def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True elif SSH: local = False cmdline = [conf["path"]] cmdline.extend(conf["cmdline"]) # Generate scan option for item in filelist: cmdline.append('"' + item + '"') output = "" if local: try: output = subprocess.check_output(cmdline) except subprocess.CalledProcessError as e: output = e.output else: host, port, user = conf["host"] try: output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exeption return None # Parse output output = output.decode("utf-8") output = output.replace('\r', '') output = output.split('\n') results = [] fresults = {} fname = None for line in output: if line.startswith('File: '): fname = line[6:] fresults[fname] = [] continue elif line.startswith('Collecting data from file: '): fname = line[27:] fresults[fname] = [] continue if fname: virusresults = re.findall(r"\s*(\d+.\d+\%) \((\.[^\)]+)\) (.+) \(\d+/", line) if virusresults: confidence, exnt, ftype = virusresults[0] fresults[fname].append([confidence, ftype, exnt]) for fname in fresults: results.append((fname, fresults[fname])) metadata = {} metadata["Name"] = NAME metadata["Type"] = TYPE metadata["Include"] = False return (results, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] path = conf["path"] # Fixes list2cmd so we can actually quote things... subprocess.list2cmdline = list2cmdline # Generate scan option for item in filelist: cmdline.append('"' + item + '"') # Create full command line cmdline.insert(0, path) if local: try: output = subprocess.check_output(cmdline) except subprocess.CalledProcessError as e: output = e.output else: try: host, port, user = conf["host"] output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None # Parse output output = output.decode("utf-8") virusresults = re.findall(r"([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE) metadata = {} verinfo = re.search( r"McAfee VirusScan Command Line for \S+ Version: ([\d.]+)", output) metadata["Name"] = NAME metadata["Type"] = TYPE if verinfo: metadata["Program version"] = verinfo.group(1) verinfo = re.search(r"AV Engine version: ([\d\.]+)\s", output) metadata["Engine version"] = verinfo.group(1) verinfo = re.search( r"Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output) metadata["Definition version"] = verinfo.group(1) metadata["Definition date"] = verinfo.group(2) return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] path = conf["path"] # Fixes list2cmd so we can actually quote things... subprocess.list2cmdline = list2cmdline # Generate scan option for item in filelist: cmdline.append('"' + item + '"') # Create full command line cmdline.insert(0, path) if local: try: output = subprocess.check_output(cmdline) except subprocess.CalledProcessError as e: output = e.output else: try: host, port, user = conf["host"] output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None # Parse output output = output.decode("utf-8") virusresults = re.findall(r"([^\n\r]+) ... Found: ([^\n\r]+)", output, re.MULTILINE) metadata = {} verinfo = re.search(r"McAfee VirusScan Command Line for \S+ Version: ([\d.]+)", output) metadata["Name"] = NAME metadata["Type"] = TYPE if verinfo: metadata["Program version"] = verinfo.group(1) verinfo = re.search(r"AV Engine version: ([\d\.]+)\s", output) metadata["Engine version"] = verinfo.group(1) verinfo = re.search(r"Dat set version: (\d+) created (\w+ (?:\d|\d\d) \d\d\d\d)", output) metadata["Definition version"] = verinfo.group(1) metadata["Definition date"] = verinfo.group(2) return (virusresults, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] # Generate scan option scan = '/SCAN=' for item in filelist: scan += '"' + item + '";' # Create full command line cmdline.insert(0, conf["path"]) cmdline.append(scan) if local: try: output = subprocess.check_output(cmdline) except subprocess.CalledProcessError as e: output = e.output else: try: host, port, user = conf["host"] output = sshexec(host, list2cmdline(cmdline), port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None # Parse output output = output.decode("utf-8", errors='replace') virusresults = re.findall(r"(?:\([^\)]*\) )?([^\s]+) (.+)\s+$", output, re.MULTILINE) results = [] for (file, result) in virusresults[:]: if result.endswith(' '): result = result[:-1] result = result.split(' ') if file not in filelist: file = file.split(':')[0] while file not in filelist and result: file = file + ' ' + result.pop(0) if file not in filelist or not result: continue result = result[-1] results.append((file, result)) metadata = {} verinfo = re.search(r"Program version ([\d\.]+), engine ([\d\.]+)", output) metadata["Name"] = NAME metadata["Type"] = TYPE if verinfo: metadata["Program version"] = verinfo.group(1) metadata["Engine version"] = verinfo.group(2) verinfo = re.search(r"Virus Database: Version ([\d/]+) ([\d-]+)", output) if verinfo: metadata["Definition version"] = verinfo.group(1) metadata["Definition date"] = verinfo.group(2) return (results, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] path = conf["path"] # Fixes list2cmd so we can actually quote things... subprocess.list2cmdline = list2cmdline # Create full command line cmdline.insert(0, path) resultlist = [] try: host, port, user = conf["host"] client = sshconnect(host, port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None # Generate scan option for item in filelist: cmd = cmdline[:] cmd.append('"' + item + '"') # print(repr(cmd)) # print(repr(list2cmdline(cmd))) if local: try: output = subprocess.check_output(cmd) except subprocess.CalledProcessError as e: output = e.output else: try: stdin, stdout, stderr = client.exec_command(list2cmdline(cmd)) output = stdout.read() except Exception as e: return None # Parse output output = output.decode("utf-8") # print(output) if "<===========================LIST OF DETECTED THREATS==========================>" not in output: # resultlist.append((item, {"malicious": False, "raw_output": output})) continue # res = {"malicious": True, "raw_output": output, "threats": []} threat_name = "" while '----------------------------- Threat information ------------------------------' in output: _, _, output = output.partition( '----------------------------- Threat information ------------------------------' ) output = output.lstrip() block, _, _ = output.partition( '-------------------------------------------------------------------------------' ) # print(block) lines = block.split('\n') threat_name = lines[0].partition(':')[2].strip() # threat = {"threat": threat_name, "resources": []} # for line in lines[2:]: # if not ':' in line: # continue # kind, _, path = line.partition(':') # threat['resources'].append({kind.strip(): path.strip()}) # res['threats'].append(threat) resultlist.append((item, threat_name)) metadata = {} metadata["Name"] = NAME metadata["Type"] = TYPE return (resultlist, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] path = conf["path"] # Fixes list2cmd so we can actually quote things... subprocess.list2cmdline = list2cmdline # Create full command line cmdline.insert(0, path) resultlist = [] try: host, port, user = conf["host"] client = sshconnect(host, port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None # Generate scan option for item in filelist: cmd = cmdline[:] cmd.append('"' + item + '"') # print(repr(cmd)) # print(repr(list2cmdline(cmd))) if local: try: output = subprocess.check_output(cmd) except subprocess.CalledProcessError as e: output = e.output else: try: stdin, stdout, stderr = client.exec_command(list2cmdline(cmd)) output = stdout.read() except Exception as e: return None # Parse output output = output.decode("utf-8") # print(output) if "<===========================LIST OF DETECTED THREATS==========================>" not in output: # resultlist.append((item, {"malicious": False, "raw_output": output})) continue # res = {"malicious": True, "raw_output": output, "threats": []} threat_name = "" while '----------------------------- Threat information ------------------------------' in output: _, _, output = output.partition( '----------------------------- Threat information ------------------------------') output = output.lstrip() block, _, _ = output.partition( '-------------------------------------------------------------------------------') # print(block) lines = block.split('\n') threat_name = lines[0].partition(':')[2].strip() # threat = {"threat": threat_name, "resources": []} # for line in lines[2:]: # if not ':' in line: # continue # kind, _, path = line.partition(':') # threat['resources'].append({kind.strip(): path.strip()}) # res['threats'].append(threat) resultlist.append((item, threat_name)) metadata = {} metadata["Name"] = NAME metadata["Type"] = TYPE return (resultlist, metadata)
def scan(filelist, conf=DEFAULTCONF): if os.path.isfile(conf["path"]): local = True else: local = False cmdline = conf["cmdline"] results = [] cmd = cmdline for item in filelist: cmd.append('"' + item + '" ') cmd.insert(0, conf["path"]) host, port, user = conf["host"] if local: try: output = subprocess.check_output(cmd) except subprocess.CalledProcessError as e: output = e.output else: try: output = sshexec(host, list2cmdline(cmd), port=port, username=user, key_filename=conf["key"]) except Exception as e: # TODO: log exception return None output = output.decode("utf-8", errors="ignore") output = output.replace('\r', '') reader = output.split('\n') data = {} fname = filelist[0] for row in reader: row = row.split('\t') try: if row[0].startswith('======== '): if data: results.append((fname, data)) data = {} fname = row[0][9:] if re.match('[A-Za-z]:/', fname): # why exif tools, whyyyyyyyy fname = fname.replace('/', '\\') continue except Exception as e: # TODO: log exception pass try: if row[0] not in conf['remove-entry']: data[row[0]] = row[1] except Exception as e: # TODO: log exception continue if data: results.append((fname, data)) # Gather metadata metadata = {} output = output.replace('\r', '') reader = output.split('\n') for row in reader: row = row.split('\t') if row and row[0] == "ExifTool Version Number": metadata["Program version"] = row[1] break metadata["Name"] = NAME metadata["Type"] = TYPE return (results, metadata)
def test_list2cmdline(): ls = ['1', 'a', '"dsafsad"'] result = '1 a "dsafsad"' assert utils.list2cmdline(ls) == result