Esempio n. 1
0
    def update_definitions(self):
        """
		Run $ sudo /opt/eset/esets/sbin/esets_update to update the virus definitions.
		It has to be run with root privs (sudo).

		Expected outputs:
		For update not necessary:
		$ sudo /opt/eset/esets/sbin/esets_update
		Update is not necessary - the installed virus signature database is current.
		Installed virus signature database version 8665 (20130808)

		For update needed/performed:
		$ sudo /opt/eset/esets/sbin/esets_update
		Virus signature database has been updated successfully.
		Installed virus signature database version 8681 (20130812)
		"""
        raw_update_output = check_output(["sudo", self._update_engine])
        if raw_update_output:
            raw_split = raw_update_output.split("\n")
            if raw_split and (
                    raw_split[0].startswith("Update is not necessary")
                    or raw_split[0].endswith("updated successfully.")):
                return
            else:
                raise ScannerUpdateError(
                    "Eset definition update failed. Unknown failure.")
        else:
            raise ScannerUpdateError(
                "Eset definition update failed. No output returned from updater."
            )
Esempio n. 2
0
	def update_definitions(self):
		"""
		Run $ sudo /usr/bin/freshclam to update the virus definitions.
		It has to be run with root privs (sudo).

		Example output:
		$ sudo /usr/bin/freshclam
		[sudo] password for avuser:

		ClamAV update process started at Thu Aug  8 21:11:29 2013
		main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
		daily.cld is up to date (version: 17649, sigs: 1516104, f-level: 63, builder: jesler)
		bytecode.cld is up to date (version: 217, sigs: 42, f-level: 63, builder: neo)

		This is what happens if we have a collision, and retry after a sleep:
		(psvirtualenv)vagrant@phagedev:~/phagescan$ nosetests -sv engines.clamav.test.testscan
		Checking whether the scanner's control binary exists ... ok
		Running scanner against an evil/malicious file.  Expects scanner to categorize file as malicious ... ok
		Running scanner against a good/benign file.  Expects scanner to categorize file as innocent ... ok
		Checking whether a valid license file is present (no-op for scanners that don't require a license) ... ok
		Querying scanner's name, (e.g. 'Avast') ... ok
		Querying scanner's platform, (e.g. 'Linux 32') ... ok
		Run test of A/V definition update functionality. ... ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
		WARNING: flashclam failed to get a lock on update files.  Trying again in 30...
		ok

		----------------------------------------------------------------------
		Ran 7 tests in 31.319s

		OK
		"""
		self._update_engine = "/usr/bin/freshclam"
		self._retry_timeout = 30
		try:
			check_output(['sudo', self._update_engine])
		except CalledProcessError, e:
			# this happens if there's already a freshclam instance running; wait and try again
			if e.output.find("ERROR: /var/log/clamav/freshclam.log is locked by another process") != -1:
				print "WARNING: freshclam failed to get a lock on update files.  Trying again in {0}s...".format(self._retry_timeout)
				time.sleep(self._retry_timeout)
				try:
					check_output(['sudo', self._update_engine])
				except CalledProcessError:
					ScannerUpdateError("freshclam cannot get a lock on update files after 2 tries.")
			else:
				ScannerUpdateError(e.output.split('\n'))
Esempio n. 3
0
	def update_definitions(self):

		# Example output:
		# $ sudo bdscan --update
		# BitDefender Antivirus Scanner for Unices v7.90123 Linux-i586
		# Copyright (C) 1996-2009 BitDefender. All rights reserved.
		# Trial key found. 29 days remaining.
		#
		# emalware.198 . updated
		# emalware.198  updated
		# ... SNIP ...

		try:
			check_output(['sudo', self._engine_path, "--update"])
		except CalledProcessError, e:
			raise ScannerUpdateError(e.output.split('\n'))
Esempio n. 4
0
    def update_definitions(self):
        """
		Run $ sudo /usr/bin/avastvpsupdate.sh to update the VPS definitions.
		It has to be run with root privs (sudo).

		Example output:
		$ sudo /usr/bin//avastvpsupdate.sh
		[sudo] password for avuser:

		ERROR-0: New VPS: 130808-0 (date: 08.08.2013) succesfully installed.
		"""

        try:
            check_output(['sudo', self._update_engine])
        except CalledProcessError, e:
            raise ScannerUpdateError(e.output.split('\n'))
Esempio n. 5
0
        except CalledProcessError, e:
            callret = e.returncode

        try:
            raw_update_output = check_output(command_task_progress,
                                             stderr=STDOUT)
            retcode = 0
        except CalledProcessError, e:
            raw_update_output = e.output
            retcode = e.returncode

        if retcode == 0:
            return
        else:
            raise ScannerUpdateError(
                "Kaspersky definition update failed. {0}".format(
                    raw_update_output))

    def _scan(self, file_object):

        # The Kaspersky control utility is loud
        fhNULL = open(devnull, "w")

        # create temporary sample file
        (fpSample, samplePath) = tempfile.mkstemp()
        write(fpSample, file_object.all_content)
        close(fpSample)
        self.mark_path_for_removal(samplePath)

        # create a unique task ID
        taskName = "scaggr_task_{0}".format(split(samplePath)[1])
Esempio n. 6
0
        try:
            raw_update_output = check_output(
                ['sudo', self._update_engine, self._update_engine_flags],
                stderr=STDOUT)
            retcode = 0
        except CalledProcessError, e:
            raw_update_output = e.output
            retcode = e.returncode

        if retcode == 0:
            # print "raw_update_output: {0}".format(raw_update_output)
            return
        else:
            raise ScannerUpdateError(
                "Symantec definition update failed. {0}".format(
                    raw_update_output))

    def _parse_scan_result(self, scan_result):

        infected, infected_string, metadata = False, '', dict()
        metadata.update(self.version)

        infected = scan_result.split("Infected")[1].split()[1] != "0"

        if infected:
            for string in scan_result.split("\n\n")[0].splitlines():
                tokens = string.split("\t")
                if len(tokens) == 3:
                    metadata[tokens[1][:-2]] = tokens[2]