コード例 #1
0
    def testParse(self):
        """Tests the Parse function."""
        parser = trendmicroav.OfficeScanVirusDetectionParser()
        storage_writer = self._ParseFile(['pccnt35.log'], parser)

        self.assertEqual(storage_writer.number_of_warnings, 0)
        self.assertEqual(storage_writer.number_of_events, 3)

        # The order in which DSVParser generates events is nondeterministic
        # hence we sort the events.
        events = list(storage_writer.GetSortedEvents())

        event = events[1]
        self.CheckTimestamp(event.timestamp, '2018-01-30 14:45:32.000000')

        # The third and last event has been edited to match the older, documented
        # format for log lines (without a Unix timestamp).
        event = events[2]
        self.CheckTimestamp(event.timestamp, '2018-01-30 14:46:00.000000')

        # Test the third event.

        self.assertEqual(event.path, 'C:\\temp\\')
        self.assertEqual(event.filename, 'eicar.com_.gstmp')

        expected_message = (
            r'Path: C:\temp\ File name: eicar.com_.gstmp '
            r'Eicar_test_1 : Failure (clean), moved (Real-time scan)')
        expected_short_message = r'C:\temp\ eicar.com_.gstmp Failure (clean), moved'

        self._TestGetMessageStrings(event, expected_message,
                                    expected_short_message)
コード例 #2
0
    def testParse(self):
        """Tests the Parse function."""
        parser = trendmicroav.OfficeScanVirusDetectionParser()
        storage_writer = self._ParseFile(['pccnt35.log'], parser)

        self.assertEqual(storage_writer.number_of_events, 3)
        self.assertEqual(storage_writer.number_of_extraction_warnings, 0)
        self.assertEqual(storage_writer.number_of_recovery_warnings, 0)

        # The order in which DSVParser generates events is nondeterministic
        # hence we sort the events.
        events = list(storage_writer.GetSortedEvents())

        expected_event_values = {
            'date_time': '2018-01-30 14:45:32',
            'data_type': 'av:trendmicro:scan'
        }

        self.CheckEventValues(storage_writer, events[1], expected_event_values)

        # The third and last event has been edited to match the older, documented
        # format for log lines (without a Unix timestamp).
        expected_event_values = {
            'action': 10,
            'date_time': '2018-01-30 14:46:00',
            'data_type': 'av:trendmicro:scan',
            'filename': 'eicar.com_.gstmp',
            'path': 'C:\\temp\\',
            'scan_type': 1,
            'threat': 'Eicar_test_1'
        }

        self.CheckEventValues(storage_writer, events[2], expected_event_values)