Example #1
0
def analyzeLog(filename):
    sigversion = None
    scannervv = None
    file_confirm = False
    malicious = False
    line_count = 0
    most_recent, mtime = getMostRecent(msseccli_data_dir, 'MPDetection')
    # Look for signature info
    if most_recent:
        lines = []
        with codecs.open(most_recent, 'r', 'utf-16le') as data:
            lines = data.readlines()
        lines.reverse()
        for line in lines:
            parts = line.split()
            if not scannervv and 'Version:' in parts:
                scannervv = '%s %s' % (module_name, parts[3])
                sigversion = parts[11]
            elif not file_confirm and 'DETECTION' in parts:
                if parts[3].find(filename) > len('file:'):
                    malicious = True
                    file_confirm = True
            line_count += 1
            if line_count > 1000:
                break
            if scannervv and sigversion and file_confirm:
                break
    sigdate = getSigDate(msseccli_update_dir)
    return [malicious, scannervv, sigversion, sigdate]
Example #2
0
File: avast.py Project: F3DS/f3ds
def getSigVersionAndDate():
    avast_defs = r'C:\Program Files\AVAST Software\Avast Business\defs'
    most_recent_path, mtime = getMostRecent(avast_defs,
                                            searchstring=avast_defs,
                                            filterfunction=isdir)
    sigversion = os.path.basename(most_recent_path)
    sigdate = datetime.fromtimestamp(mtime)
    return sigversion, sigdate
Example #3
0
def getSigVersionDate():
    """
    Use the update file to get the signature date and what as best I can tell is
    the signature version.
    """
    xmlish_filter = lambda x, y: x.lower().startswith('u') and x.lower().endswith(y)
    filepath, mtime = getMostRecent(kaspersky_data, 'g.xml', xmlish_filter)
    barename = path.splitext(path.basename(filepath))[0]
    sigversion = barename[1:-1]
    sigdate = getSigDate(filepath)
    return [sigversion, sigdate]