Sophos Anti-Virus" > /dev/null 2>&1
    fi
    delete_from_filesystem "/Applications/Sophos Anti-Virus.app"
}

function stop_kext # kextname
{
    KEXTINFO=`kextstat -l -b "$1"`
    if [ "$KEXTINFO" != "" ] ; then
        echo "removing kext $1"
        kextunload -b "$1"
    fi
    KEXTINFO=`kextstat -l -b "$1"`
    if [ "$KEXTINFO" != "" ] ; then
        echo "error: failed to remove kext $1"
        exit -1
    fi
}

function stop_launch_daemon # daemon
{
    launchctl list | grep -q "$1"
    if [ $? -eq 0 ] ; then
        echo "removing launchdaemon $1"
        for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
            if [ $i -eq 20 ] ; then
                echo "error: failed to remove launchdaemon $1"
                exit -1
            fi
            launchctl remove "$1" > /dev/null 2>&1
            sleep 2
            launchctl list | grep -q "$1"
            if [ $? -ne 0 ] ; then
                break
            fi
        done
    fi
}

function verify_path_not_there # path
{
    while [ "$1" != "" ] ; do
        if [ -e "$1" ] ; then
            echo "error: leftover path $1 needs to be removed"
        fi
        shift
    done
}

function verify_ocelot_gone
{
    verify_path_not_there "/System/Library/Extensions/SAVDeviceController.kext"
    verify_path_not_there "/Applications/Sophos Anti-Virus.app/" 
    verify_path_not_there "/Library/Frameworks/SAVI.framework/" 
    verify_path_not_there "/Library/Frameworks/SUMScanKit.framework/" 
    verify_path_not_there "/Library/Sophos Anti-Virus/" 

    # can't put quotes around the wildcard *
    verify_path_not_there /Library/Caches/com.sophos.*/
    verify_path_not_there /Library/LaunchAgents/com.sophos.*.plist 
    verify_path_not_there /Library/LaunchDaemons/com.sophos.*.plist 
}

trap "verify_ocelot_gone" EXIT

for i in driver.devctrl macendpoint.nke.swi sophos.kext.sav ; do
    stop_kext "com.sophos.$i"
done

for i in autoupdate configuration devicecontrol intercheck notification scan webd sxld managementagent messagerouter; do
    stop_launch_daemon "com.sophos.$i"
done

for i in autoupdate configuration devicecontrol intercheck notification scan webd sxld managementagent messagerouter; do
    delete_from_filesystem /Library/LaunchDaemons/com.sophos.$i.plist
done

stop_uiserver
stop_and_remove_ui

delete_from_filesystem "/System/Library/Extensions/SAVDeviceController.kext"
delete_from_filesystem "/Library/Sophos Anti-Virus"
delete_from_filesystem "/Library/Frameworks/SAVI.framework"
delete_from_filesystem "/Library/Frameworks/SUMScanKit.framework"
delete_from_filesystem "/Applications/Sophos Anti-Virus.app"
delete_from_filesystem "/Library/Application Support/Sophos"
delete_from_filesystem "/Library/Caches/com.sophos.rms"
delete_from_filesystem "/Library/Caches/com.sophos.sav"
delete_from_filesystem "/Library/Caches/com.sophos.sau"
delete_from_filesystem "/Library/Caches/com.sophos.sxld"
delete_from_filesystem "/Library/Caches/com.sophos.installer"
delete_from_filesystem "/Library/Preferences/com.sophos.sau.plist"
delete_from_filesystem "/usr/bin/SophosUpdate"
delete_from_filesystem "/usr/bin/sweep"

security delete-generic-password -l SophosAUPrimaryServer -D "Sophos AutoUpdate" > /dev/null 2>&1
security delete-generic-password -l SophosAUPrimaryProxy -D "Sophos AutoUpdate" > /dev/null 2>&1
security delete-generic-password -l SophosAUSecondaryServer -D "Sophos AutoUpdate" > /dev/null 2>&1
security delete-generic-password -l SophosAUSecondaryProxy -D "Sophos AutoUpdate" > /dev/null 2>&1

echo "done"

