Ejemplo n.º 1
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = [conf["path"]]
    cmdline.extend(conf["cmdline"])
    # Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
        except subprocess.CalledProcessError as e:
            output = e.output

    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except Exception as e:
            # TODO: log exeption
            return None

    # Parse output
    output = output.decode("utf-8")
    output = output.replace('\r', '')
    output = output.split('\n')
    results = []
    fresults = {}
    fname = None
    for line in output:
        if line.startswith('File: '):
            fname = line[6:]
            fresults[fname] = []
            continue

        elif line.startswith('Collecting data from file: '):
            fname = line[27:]
            fresults[fname] = []
            continue

        if fname:
            virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line)
            if virusresults:
                confidence, exnt, ftype = virusresults[0]
                fresults[fname].append([confidence, ftype, exnt])
    for fname in fresults:
        results.append((fname, fresults[fname]))
    metadata = {}
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    metadata["Include"] = False
    return (results, metadata)
Ejemplo n.º 2
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    #Create full command line
    cmdline.insert(0, path)

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output,
                              re.MULTILINE)
    metadata = {}
    verinfo = re.search(
        "McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
        metadata["Engine version"] = verinfo.group(1)
        verinfo = re.search(
            "Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)",
            output)
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)

    return (virusresults, metadata)
Ejemplo n.º 3
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
    
    cmdline = conf["cmdline"]
    #Generate scan option
    scan = '/SCAN='
    for item in filelist:
        scan += '"' + item + '";'
    
    #Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            #returnval = e.returncode
    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None
    #Parse output
    output = output.decode("utf-8", errors='replace')
    virusresults = re.findall("([^\r\n]+) Virus identified (.+)\s+$", output, re.MULTILINE)
    #Stupid AVG prepends the UNC for mapped drives
    uncdetect = "\(\\\\.*\) ([a-zA-Z]:\\\\.*)$"
    for (file, result) in virusresults[:]:
        retest = re.match(uncdetect, file)
        if not retest:
            continue
        virusresults.remove((file, result))
        virusresults.append((retest.group(1), result))
    
    metadata = {}
    verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        metadata["Engine version"] = verinfo.group(2)
    verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
    if verinfo:
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    return (virusresults, metadata)
Ejemplo n.º 4
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')
    
    #Create full command line
    cmdline.insert(0, path)
    
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE)
    metadata = {}
    verinfo = re.search("McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
        metadata["Engine version"] = verinfo.group(1)
        verinfo = re.search("Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output)
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    
    return (virusresults, metadata)	
Ejemplo n.º 5
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]

    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')

    #Create full command line
    cmdline.insert(0, path)

    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall(
        ".*\t([^\t]*)\t(?:detected|suspicion)\t([^\t\r\n]*)", output,
        re.MULTILINE)
    metadata = {}
    #Sometimes reports come out as FILE//data#### this will just make that go into the main file report
    tofix = []
    fixdict = {}

    for (file, result) in virusresults:
        if len(file.split("//")) > 1:
            tofix.append(file.split("//")[0])

    if tofix:
        for (file, result) in virusresults[:]:
            if file.split("//")[0] in tofix:
                virusresults.remove((file, result))
                file = file.split("//")[0]
            elif file in tofix:
                virusresults.remove((file, result))
            else:
                continue
            if file in fixdict:
                blerp = fixdict[file]
                if isinstance(blerp, list):
                    if result not in blerp:
                        blerp.append(result)
                    fixdict[file] = blerp
                else:
                    blerp = fixdict[file]
                    fixdict[file] = [blerp, result]
            else:
                fixdict[file] = result

    for key in fixdict:
        virusresults.append((key, fixdict[key]))

    #This seems to be all the metadata I can get... Maybe there is a better way?
    if local:
        try:
            output = subprocess.check_output([path, "/?"])
            returnval = 0
        except subprocess.CalledProcessError as e:
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline([path, "/?"]),
                             username=user,
                             key_filename=conf["key"])
        except:
            return None
    output = output.decode("utf-8")
    verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
    return (virusresults, metadata)
Ejemplo n.º 6
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = conf["cmdline"]
    # Generate scan option
    scan = '/SCAN='
    for item in filelist:
        scan += '"' + item + '";'

    # Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
        except subprocess.CalledProcessError as e:
            output = e.output
    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host,
                             list2cmdline(cmdline),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except Exception as e:
            # TODO: log exception
            return None
    # Parse output
    output = output.decode("utf-8", errors='replace')
    virusresults = re.findall("(?:\([^\)]*\) )?([^\s]+) (.+)\s+$", output,
                              re.MULTILINE)
    results = []
    for (file, result) in virusresults[:]:
        if result.endswith(' '):
            result = result[:-1]
        result = result.split(' ')
        if file not in filelist:
            file = file.split(':')[0]
            while file not in filelist and result:
                file = file + ' ' + result.pop(0)
            if file not in filelist or not result:
                continue
        result = result[-1]
        results.append((file, result))

    metadata = {}
    verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
        metadata["Engine version"] = verinfo.group(2)
    verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
    if verinfo:
        metadata["Definition version"] = verinfo.group(1)
        metadata["Definition date"] = verinfo.group(2)
    return (results, metadata)
Ejemplo n.º 7
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False

    cmdline = conf["cmdline"]
    results = []
    output = ""
    cmd = cmdline
    for item in filelist:
        cmd.append('"' + item + '" ')
    cmd.insert(0, conf["path"])

    host, port, user = conf["host"]
    if local:
        try:
            output = subprocess.check_output(cmd)
        except subprocess.CalledProcessError as e:
            output = e.output
            e.returncode
    else:
        try:
            output = sshexec(host,
                             list2cmdline(cmd),
                             port=port,
                             username=user,
                             key_filename=conf["key"])
        except Exception as e:
            # TODO: log exception
            return None

    output = output.decode("utf-8", errors="ignore")
    output = output.replace('\r', '')
    reader = output.split('\n')
    data = {}
    fname = filelist[0]
    for row in reader:
        row = row.split('\t')
        try:
            if row[0].startswith('======== '):
                if data:
                    results.append((fname, data))
                    data = {}
                fname = row[0][9:]
                if re.match('[A-Za-z]:/', fname):
                    # why exif tools, whyyyyyyyy
                    fname = fname.replace('/', '\\')
                continue
        except Exception as e:
            # TODO: log exception
            pass
        try:
            if row[0] not in conf['remove-entry']:
                data[row[0]] = row[1]
        except Exception as e:
            # TODO: log exception
            continue
    if data:
        results.append((fname, data))
        data = {}
    reader = None

    # Gather metadata
    metadata = {}
    output = output.replace('\r', '')
    reader = output.split('\n')
    for row in reader:
        row = row.split('\t')
        if row and row[0] == "ExifTool Version Number":
            metadata["Program version"] = row[1]
            break
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    return (results, metadata)
Ejemplo n.º 8
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
    
    cmdline = conf["cmdline"]
    #Generate scan option
    scan = ''
    for item in filelist:
        scan += '"' + item + '" '
    
    #Create full command line
    cmdline.insert(0, conf["path"])
    cmdline.append(scan)
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            #returnval = e.returncode

    else:
        host, port, user = conf["host"]
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None
    
    #Parse output
    output = output.decode("utf-8")
    output = output.replace('\r', '')
    output = output.split('\n')
    results = []
    fresults = {}
    fname = None
    for line in output:
        if line.startswith('File: '):
            fname = line[6:]
            fresults[fname] = []
            continue
            
        elif line.startswith('Collecting data from file: '):
            fname = line[27:]
            fresults[fname] = []
            continue
            
        if fname:
            virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line) 
            if virusresults:
                confidence, exnt, ftype = virusresults[0]
                fresults[fname].append([confidence, ftype, exnt])
    for fname in fresults:
        results.append((fname, fresults[fname]))
    metadata = {}
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    metadata["Include"] = False
    return (results, metadata)
Ejemplo n.º 9
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        
    cmdline = conf["cmdline"]
    results = []
    output = ""
    cmd = cmdline
    for item in filelist:
        cmd.append('"' + item + '" ')
    cmd.insert(0, conf["path"])

    host, port, user = conf["host"]
    if local:
        try:
            output = subprocess.check_output(cmd)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmd), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    output = output.decode("utf-8", errors="ignore")
    output = output.replace('\r', '')
    reader = output.split('\n')
    data = {}
    fname = filelist[0]
    for row in reader:
        row = row.split('\t')
        try:
            if row[0].startswith('======== '):
                if data:
                    results.append((fname, data))
                    data = {}
                fname = row[0][9:]
                if re.match('[A-Za-z]:/', fname):
                    #why exif tools, whyyyyyyyy
                    fname = fname.replace('/', '\\')
                continue
        except:
            pass
        try:
            if row[0] not in conf['remove-entry']:
                data[row[0]] = row[1]
        except:
            continue
    if data:
        results.append((fname, data))
        data = {}
    reader = None
    
    #Gather metadata
    metadata = {}
    output = output.replace('\r', '')
    reader = output.split('\n')
    for row in reader:
        row = row.split('\t')
        if row and row[0] == "ExifTool Version Number":
            metadata["Program version"] = row[1]
            break	
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    return (results, metadata)	
Ejemplo n.º 10
0
def scan(filelist, conf=DEFAULTCONF):
    if os.path.isfile(conf["path"]):
        local = True
    elif SSH:
        local = False
        host, port, user = conf["host"]
    cmdline = conf["cmdline"]
    path = conf["path"]
    
    #Fixes list2cmd so we can actually quote things...
    subprocess.list2cmdline = list2cmdline
    #Generate scan option
    for item in filelist:
        cmdline.append('"' + item + '"')
    
    #Create full command line
    cmdline.insert(0, path)
    
    output = ""
    if local:
        try:
            output = subprocess.check_output(cmdline)
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
        except:
            return None

    #Parse output
    output = output.decode("utf-8")
    virusresults = re.findall(".*\t([^\t]*)\tdetected\t([^\t\r\n]*)", output, re.MULTILINE)
    metadata = {}
    #Sometimes reports come out as FILE//data#### this will just make that go into the main file report
    tofix = []
    fixdict = {}

    for (file, result) in virusresults:
        if len(file.split("//")) > 1:
            tofix.append(file.split("//")[0])
    
    if tofix:
        for (file, result) in virusresults[:]:
            if file.split("//")[0] in tofix:
                virusresults.remove((file, result))
                file = file.split("//")[0]
            elif file in tofix:
                virusresults.remove((file, result))
            else:
                continue
            if file in fixdict:
                blerp = fixdict[file]
                if isinstance(blerp, list):
                    blerp.append(result)
                    fixdict[file] = blerp
                else:
                    blerp = fixdict[file]
                    fixdict[file] = [blerp, result]
            else:
                fixdict[file] = result
    
    for key in fixdict:
        virusresults.append((key, fixdict[key]))
    
    #This seems to be all the metadata I can get... Maybe there is a better way?
    if local:
        try:
            output = subprocess.check_output([path,"/?"])
            returnval = 0
        except subprocess.CalledProcessError as e: 
            output = e.output
            returnval = e.returncode
    else:
        try:
            output = sshexec(host, list2cmdline([path,"/?"]), username=user, key_filename=conf["key"])
        except:
            return None
    output = output.decode("utf-8")
    verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
    metadata["Name"] = NAME
    metadata["Type"] = TYPE
    if verinfo:
        metadata["Program version"] = verinfo.group(1)
    return (virusresults, metadata)