def scanFile(self, fileName):
''' 扫描单个文件 '''
result = {}
os.chdir("C:/Program Files/Microsoft Security Client/Antimalware")
cmd = "MpCmdRun -scan -scantype 3 -SignatureUpdate -UNC -trace -Grouping 0x1 -file %s"%fileName
datetime = time.strftime('%Y-%m-%d %H:%M:%S')
begin = time.strftime('%m/%d/%y,%I:%M:%S%p')
fileSize = os.path.getsize(fileName)
baseName = os.path.basename(fileName)
(cmdResult, filemsg) = Commandutils.getstatusoutput(cmd)
lines = filemsg.split('\n')
flag = lines[2].split()[-2]
if flag == 'no':
return result
print flag
#开始获得waring event
end = time.strftime('%m/%d/%y,%I:%M:%S%p')
sr = self.scanResult(begin, end, baseName)
loopStep = 5
sr = self.loopScan(sr, begin, loopStep, baseName)
if sr:
endTime = time.strftime('%Y-%m-%d %H:%M:%S')
result['filename'] = fileName
result['baseName'] = baseName
result['fileSize'] = fileSize
result['begintime'] = datetime
result['endtime'] = endTime
result['usetime'] = int(time.mktime(time.strptime(endTime,'%Y-%m-%d %H:%M:%S'))
- time.mktime(time.strptime(datetime,'%Y-%m-%d %H:%M:%S')))
result['virusdata'] = sr
return result
def scanResult(self, begin, end, baseName):
'''02/24/12,03:51:00PM'''
cmd = "eventquery /fi \"Datetime ge %s\" /fi \"Datetime lt %s\" /l system /fi \"Type eq Warning\" /v"%(begin, end)
print cmd
(cmdResult, filemsg) = Commandutils.getstatusoutput(cmd)
msgs = filemsg.split('\n')
count = len(msgs)
result = []
if count > 5:
for msg in msgs[6:]:
print msg
attrs = msg.split('\t')
if len(attrs) != 13:
continue
name = attrs[1].split(' ')[1]
level = attrs[3].split(' ')[1]
type = attrs[4].split(' ')[1]
path = attrs[5].split(' ')[1]
if path.find(baseName) == -1:
continue
resultDct = {'name':name, 'level':level, 'type':type, 'path':path}
result.append(resultDct)
return result