Jump to content

MightyGuru

Members
  • Posts

    14
  • Joined

  • Last visited

Profile Information

  • Location
    North Carolina

MightyGuru's Achievements

Seeker

Seeker (1/7)

0

Reputation

  1. I have been struggling with this issue also. There are some issues with the way _InetSmtpMail formats the Date/Time header information that does not conform to the RFC822 date/time specification. Specifically the time zone. The time zone data is not supposed to contain parentheses, Ex. (-0500). The code for $bias adds this unnecessary detail: $bias = StringFormat(" (%+.2d%.2d)", $biasH, $biasM) Contrary to trancexx's accusation, the header information jgira provided IS the exact header provided from Outlook. YES, _InetSmtpMail is set to format the time zone with parentheses when the message is sent, BUT since this is a voilation of RFC822 Microsoft's SMTP server, and most other modern SMTP servers, removes these in an attempt to properly format the header. Unfortunatly this screws up the time zone data and it is set to UTC +0000. The other issue, which is not as bad, is the MONTH data. Based on the code: _DateToMonth(@MON, 1) the month is abbreviated. This is correct, as RFC822 dictates the month should be a three character abbreviation of the actual month's name. This works great for every month except June, July, and September. The code for these months abbreviates them to four characters (June, July, Sept); again a violation of RFC822. This is not as fatal because most SMTP servers correct this properly. Local $aMonthNumberAbbrev[13] = ["", "Jan", "Feb", "Mar", "Apr", "May", "June", "July", "Aug", "Sept", "Oct", "Nov", "Dec"] All this may sound a bit anal but I can tell you from experience, deviating from the 'standard' will cause problems. RFC822 5.1 5 DATE AND TIME SPECIFICATION 5.1 SYNTAX date-time = [ day "," ] date time ; dd mm yy ; hh:mm:ss zzz day = "Mon" / "Tue" / "Wed" / "Thu" / "Fri" / "Sat" / "Sun" date = 1*2DIGIT month 2DIGIT ; day month year ; e.g. 20 Jun 82 month = "Jan" / "Feb" / "Mar" / "Apr" / "May" / "Jun" / "Jul" / "Aug" / "Sep" / "Oct" / "Nov" / "Dec" time = hour zone ; ANSI and Military hour = 2DIGIT ":" 2DIGIT [":" 2DIGIT] ; 00:00:00 - 23:59:59 zone = "UT" / "GMT" ; Universal Time ; North American : UT / "EST" / "EDT" ; Eastern: - 5/ - 4 / "CST" / "CDT" ; Central: - 6/ - 5 / "MST" / "MDT" ; Mountain: - 7/ - 6 / "PST" / "PDT" ; Pacific: - 8/ - 7 / 1ALPHA ; Military: Z = UT; A:-1; (J not used); M:-12; N:+1; Y:+12 / ( ("+" / "-") 4DIGIT ) ; Local differential ; hours+min. (HHMM)
  2. Nah, your code gets the job done. I would have already met my Maker trying!
  3. UPDATE: cameronsdad's newest revision completes the 1510 records in 4.7sec!
  4. Sorry cameronsdad, looks like my reply posted just after you posted your final. It worked like a charm this time (and accounted for the MIME record mentioned earlier)! Took 14 sec. to process 1510 records. Nice! Thank you for all the help!
  5. Well considering I was not able to do it myself, I am hesitant to critique any of the three methods. For reference I ran all three aganist a logfile with 1510 records. SmOke_N's completed in 12 sec., LxP's completed in 2 sec., and I was unable to get Cameronsdad's to complete. The only thing, other than output formatting, I noted was LxP's would not accunt for any records containing the following line (which was probably my fault for not including the scenario in the file I attached): V:\TEST\12-26T7575acd0a70a01145012a0.msg ... Found potentially unwanted program Exploit-MIME.gen.c. SmOke_N's did account for that line. I have attached the log file I used for testing. Again, THANK YOU ALL for your help!!!! vlog.txt
  6. A BIG thank you to SmOke_N, cameronsdad, and LxP for all the help with this project! From all the code posts I have been able to get a script tested and working that accomplishes my task. Without your assistance I would have probably gone insane by now. I ran it against a McAfee logfile containing ~6700 entries and spanning 20 days and the results were perfect!
  7. Here are a few 'constants' that will occur in EVERY log entry: The drive will always be V:\ with NO subdirectories (V:\test was only used for initial script testing). The file name will always start with MM-DD (2-digit month 'dash' 2-digit day). The initial file extension will always be .MSG. Example: V:\12-28<random characters>.msg... Below is the code I written up to this point. It shows how the files get the date appended to the begining of the file name. It might shed light on some of the details you question or allow you to suggest a better way to do the same thing. I am a network security administrator, our company uses a program called MIMESweeper to filter email. Any email that contains a virus is quaraintined to a specific folder on the server (that is where the V:\ drive is mapped to). Two files make up each message, one being *.MSG and the other *.RCP. The *.MSG file is the one that contains the actual message content and therefore the virus attachment. I currently have to manually scan these files to report how many of a paticular virus we have stopped per day (this is all for managment). My intent was to use AutoIT (thank God for such a great tool!) to automate this task. I have written several scripts to automate other tasks in the past with great success. The only problem is I got in over my head on this one. This is where your help is requested and appreciated! #include <date.au3> #include <file.au3> $Error = 0 $SearchPath = "v:\" $FileType = "*.msg" $CurrentDate = _NowCalcDate() Func Scan () ;scan MSG files for viruses RunWait( "C:\Program Files\Common Files\Network Associates\Engine\scan /CHECKLIST list.txt /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT vlog.txt", "", @SW_HIDE) ;working on reporting results EndFunc Func WorkFiles () $Error = 0 $FileList = FileOpen ("list.txt",2) ;log all files older than today with MSG extension in V:\ to file $Search = FileFindFirstFile($SearchPath & $FileType) If $search = -1 Then MsgBox(0, "Error", "No files in directory") $Error = 1 FileClose($Search) FileClose($FileList) Return EndIf While 1 $File = FileFindNextFile($search);full file name If $File = "" Then ExitLoop $File2 = StringTrimRight($File, 4);file name less extension If @error Then ExitLoop $FileDate = FileGetTime($SearchPath & $File) $ymd = $FileDate[0] & "/" & $FileDate[1] & "/" & $FileDate[2] $ddiff = _DateDiff('d', $ymd, $CurrentDate) If $ddiff >= 1 Then;work only with files older than today's date FileWriteLine ($FileList, $SearchPath & $FileDate[1] & "-" & $FileDate[2] & $File);write MSG filename to log RunWait(@ComSpec & " /c " & "ren " & $SearchPath & $File2 & ".* " & $FileDate[1] & "-" & $FileDate[2] & $File2 & ".*", "", @SW_HIDE);rename both MSG and RCP file appending date EndIf WEnd FileClose($Search) FileClose($FileList) EndFunc
  8. I really appreciate your offer to help! I have attached a complete log file. In my specific case all the files that are being scanned have viruses; therefore the log will never have non-infected listings. Also the log will normally contain hundred's and possibly thousands of entries . The sample log I have attached just contains around 30. Let me know if you need a larger one vlog2.txt
  9. Damn you're good. That's almost perfect. The only small detail left is, rather than listing the duplicate viruses, count the instances. Below is an example with the output from your last code post: Lets use the 12-16 area for reference: (BEFORE is what we have now, AFTER is what I am looking for) BEFORE 12-16 Generic Malware.a!zip trojan Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan W32/Netsky.p@MM!zip virus Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan Generic Malware.a!zip trojan AFTER 12-16 Generic Malware.a!zip trojan <TAB> 6 <--- total number of occurances for that day W32/Sober@MM!M681 virus <TAB> 2 W32/Netsky.p@MM!zip virus <TAB> 1
  10. Yes, Thank you! It placed all the necessary details from the report file into an array. Do you know if the array will handle several thousand (yes thousand) entries? Is there a limitation? Finally, how can I output the information in the array so that I have a count of the individual viruses per day? Example: Given the following array output: Desired output: 12-05 Generic Malware.a!zip trojan 1 W32/Sober@MM!M681 virus 1 12-09 W32/Sober@MM!M681 virus 1 Generic Malware.a!zip trojan 1 12-16 Generic Malware.a!zip trojan 6 W32/Sober@MM!M681 virus 2 W32/Netsky.p@MM!zip virus 1 ...etc
  11. The exact report file looks like this: -------------------------------------------------------------------------------------------------------------------------- McAfee VirusScan for Win32 v4.40.0 Copyright © 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4655 created Dec 21 2005 Scanning for 167009 viruses, trojans and variants. 12/27/2005 14:23:59 Options: /CHECKLIST LIST.TXT /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT VLOG.TXT V:\TEST\12-16r7540830ae65014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830b445014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!! V:\TEST\12-16r7540830b545014010ACF8.msg\info-text.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830b735014010ACF8.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830b835014010ACF8.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830bc15014010ACF8.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!! V:\TEST\12-16r7540830be05014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830c005014010ACF8.msg\instructions.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830c0f5014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-16r7540830c2f5014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!! V:\TEST\12-16r7540830c4e5014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!! Summary report on checklist list.txt File(s) Total files: ........... 293 Clean: ................. 200 Not scanned: ........... 0 Possibly Infected: ..... 93 Time: 00:00.08 ---------------------------------------------------------------------------------------------------------------------------- I want to extract the date (first 5 characters of the file name ex. 12-16) and the virus found, so that in the end I have a separate report created by a script that shows the number(count) of individual viruses found in a given day. Something like the following: DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES NEXT DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES 12-16 W32/Netsky.p@MM!zip virus 4 Generic Malware.a!zip trojan 6 12-20 Phish-BankFraud.eml.a trojan 2 W32/Sober@MM!M681 virus 10
  12. I am running the McAfee command line scanner against a list of files and generating a report of the scan results. This report contains a listing of all the files that were scanned and the viruses detected. What I am trying to do is extract the number of individual viruses detected by date. I have appended the date to the begining of the file name with another script. The output of the report file looks like this (output contains many more records than shown): V:\TEST\12-16T7540163e8e0a01145016f8.msg\document.zip ... Found the W32/Netsky.p@MM!zip virus !!! V:\TEST\12-17T7540fca63f0a01145016ec.msg\information.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-17T7540fe58230a01145016ec.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!! V:\TEST\12-18T75410331ff0a01145016ec.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-18T754106b5650a01145016ec.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-20T75410ec1be0a01145016ec.msg\0000050a.EML ... Found the Phish-BankFraud.eml.a trojan !!! What I would like to do is end up with a report file that contains something like: DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES NEXT DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES 12-16 W32/Netsky.p@MM!zip virus 4 Generic Malware.a!zip trojan 6 12-20 Phish-BankFraud.eml.a trojan 2 W32/Sober@MM!M681 virus 10 I am guessing this could be done via an Array, but I'm not too familiar with Arrays. I can extract the date and virus name using: $number = 1 $VLog = FileOpen("vlog.txt", 0) While 1 $var = FileReadLine($VLog, $number) ;reads current line at $number (starting at 1) If StringInStr($var, "v:\") > 0 Then $Date = StringTrimLeft($var, 8) $Date = StringLeft($Date, 5);extract date $Vname = StringTrimLeft($var, StringInStr($var, "Found" ) +9) $Vname = StringTrimRight($Vname, 4);extract virus name EndIf $number = $number + 1 WEnd But I am lost figuring out how to track individual viruses per date. ANY help is greatly appreciated!
  13. You might also try using the netdom renamecomputer command. I wrote a script with GUI to perform this at work. Works flawlessly. Below is the syntax: netdom renamecomputer machine /newname:new_computername /userd:domainname\administrator_id /passwordd:* /usero:local_admin /passwordo:* /reboot:seconds before automatic reboot You will need to install Windows XP Support Tools from the Support\Tools folder on the Windows XP Professional CD-ROM to get the netdom unility. From Microsoft: This article describes how to use the Netdom.exe utility (included in Windows XP Support Tools) to rename a computer that is a member of a Windows 2000 domain. This procedure can be performed either locally or remotely on the computer, which is being renamed. Also, the procedure does not require you to reset or manually re-create the computer account in the domain. The Netdom.exe utility has the ability to rename a computer that is a member of a domain. However, to rename the computer, you must be able to specify the user accounts that have local administrative permissions and the object of the computer account in Active Directory. Microsoft - Netdom.exe
×
×
  • Create New...