def update_definitions(self):
"""
Run $ sudo /opt/eset/esets/sbin/esets_update to update the virus definitions.
It has to be run with root privs (sudo).
Expected outputs:
For update not necessary:
$ sudo /opt/eset/esets/sbin/esets_update
Update is not necessary - the installed virus signature database is current.
Installed virus signature database version 8665 (20130808)
For update needed/performed:
$ sudo /opt/eset/esets/sbin/esets_update
Virus signature database has been updated successfully.
Installed virus signature database version 8681 (20130812)
"""
raw_update_output = check_output(["sudo", self._update_engine])
if raw_update_output:
raw_split = raw_update_output.split("\n")
if raw_split and (
raw_split[0].startswith("Update is not necessary")
or raw_split[0].endswith("updated successfully.")):
return
else:
raise ScannerUpdateError(
"Eset definition update failed. Unknown failure.")
else:
raise ScannerUpdateError(
"Eset definition update failed. No output returned from updater."
)
def update_definitions(self):
"""
Run $ sudo /usr/bin/freshclam to update the virus definitions.
It has to be run with root privs (sudo).
Example output:
$ sudo /usr/bin/freshclam
[sudo] password for avuser:
ClamAV update process started at Thu Aug 8 21:11:29 2013
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
daily.cld is up to date (version: 17649, sigs: 1516104, f-level: 63, builder: jesler)
bytecode.cld is up to date (version: 217, sigs: 42, f-level: 63, builder: neo)
This is what happens if we have a collision, and retry after a sleep:
(psvirtualenv)vagrant@phagedev:~/phagescan$ nosetests -sv engines.clamav.test.testscan
Checking whether the scanner's control binary exists ... ok
Running scanner against an evil/malicious file. Expects scanner to categorize file as malicious ... ok
Running scanner against a good/benign file. Expects scanner to categorize file as innocent ... ok
Checking whether a valid license file is present (no-op for scanners that don't require a license) ... ok
Querying scanner's name, (e.g. 'Avast') ... ok
Querying scanner's platform, (e.g. 'Linux 32') ... ok
Run test of A/V definition update functionality. ... ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
WARNING: flashclam failed to get a lock on update files. Trying again in 30...
ok
----------------------------------------------------------------------
Ran 7 tests in 31.319s
OK
"""
self._update_engine = "/usr/bin/freshclam"
self._retry_timeout = 30
try:
check_output(['sudo', self._update_engine])
except CalledProcessError, e:
# this happens if there's already a freshclam instance running; wait and try again
if e.output.find("ERROR: /var/log/clamav/freshclam.log is locked by another process") != -1:
print "WARNING: freshclam failed to get a lock on update files. Trying again in {0}s...".format(self._retry_timeout)
time.sleep(self._retry_timeout)
try:
check_output(['sudo', self._update_engine])
except CalledProcessError:
ScannerUpdateError("freshclam cannot get a lock on update files after 2 tries.")
else:
ScannerUpdateError(e.output.split('\n'))
def update_definitions(self):
# Example output:
# $ sudo bdscan --update
# BitDefender Antivirus Scanner for Unices v7.90123 Linux-i586
# Copyright (C) 1996-2009 BitDefender. All rights reserved.
# Trial key found. 29 days remaining.
#
# emalware.198 . updated
# emalware.198 updated
# ... SNIP ...
try:
check_output(['sudo', self._engine_path, "--update"])
except CalledProcessError, e:
raise ScannerUpdateError(e.output.split('\n'))
def update_definitions(self):
"""
Run $ sudo /usr/bin/avastvpsupdate.sh to update the VPS definitions.
It has to be run with root privs (sudo).
Example output:
$ sudo /usr/bin//avastvpsupdate.sh
[sudo] password for avuser:
ERROR-0: New VPS: 130808-0 (date: 08.08.2013) succesfully installed.
"""
try:
check_output(['sudo', self._update_engine])
except CalledProcessError, e:
raise ScannerUpdateError(e.output.split('\n'))
except CalledProcessError, e:
callret = e.returncode
try:
raw_update_output = check_output(command_task_progress,
stderr=STDOUT)
retcode = 0
except CalledProcessError, e:
raw_update_output = e.output
retcode = e.returncode
if retcode == 0:
return
else:
raise ScannerUpdateError(
"Kaspersky definition update failed. {0}".format(
raw_update_output))
def _scan(self, file_object):
# The Kaspersky control utility is loud
fhNULL = open(devnull, "w")
# create temporary sample file
(fpSample, samplePath) = tempfile.mkstemp()
write(fpSample, file_object.all_content)
close(fpSample)
self.mark_path_for_removal(samplePath)
# create a unique task ID
taskName = "scaggr_task_{0}".format(split(samplePath)[1])
try:
raw_update_output = check_output(
['sudo', self._update_engine, self._update_engine_flags],
stderr=STDOUT)
retcode = 0
except CalledProcessError, e:
raw_update_output = e.output
retcode = e.returncode
if retcode == 0:
# print "raw_update_output: {0}".format(raw_update_output)
return
else:
raise ScannerUpdateError(
"Symantec definition update failed. {0}".format(
raw_update_output))
def _parse_scan_result(self, scan_result):
infected, infected_string, metadata = False, '', dict()
metadata.update(self.version)
infected = scan_result.split("Infected")[1].split()[1] != "0"
if infected:
for string in scan_result.split("\n\n")[0].splitlines():
tokens = string.split("\t")
if len(tokens) == 3:
metadata[tokens[1][:-2]] = tokens[2]