LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How do I parse a textfile to move some files? (https://www.linuxquestions.org/questions/linux-newbie-8/how-do-i-parse-a-textfile-to-move-some-files-794177/)

joje47 03-09-2010 05:39 AM
How do I parse a textfile to move some files?
 
Hi,
I use avg free as antivirus scanner. I looked some time for a scanner to scan and remove viruses. Problem is avg 8.5 will only detect viruses, not remove them...
I use a oneliner looking like this:

Code:
/usr/bin/avgscan / -x /mnt -x /dev --heur --ignerrors -r /var/log/"scanlog"`eval date +%Y%m%d`".txt"
resulting in a textfile like this:

Code:
AVG command line Anti-Virus scanner
Copyright (c) 2009 AVG Technologies CZ

Virus database version: 271.1.1/2731
Virus database release date: Mon, 08 Mar 2010 20:33:00 +01:00

Scan command: /opt/avg/avg8/bin/avgscan -x /mnt -x /dev --heur --ignerrors -r /var/log/scanlog20100309.txt /

/home/msprofiles/kareri/.msprofile/Lokala inställningar/Temporary Internet Files/Content.IE5/IW35SR02/px[1].data  Trojan horse SHeur2.CLDP
/home/msprofiles/kareri/.msprofile/Lokala inställningar/Temp/387.exe  Trojan horse SHeur2.CLDP
/home/kareri/RECYCLERS/runmgr.exe  Virus identified Worm/Generic_r.GC
/home/kareri/RECYCLERS/runmgr.exe  Virus identified Worm/Generic_r.GC
------------------------------------------------------------------------------
Scan started at: Tue, 09 Mar 2010 09:43:38 +01:00
Scan ended at: Tue, 09 Mar 2010 12:40:54 +01:00

Elapsed time:  10636s
------------------------------------------------------------------------------
Files scanned    :  1145523(1144343)
Infections found  :  4(4)
PUPs found        :  0
Files healed      :  0
Warnings reported :  0
Errors reported  :  101
------------------------------------------------------------------------------

Now I want to parse that file to pick the infected files and use mv to secure the system.. is there any way to acomplish that?

I guess I could start with looking for the lines starting with / evaluate them so when they get two spaces, then it cuts. (Filename comes first, then two spaces, then description of virus..)

then use the line to mv the file someware. For instance /var/quarantine/

I know there are problably other programs that do work. But it took me some time to install and figure out this one, and now when I got it working it seems like avg has stopped the healing function in this upgrade.. They are "working on it"..
If you have a tip about a free anti-virus software that is easy to figure out, it would be nice. But I would also like to learn some parsing. This was a bit tuff for me right now. But if someone please can get me started im shure I can figure it out. I know a bit of bash and php, not so much about pearl but anything is apreciated.

jamescondron 03-09-2010 06:01 AM
Well you have a few options; you can try this with Bash using a for loop and the cut command, or you can use your favourite scripting language, up to you.

A 30second script in python to do this simply:
Code:
#!/usr/bin/env python
#-* coding:utf-8 -*-
#
# Open the file, try and find viruses
# uses certain assumptions based on length of header in file
# and so on

report = open( "./avg_out", 'r' ).readlines()
for i in range( len( report ) ):
    if not i <= 8:
        if report[i] == "\n" or report[i][0] == "-" :
            break
        print report[i].split(" ")[0]
(Like I say, 30second, and only tested on that output of yours. You will have to change the print line to delete the file. Thats an exercise for you)

joje47 03-09-2010 08:29 AM
hmm, thanks
 
Tried it on some sample outputs, and it seems to work. Have to try a bit more. Dont know much about python, but I think i understood most of it, but I have to try to search a bit to understand how to use dates and to move files, but this is a good starter. Tx.

jamescondron 03-09-2010 08:39 AM
Well, python has an interactive shell; so type in 'python' at a terminal. Libraries are imported with 'import', and every library/module/$terminology, assuming documented properly, is can be called in 'help()' as so:
Code:
>>> import time
>>> help(time)
Help on module time:

NAME
    time - This module provides various functions to manipulate time values.
<snip>
The module for moving files is 'shutil', so once again import and help. You'll pick it up as you go along, try http://diveintopython.org to learn it in a couple of hours, or just google.

But yes, there are neater and smaller ways, but the above is quick, efficient and easy enough to change and adapt.

EDIT:
Just realised I made a mess of the first example anyway;
Code:
#!/usr/bin/env python
#-*- coding:utf-8 -*-

report = open( "./avg_out", 'r' ).readlines()
for line in report[8:]:
    if not line == "\n" and not line[0] == "-":
        print line.split("  ")[0]
    else: break

joje47 03-10-2010 03:16 AM
Now I think it works
 
Hi again,

Tx for your clarification. I noticed that small miss with double spaces. Now I got it this far..

I changed the oneliner to:

Code:
/usr/bin/avgscan / -x /mnt -x /dev --heur --ignerrors --hidext -r /var/log/"scanlog_"`eval date +%Y-%m-%d`".txt"
so I got the date like this 2010-03-10, instead of how Im used to write it: 20100310. I couldnt figure out how to get the date in that form with python ;) But down I guess its a bit crude, but It passed som testfiles I did, I have to test it a couple of times more.


Code:
# Open the file, try and find viruses
# uses certain assumptions based on length of header in file
# and so on

import datetime
import subprocess

today = datetime.date.today()
scanlog = "./scanlog_" + str(today) + ".txt"
basedir = "/var/quarantine/"

report = open( scanlog, 'r' ).readlines()
for i in range( len( report ) ):
    if not i <= 8:
        if report[i] == "\n" or report[i][0] == "-" :
            break
        src = report[i].split("  ")[0]
        fn = report[i].split("  ")[0]
        fn = fn.strip()
        dest = basedir + fn.replace('/','_')
        print str(dest)
        #subprocess.Popen("mv" + " " + src + " " + dest,shell=True)

jamescondron 03-10-2010 08:03 AM
Or....
Code:
#!/usr/bin/env python
#-* coding:utf-8 -*-
#
# Open the file, try and find viruses
# uses certain assumptions based on length of header in file
# and so on

import shutil, time

report_title = time.strftime( "%Y%m%d" )
report = open( "./scanlog_%s.txt" % report_title, 'r' ).readlines()

for line in report[8:]:
    if not line == "\n" and not line[0] == "-":
        file = line.split("  ")[0]
        print "Quarantined: %s" % file
        shutil.move( file, "/var/quarantine/%s" % file.split("/")[-1] )
    else: break
I used time.strftime() to formate the time (using the time library) to the format you wanted, and I used shutil.move( src, dst ) to move the file to /var/qua.

You may find it easier, incidentally, to use %s in strings that are using variables; http://homepage.mac.com/andykopra/pd...n_strings.html has a quick skim on it if you're not a C programmer (Where we use this sort of thing a lot).

Basically, the first %s a string. We define this at the end:
Code:
s = "string"
print "this is a %s" % (s)
..
a = "hello"
b = "world"
print "%s %s" % (a,b)
and so on


All times are GMT -5. The time now is 07:52 PM.