def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = [conf["path"]]
cmdline.extend(conf["cmdline"])
# Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
host, port, user = conf["host"]
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except Exception as e:
# TODO: log exeption
return None
# Parse output
output = output.decode("utf-8")
output = output.replace('\r', '')
output = output.split('\n')
results = []
fresults = {}
fname = None
for line in output:
if line.startswith('File: '):
fname = line[6:]
fresults[fname] = []
continue
elif line.startswith('Collecting data from file: '):
fname = line[27:]
fresults[fname] = []
continue
if fname:
virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line)
if virusresults:
confidence, exnt, ftype = virusresults[0]
fresults[fname].append([confidence, ftype, exnt])
for fname in fresults:
results.append((fname, fresults[fname]))
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
metadata["Include"] = False
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
host, port, user = conf["host"]
cmdline = conf["cmdline"]
path = conf["path"]
#Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
#Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
#Create full command line
cmdline.insert(0, path)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host,
list2cmdline(cmdline),
port=port,
username=user,
key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8")
virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output,
re.MULTILINE)
metadata = {}
verinfo = re.search(
"McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
metadata["Engine version"] = verinfo.group(1)
verinfo = re.search(
"Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)",
output)
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = conf["cmdline"]
#Generate scan option
scan = '/SCAN='
for item in filelist:
scan += '"' + item + '";'
#Create full command line
cmdline.insert(0, conf["path"])
cmdline.append(scan)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
#returnval = e.returncode
else:
host, port, user = conf["host"]
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8", errors='replace')
virusresults = re.findall("([^\r\n]+) Virus identified (.+)\s+$", output, re.MULTILINE)
#Stupid AVG prepends the UNC for mapped drives
uncdetect = "\(\\\\.*\) ([a-zA-Z]:\\\\.*)$"
for (file, result) in virusresults[:]:
retest = re.match(uncdetect, file)
if not retest:
continue
virusresults.remove((file, result))
virusresults.append((retest.group(1), result))
metadata = {}
verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
metadata["Engine version"] = verinfo.group(2)
verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
if verinfo:
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
host, port, user = conf["host"]
cmdline = conf["cmdline"]
path = conf["path"]
#Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
#Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
#Create full command line
cmdline.insert(0, path)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8")
virusresults = re.findall("([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE)
metadata = {}
verinfo = re.search("McAfee VirusScan Command Line for \S+ Version: ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
verinfo = re.search("AV Engine version: ([\d\.]+)\s", output)
metadata["Engine version"] = verinfo.group(1)
verinfo = re.search("Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output)
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
host, port, user = conf["host"]
cmdline = conf["cmdline"]
path = conf["path"]
#Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
#Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
#Create full command line
cmdline.insert(0, path)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host,
list2cmdline(cmdline),
port=port,
username=user,
key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8")
virusresults = re.findall(
".*\t([^\t]*)\t(?:detected|suspicion)\t([^\t\r\n]*)", output,
re.MULTILINE)
metadata = {}
#Sometimes reports come out as FILE//data#### this will just make that go into the main file report
tofix = []
fixdict = {}
for (file, result) in virusresults:
if len(file.split("//")) > 1:
tofix.append(file.split("//")[0])
if tofix:
for (file, result) in virusresults[:]:
if file.split("//")[0] in tofix:
virusresults.remove((file, result))
file = file.split("//")[0]
elif file in tofix:
virusresults.remove((file, result))
else:
continue
if file in fixdict:
blerp = fixdict[file]
if isinstance(blerp, list):
if result not in blerp:
blerp.append(result)
fixdict[file] = blerp
else:
blerp = fixdict[file]
fixdict[file] = [blerp, result]
else:
fixdict[file] = result
for key in fixdict:
virusresults.append((key, fixdict[key]))
#This seems to be all the metadata I can get... Maybe there is a better way?
if local:
try:
output = subprocess.check_output([path, "/?"])
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host,
list2cmdline([path, "/?"]),
username=user,
key_filename=conf["key"])
except:
return None
output = output.decode("utf-8")
verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = conf["cmdline"]
# Generate scan option
scan = '/SCAN='
for item in filelist:
scan += '"' + item + '";'
# Create full command line
cmdline.insert(0, conf["path"])
cmdline.append(scan)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
host, port, user = conf["host"]
try:
output = sshexec(host,
list2cmdline(cmdline),
port=port,
username=user,
key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Parse output
output = output.decode("utf-8", errors='replace')
virusresults = re.findall("(?:\([^\)]*\) )?([^\s]+) (.+)\s+$", output,
re.MULTILINE)
results = []
for (file, result) in virusresults[:]:
if result.endswith(' '):
result = result[:-1]
result = result.split(' ')
if file not in filelist:
file = file.split(':')[0]
while file not in filelist and result:
file = file + ' ' + result.pop(0)
if file not in filelist or not result:
continue
result = result[-1]
results.append((file, result))
metadata = {}
verinfo = re.search("Program version ([\d\.]+), engine ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
metadata["Engine version"] = verinfo.group(2)
verinfo = re.search("Virus Database: Version ([\d/]+) ([\d-]+)", output)
if verinfo:
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = conf["cmdline"]
results = []
output = ""
cmd = cmdline
for item in filelist:
cmd.append('"' + item + '" ')
cmd.insert(0, conf["path"])
host, port, user = conf["host"]
if local:
try:
output = subprocess.check_output(cmd)
except subprocess.CalledProcessError as e:
output = e.output
e.returncode
else:
try:
output = sshexec(host,
list2cmdline(cmd),
port=port,
username=user,
key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
output = output.decode("utf-8", errors="ignore")
output = output.replace('\r', '')
reader = output.split('\n')
data = {}
fname = filelist[0]
for row in reader:
row = row.split('\t')
try:
if row[0].startswith('======== '):
if data:
results.append((fname, data))
data = {}
fname = row[0][9:]
if re.match('[A-Za-z]:/', fname):
# why exif tools, whyyyyyyyy
fname = fname.replace('/', '\\')
continue
except Exception as e:
# TODO: log exception
pass
try:
if row[0] not in conf['remove-entry']:
data[row[0]] = row[1]
except Exception as e:
# TODO: log exception
continue
if data:
results.append((fname, data))
data = {}
reader = None
# Gather metadata
metadata = {}
output = output.replace('\r', '')
reader = output.split('\n')
for row in reader:
row = row.split('\t')
if row and row[0] == "ExifTool Version Number":
metadata["Program version"] = row[1]
break
metadata["Name"] = NAME
metadata["Type"] = TYPE
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = conf["cmdline"]
#Generate scan option
scan = ''
for item in filelist:
scan += '"' + item + '" '
#Create full command line
cmdline.insert(0, conf["path"])
cmdline.append(scan)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
#returnval = e.returncode
else:
host, port, user = conf["host"]
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8")
output = output.replace('\r', '')
output = output.split('\n')
results = []
fresults = {}
fname = None
for line in output:
if line.startswith('File: '):
fname = line[6:]
fresults[fname] = []
continue
elif line.startswith('Collecting data from file: '):
fname = line[27:]
fresults[fname] = []
continue
if fname:
virusresults = re.findall("\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line)
if virusresults:
confidence, exnt, ftype = virusresults[0]
fresults[fname].append([confidence, ftype, exnt])
for fname in fresults:
results.append((fname, fresults[fname]))
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
metadata["Include"] = False
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = conf["cmdline"]
results = []
output = ""
cmd = cmdline
for item in filelist:
cmd.append('"' + item + '" ')
cmd.insert(0, conf["path"])
host, port, user = conf["host"]
if local:
try:
output = subprocess.check_output(cmd)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host, list2cmdline(cmd), port=port, username=user, key_filename=conf["key"])
except:
return None
output = output.decode("utf-8", errors="ignore")
output = output.replace('\r', '')
reader = output.split('\n')
data = {}
fname = filelist[0]
for row in reader:
row = row.split('\t')
try:
if row[0].startswith('======== '):
if data:
results.append((fname, data))
data = {}
fname = row[0][9:]
if re.match('[A-Za-z]:/', fname):
#why exif tools, whyyyyyyyy
fname = fname.replace('/', '\\')
continue
except:
pass
try:
if row[0] not in conf['remove-entry']:
data[row[0]] = row[1]
except:
continue
if data:
results.append((fname, data))
data = {}
reader = None
#Gather metadata
metadata = {}
output = output.replace('\r', '')
reader = output.split('\n')
for row in reader:
row = row.split('\t')
if row and row[0] == "ExifTool Version Number":
metadata["Program version"] = row[1]
break
metadata["Name"] = NAME
metadata["Type"] = TYPE
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
host, port, user = conf["host"]
cmdline = conf["cmdline"]
path = conf["path"]
#Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
#Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
#Create full command line
cmdline.insert(0, path)
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except:
return None
#Parse output
output = output.decode("utf-8")
virusresults = re.findall(".*\t([^\t]*)\tdetected\t([^\t\r\n]*)", output, re.MULTILINE)
metadata = {}
#Sometimes reports come out as FILE//data#### this will just make that go into the main file report
tofix = []
fixdict = {}
for (file, result) in virusresults:
if len(file.split("//")) > 1:
tofix.append(file.split("//")[0])
if tofix:
for (file, result) in virusresults[:]:
if file.split("//")[0] in tofix:
virusresults.remove((file, result))
file = file.split("//")[0]
elif file in tofix:
virusresults.remove((file, result))
else:
continue
if file in fixdict:
blerp = fixdict[file]
if isinstance(blerp, list):
blerp.append(result)
fixdict[file] = blerp
else:
blerp = fixdict[file]
fixdict[file] = [blerp, result]
else:
fixdict[file] = result
for key in fixdict:
virusresults.append((key, fixdict[key]))
#This seems to be all the metadata I can get... Maybe there is a better way?
if local:
try:
output = subprocess.check_output([path,"/?"])
returnval = 0
except subprocess.CalledProcessError as e:
output = e.output
returnval = e.returncode
else:
try:
output = sshexec(host, list2cmdline([path,"/?"]), username=user, key_filename=conf["key"])
except:
return None
output = output.decode("utf-8")
verinfo = re.search("Kaspersky Anti-Virus \(R\) ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
return (virusresults, metadata)