def analyzeLog(filename): sigversion = None scannervv = None file_confirm = False malicious = False line_count = 0 most_recent, mtime = getMostRecent(msseccli_data_dir, 'MPDetection') # Look for signature info if most_recent: lines = [] with codecs.open(most_recent, 'r', 'utf-16le') as data: lines = data.readlines() lines.reverse() for line in lines: parts = line.split() if not scannervv and 'Version:' in parts: scannervv = '%s %s' % (module_name, parts[3]) sigversion = parts[11] elif not file_confirm and 'DETECTION' in parts: if parts[3].find(filename) > len('file:'): malicious = True file_confirm = True line_count += 1 if line_count > 1000: break if scannervv and sigversion and file_confirm: break sigdate = getSigDate(msseccli_update_dir) return [malicious, scannervv, sigversion, sigdate]
def getSigInfo(): global cursiginfo global siginfotime now = datetime.now() if cursiginfo == None or now - siginfotime > expiry: scannervv, sigversion = getVersionInfo() sigdate = getSigDate(avira_dir, search='.vdf') cursiginfo = SigInfo(scannervv, sigversion, sigdate) siginfotime = now return cursiginfo
from socialscan.util import SigInfo module_name = os.path.splitext(os.path.basename(__file__))[0] cursiginfo = None siginfotime = None expiry = timedelta(hours=1) avira_dir = os.path.join('C:' + os.sep, 'Program Files (x86)', 'Avira', 'AntiVir Desktop') avira_bin = os.path.join(avira_dir, 'scancl') scannervv_re = re.compile("Avira / Windows Version (.*)") engineversion_re = re.compile("engine set: (.*)") vdfversion_re = re.compile("VDF Version: (.*)") sigdate = getSigDate(avira_dir, search='.vdf') def scan(filename): global cursiginfo global siginfotime process = subprocess.Popen([avira_bin, filename], stdout=subprocess.PIPE) output = process.communicate()[0] lines = output.replace('\r\n', '\n').split('\n') malicious = False for line in lines: split = line.split() if not split: continue