def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
elif SSH:
local = False
cmdline = [conf["path"]]
cmdline.extend(conf["cmdline"])
# Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
output = ""
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
host, port, user = conf["host"]
try:
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except Exception as e:
# TODO: log exeption
return None
# Parse output
output = output.decode("utf-8")
output = output.replace('\r', '')
output = output.split('\n')
results = []
fresults = {}
fname = None
for line in output:
if line.startswith('File: '):
fname = line[6:]
fresults[fname] = []
continue
elif line.startswith('Collecting data from file: '):
fname = line[27:]
fresults[fname] = []
continue
if fname:
virusresults = re.findall(r"\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line)
if virusresults:
confidence, exnt, ftype = virusresults[0]
fresults[fname].append([confidence, ftype, exnt])
for fname in fresults:
results.append((fname, fresults[fname]))
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
metadata["Include"] = False
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
path = conf["path"]
# Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
# Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
# Create full command line
cmdline.insert(0, path)
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
host, port, user = conf["host"]
output = sshexec(host,
list2cmdline(cmdline),
port=port,
username=user,
key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Parse output
output = output.decode("utf-8")
virusresults = re.findall(r"([^\n\r]+) ... Found: ([^\n\r]+)", output,
re.MULTILINE)
metadata = {}
verinfo = re.search(
r"McAfee VirusScan Command Line for \S+ Version: ([\d.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
verinfo = re.search(r"AV Engine version: ([\d\.]+)\s", output)
metadata["Engine version"] = verinfo.group(1)
verinfo = re.search(
r"Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)",
output)
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
path = conf["path"]
# Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
# Generate scan option
for item in filelist:
cmdline.append('"' + item + '"')
# Create full command line
cmdline.insert(0, path)
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
host, port, user = conf["host"]
output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Parse output
output = output.decode("utf-8")
virusresults = re.findall(r"([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE)
metadata = {}
verinfo = re.search(r"McAfee VirusScan Command Line for \S+ Version: ([\d.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
verinfo = re.search(r"AV Engine version: ([\d\.]+)\s", output)
metadata["Engine version"] = verinfo.group(1)
verinfo = re.search(r"Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output)
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
# Generate scan option
scan = '/SCAN='
for item in filelist:
scan += '"' + item + '";'
# Create full command line
cmdline.insert(0, conf["path"])
cmdline.append(scan)
if local:
try:
output = subprocess.check_output(cmdline)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
host, port, user = conf["host"]
output = sshexec(host,
list2cmdline(cmdline),
port=port,
username=user,
key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Parse output
output = output.decode("utf-8", errors='replace')
virusresults = re.findall(r"(?:\([^\)]*\) )?([^\s]+) (.+)\s+$", output,
re.MULTILINE)
results = []
for (file, result) in virusresults[:]:
if result.endswith(' '):
result = result[:-1]
result = result.split(' ')
if file not in filelist:
file = file.split(':')[0]
while file not in filelist and result:
file = file + ' ' + result.pop(0)
if file not in filelist or not result:
continue
result = result[-1]
results.append((file, result))
metadata = {}
verinfo = re.search(r"Program version ([\d\.]+), engine ([\d\.]+)", output)
metadata["Name"] = NAME
metadata["Type"] = TYPE
if verinfo:
metadata["Program version"] = verinfo.group(1)
metadata["Engine version"] = verinfo.group(2)
verinfo = re.search(r"Virus Database: Version ([\d/]+) ([\d-]+)", output)
if verinfo:
metadata["Definition version"] = verinfo.group(1)
metadata["Definition date"] = verinfo.group(2)
return (results, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
path = conf["path"]
# Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
# Create full command line
cmdline.insert(0, path)
resultlist = []
try:
host, port, user = conf["host"]
client = sshconnect(host,
port=port,
username=user,
key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Generate scan option
for item in filelist:
cmd = cmdline[:]
cmd.append('"' + item + '"')
# print(repr(cmd))
# print(repr(list2cmdline(cmd)))
if local:
try:
output = subprocess.check_output(cmd)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
stdin, stdout, stderr = client.exec_command(list2cmdline(cmd))
output = stdout.read()
except Exception as e:
return None
# Parse output
output = output.decode("utf-8")
# print(output)
if "<===========================LIST OF DETECTED THREATS==========================>" not in output:
# resultlist.append((item, {"malicious": False, "raw_output": output}))
continue
# res = {"malicious": True, "raw_output": output, "threats": []}
threat_name = ""
while '----------------------------- Threat information ------------------------------' in output:
_, _, output = output.partition(
'----------------------------- Threat information ------------------------------'
)
output = output.lstrip()
block, _, _ = output.partition(
'-------------------------------------------------------------------------------'
)
# print(block)
lines = block.split('\n')
threat_name = lines[0].partition(':')[2].strip()
# threat = {"threat": threat_name, "resources": []}
# for line in lines[2:]:
# if not ':' in line:
# continue
# kind, _, path = line.partition(':')
# threat['resources'].append({kind.strip(): path.strip()})
# res['threats'].append(threat)
resultlist.append((item, threat_name))
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
return (resultlist, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
path = conf["path"]
# Fixes list2cmd so we can actually quote things...
subprocess.list2cmdline = list2cmdline
# Create full command line
cmdline.insert(0, path)
resultlist = []
try:
host, port, user = conf["host"]
client = sshconnect(host, port=port, username=user, key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
# Generate scan option
for item in filelist:
cmd = cmdline[:]
cmd.append('"' + item + '"')
# print(repr(cmd))
# print(repr(list2cmdline(cmd)))
if local:
try:
output = subprocess.check_output(cmd)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
stdin, stdout, stderr = client.exec_command(list2cmdline(cmd))
output = stdout.read()
except Exception as e:
return None
# Parse output
output = output.decode("utf-8")
# print(output)
if "<===========================LIST OF DETECTED THREATS==========================>" not in output:
# resultlist.append((item, {"malicious": False, "raw_output": output}))
continue
# res = {"malicious": True, "raw_output": output, "threats": []}
threat_name = ""
while '----------------------------- Threat information ------------------------------' in output:
_, _, output = output.partition(
'----------------------------- Threat information ------------------------------')
output = output.lstrip()
block, _, _ = output.partition(
'-------------------------------------------------------------------------------')
# print(block)
lines = block.split('\n')
threat_name = lines[0].partition(':')[2].strip()
# threat = {"threat": threat_name, "resources": []}
# for line in lines[2:]:
# if not ':' in line:
# continue
# kind, _, path = line.partition(':')
# threat['resources'].append({kind.strip(): path.strip()})
# res['threats'].append(threat)
resultlist.append((item, threat_name))
metadata = {}
metadata["Name"] = NAME
metadata["Type"] = TYPE
return (resultlist, metadata)
def scan(filelist, conf=DEFAULTCONF):
if os.path.isfile(conf["path"]):
local = True
else:
local = False
cmdline = conf["cmdline"]
results = []
cmd = cmdline
for item in filelist:
cmd.append('"' + item + '" ')
cmd.insert(0, conf["path"])
host, port, user = conf["host"]
if local:
try:
output = subprocess.check_output(cmd)
except subprocess.CalledProcessError as e:
output = e.output
else:
try:
output = sshexec(host, list2cmdline(cmd), port=port, username=user, key_filename=conf["key"])
except Exception as e:
# TODO: log exception
return None
output = output.decode("utf-8", errors="ignore")
output = output.replace('\r', '')
reader = output.split('\n')
data = {}
fname = filelist[0]
for row in reader:
row = row.split('\t')
try:
if row[0].startswith('======== '):
if data:
results.append((fname, data))
data = {}
fname = row[0][9:]
if re.match('[A-Za-z]:/', fname):
# why exif tools, whyyyyyyyy
fname = fname.replace('/', '\\')
continue
except Exception as e:
# TODO: log exception
pass
try:
if row[0] not in conf['remove-entry']:
data[row[0]] = row[1]
except Exception as e:
# TODO: log exception
continue
if data:
results.append((fname, data))
# Gather metadata
metadata = {}
output = output.replace('\r', '')
reader = output.split('\n')
for row in reader:
row = row.split('\t')
if row and row[0] == "ExifTool Version Number":
metadata["Program version"] = row[1]
break
metadata["Name"] = NAME
metadata["Type"] = TYPE
return (results, metadata)
def test_list2cmdline():
ls = ['1', 'a', '"dsafsad"']
result = '1 a "dsafsad"'
assert utils.list2cmdline(ls) == result
def test_list2cmdline():
ls = ['1', 'a', '"dsafsad"']
result = '1 a "dsafsad"'
assert utils.list2cmdline(ls) == result