def analyzeLog(filename): sigversion = None scannervv = None file_confirm = False malicious = False line_count = 0 most_recent, mtime = getMostRecent(msseccli_data_dir, 'MPDetection') # Look for signature info if most_recent: lines = [] with codecs.open(most_recent, 'r', 'utf-16le') as data: lines = data.readlines() lines.reverse() for line in lines: parts = line.split() if not scannervv and 'Version:' in parts: scannervv = '%s %s' % (module_name, parts[3]) sigversion = parts[11] elif not file_confirm and 'DETECTION' in parts: if parts[3].find(filename) > len('file:'): malicious = True file_confirm = True line_count += 1 if line_count > 1000: break if scannervv and sigversion and file_confirm: break sigdate = getSigDate(msseccli_update_dir) return [malicious, scannervv, sigversion, sigdate]
def getSigVersionAndDate(): avast_defs = r'C:\Program Files\AVAST Software\Avast Business\defs' most_recent_path, mtime = getMostRecent(avast_defs, searchstring=avast_defs, filterfunction=isdir) sigversion = os.path.basename(most_recent_path) sigdate = datetime.fromtimestamp(mtime) return sigversion, sigdate
def getSigVersionDate(): """ Use the update file to get the signature date and what as best I can tell is the signature version. """ xmlish_filter = lambda x, y: x.lower().startswith('u') and x.lower().endswith(y) filepath, mtime = getMostRecent(kaspersky_data, 'g.xml', xmlish_filter) barename = path.splitext(path.basename(filepath))[0] sigversion = barename[1:-1] sigdate = getSigDate(filepath) return [sigversion, sigdate]