Sign in to follow this  
Followers 0
MightyGuru

Need help pulling data from a txt file

40 posts in this topic

I am running the McAfee command line scanner against a list of files and generating a report of the scan results. This report contains a listing of all the files that were scanned and the viruses detected. What I am trying to do is extract the number of individual viruses detected by date. I have appended the date to the begining of the file name with another script. The output of the report file looks like this (output contains many more records than shown):

V:\TEST\12-16T7540163e8e0a01145016f8.msg\document.zip ... Found the W32/Netsky.p@MM!zip virus !!!

V:\TEST\12-17T7540fca63f0a01145016ec.msg\information.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-17T7540fe58230a01145016ec.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!!

V:\TEST\12-18T75410331ff0a01145016ec.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-18T754106b5650a01145016ec.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-20T75410ec1be0a01145016ec.msg\0000050a.EML ... Found the Phish-BankFraud.eml.a trojan !!!

What I would like to do is end up with a report file that contains something like:

DATE

VIRUS NAME <TAB> NUMBER of OCCURANCES

NEXT VIRUS <TAB> NUMBER of OCCURANCES

NEXT DATE

VIRUS NAME <TAB> NUMBER of OCCURANCES

NEXT VIRUS <TAB> NUMBER of OCCURANCES

12-16

W32/Netsky.p@MM!zip virus 4

Generic Malware.a!zip trojan 6

12-20

Phish-BankFraud.eml.a trojan 2

W32/Sober@MM!M681 virus 10

I am guessing this could be done via an Array, but I'm not too familiar with Arrays. I can extract the date and virus name using:

$number = 1

$VLog = FileOpen("vlog.txt", 0)

While 1

$var = FileReadLine($VLog, $number) ;reads current line at $number (starting at 1)

If StringInStr($var, "v:\") > 0 Then

$Date = StringTrimLeft($var, 8)

$Date = StringLeft($Date, 5);extract date

$Vname = StringTrimLeft($var, StringInStr($var, "Found" ) +9)

$Vname = StringTrimRight($Vname, 4);extract virus name

EndIf

$number = $number + 1

WEnd

But I am lost figuring out how to track individual viruses per date. ANY help is greatly appreciated!

Share this post


Link to post
Share on other sites



Just curious, you posted dates like:

Date

Next Date

12-16

12-20

Is that directly copied from the .log or .txt file? I mean is that an exact example of how the .txt file your pulling from looks like?

If not, could you post an 'exact' example, and myself or someone else would be sure to lend a hand I'm sure.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

I'm assuming your example is correct, this should work then...

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $SSplit
Dim $DatesAndNames

$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)

For $i = 1 To $nArray[0]
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
    ;FileWriteLine("Your File Name", $DatesAndNames)
    EndIf
    $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
Next
_ArrayDisplay($SSplit, "")

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Just curious, you posted dates like:

Date

Next Date

12-16

12-20

Is that directly copied from the .log or .txt file? I mean is that an exact example of how the .txt file your pulling from looks like?

If not, could you post an 'exact' example, and myself or someone else would be sure to lend a hand I'm sure.

The exact report file looks like this:

--------------------------------------------------------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0

Copyright © 1992-2004 Networks Associates Technology Inc. All rights reserved.

(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.

Virus data file v4655 created Dec 21 2005

Scanning for 167009 viruses, trojans and variants.

12/27/2005 14:23:59

Options:

/CHECKLIST LIST.TXT /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT VLOG.TXT

V:\TEST\12-16r7540830ae65014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830b445014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!!

V:\TEST\12-16r7540830b545014010ACF8.msg\info-text.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830b735014010ACF8.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830b835014010ACF8.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830bc15014010ACF8.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!!

V:\TEST\12-16r7540830be05014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830c005014010ACF8.msg\instructions.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830c0f5014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!!

V:\TEST\12-16r7540830c2f5014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!!

V:\TEST\12-16r7540830c4e5014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!!

Summary report on checklist list.txt

File(s)

Total files: ........... 293

Clean: ................. 200

Not scanned: ........... 0

Possibly Infected: ..... 93

Time: 00:00.08

----------------------------------------------------------------------------------------------------------------------------

I want to extract the date (first 5 characters of the file name ex. 12-16) and the virus found, so that in the end I have a separate report created by a script that shows the number(count) of individual viruses found in a given day. Something like the following:

DATE

VIRUS NAME <TAB> NUMBER of OCCURANCES

NEXT VIRUS <TAB> NUMBER of OCCURANCES

NEXT DATE

VIRUS NAME <TAB> NUMBER of OCCURANCES

NEXT VIRUS <TAB> NUMBER of OCCURANCES

12-16

W32/Netsky.p@MM!zip virus 4

Generic Malware.a!zip trojan 6

12-20

Phish-BankFraud.eml.a trojan 2

W32/Sober@MM!M681 virus 10

Share this post


Link to post
Share on other sites

Did you try the scipt I put up there?


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Did you try the scipt I put up there?

Yes, Thank you! It placed all the necessary details from the report file into an array. Do you know if the array will handle several thousand (yes thousand) entries? Is there a limitation?

Finally, how can I output the information in the array so that I have a count of the individual viruses per day?

Example: Given the following array output:

Desired output:

12-05

Generic Malware.a!zip trojan 1

W32/Sober@MM!M681 virus 1

12-09

W32/Sober@MM!M681 virus 1

Generic Malware.a!zip trojan 1

12-16

Generic Malware.a!zip trojan 6

W32/Sober@MM!M681 virus 2

W32/Netsky.p@MM!zip virus 1

...etc

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Well to your first question, the array will handle however many there are I'm sure.

2nd question... The setup:

12-16

Generic Malware.a!zip trojan 6

W32/Sober@MM!M681 virus 2

W32/Netsky.p@MM!zip virus 1

I'm a bit tired at the moment, but I'll give it a stab to see what I can do.

Now the number on the end: Is that the total amount of times that virus has shown up year to date? Or how many instances was found at that session?

Edit:

Nevermind, I see you need it for that session...

Edited by SmOke_N

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Here's a crude start for you possibly:

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $SSplit
Dim $DatesAndNames
Dim $MasterDate
Dim $SSplit2
Dim $AnotherArray
Dim $SSplit3
Dim $LastArray
$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)
For $i = 1 To $nArray[0]
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
    ;FileWriteLine("Your File Name", $DatesAndNames)
    EndIf
    $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
Next
For $x = 1 To $SSplit[0]
    $CheckDate = StringLeft($SSplit[$x], 5)
    If StringInStr($MasterDate, $CheckDate) = 0 Then
        $MasterDate = $MasterDate & $CheckDate & @LF
    EndIf
    $SSplit2 = StringSplit(StringTrimRight($MasterDate, 1), @LF)
Next
For $a = 1 To UBound($SSplit2) - 1
    For $k = 1 To UBound($SSplit) - 1
        If StringLeft($SSplit[$k], 5) = $SSplit2[$a] Then
            $AnotherArray = $AnotherArray & StringTrimLeft($SSplit[$k], 8) & @LF
        EndIf
    Next
    
    $LastArray = $LastArray & $SSplit2[$a] & @LF & $AnotherArray
    $SSplit3 = StringSplit(StringTrimRight($LastArray, 1), @LF)
    $AnotherArray = ''
Next
_ArrayDisplay($SSplit3, '')

Trying to finish this movie :P.


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Here's a crude start for you possibly:

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $SSplit
Dim $DatesAndNames
Dim $MasterDate
Dim $SSplit2
Dim $AnotherArray
Dim $SSplit3
Dim $LastArray
$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)
For $i = 1 To $nArray[0]
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
;FileWriteLine("Your File Name", $DatesAndNames)
    EndIf
    $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
Next
For $x = 1 To $SSplit[0]
    $CheckDate = StringLeft($SSplit[$x], 5)
    If StringInStr($MasterDate, $CheckDate) = 0 Then
        $MasterDate = $MasterDate & $CheckDate & @LF
    EndIf
    $SSplit2 = StringSplit(StringTrimRight($MasterDate, 1), @LF)
Next
For $a = 1 To UBound($SSplit2) - 1
    For $k = 1 To UBound($SSplit) - 1
        If StringLeft($SSplit[$k], 5) = $SSplit2[$a] Then
            $AnotherArray = $AnotherArray & StringTrimLeft($SSplit[$k], 8) & @LF
        EndIf
    Next
    
    $LastArray = $LastArray & $SSplit2[$a] & @LF & $AnotherArray
    $SSplit3 = StringSplit(StringTrimRight($LastArray, 1), @LF)
    $AnotherArray = ''
Next
_ArrayDisplay($SSplit3, '')

Trying to finish this movie :P.

Damn you're good. That's almost perfect. The only small detail left is, rather than listing the duplicate viruses, count the instances. Below is an example with the output from your last code post:

Lets use the 12-16 area for reference: (BEFORE is what we have now, AFTER is what I am looking for)

BEFORE

12-16

Generic Malware.a!zip trojan

Generic Malware.a!zip trojan

W32/Sober@MM!M681 virus

Generic Malware.a!zip trojan

W32/Netsky.p@MM!zip virus

Generic Malware.a!zip trojan

W32/Sober@MM!M681 virus

Generic Malware.a!zip trojan

Generic Malware.a!zip trojan

AFTER

12-16

Generic Malware.a!zip trojan <TAB> 6 <--- total number of occurances for that day

W32/Sober@MM!M681 virus <TAB> 2

W32/Netsky.p@MM!zip virus <TAB> 1

Share this post


Link to post
Share on other sites

Damn you're good. That's almost perfect. The only small detail left is, rather than listing the duplicate viruses, count the instances. Below is an example with the output from your last code post:

Lets use the 12-16 area for reference: (BEFORE is what we have now, AFTER is what I am looking for)

BEFORE

12-16

Generic Malware.a!zip trojan

Generic Malware.a!zip trojan

W32/Sober@MM!M681 virus

Generic Malware.a!zip trojan

W32/Netsky.p@MM!zip virus

Generic Malware.a!zip trojan

W32/Sober@MM!M681 virus

Generic Malware.a!zip trojan

Generic Malware.a!zip trojan

AFTER

12-16

Generic Malware.a!zip trojan <TAB> 6 <--- total number of occurances for that day

W32/Sober@MM!M681 virus <TAB> 2

W32/Netsky.p@MM!zip virus <TAB> 1

sorry, i see that you posted a snippet of a log file, could you attach a whole log file (including non infected files if they're listed also) i think i could whip something up for you pretty quick.

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

sorry, i see that you posted a snippet of a log file, could you attach a whole log file (including non infected files if they're listed also) i think i could whip something up for you pretty quick.

I really appreciate your offer to help! :P I have attached a complete log file. In my specific case all the files that are being scanned have viruses; therefore the log will never have non-infected listings. Also the log will normally contain hundred's and possibly thousands of entries :lmao: . The sample log I have attached just contains around 30. Let me know if you need a larger one :(

vlog2.txt

Share this post


Link to post
Share on other sites

I really appreciate your offer to help! :P I have attached a complete log file. In my specific case all the files that are being scanned have viruses; therefore the log will never have non-infected listings. Also the log will normally contain hundred's and possibly thousands of entries :lmao: . The sample log I have attached just contains around 30. Let me know if you need a larger one :(

vlog2.txt

would a normal log have non infected files also? that way i can make sure that it treats each entry correctly

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

would a normal log have non infected files also? that way i can make sure that it treats each entry correctly

No

Share this post


Link to post
Share on other sites

No

ok, i'm getting off of work now, but i'll work on it at home when i get there (about an hour from now or so)

but here's what i've got already. it reads in the log file, creates an output file that's just the log entries without header info, then reads that file in to strip the identified names and the date into a 2 dimensional array. that's where i'm leaving off to go home, but i'm going to make the script sort that 2 dimensional array, then do a simple count... if someone beats me to that part though, i won't take offense...

#include<file.au3>
#include<array.au3>
$input = FileOpen("c:\log.txt",0)
$output = FileOpen("c:\logout.txt",2)
While 1
    $line = FileReadLine($input)
    If @error Then ExitLoop
    If StringMid($line,2,1) = ":" Then FileWriteLine($output,$line)
WEnd
FileClose($input)
FileClose($output)
Dim $log
_FileReadToArray("c:\logout.txt",$log)
Dim $array[$log[0]][2]
Global $n = $log[0]
_ArrayDisplay($log,"Unsorted")
$array[0][0] = $log[0]
For $x = 1 To $log[0]
$start = StringInStr($log[$x]," ... Found the ") + 15
$array[$x][0] = StringMid($log[$x],$start,StringLen($log[$x])-($start+3))
$array[$x][1] = StringMid($log[$x],StringInStr($log[$x],"-")-2,5)
Next

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Well, since I started trying to help this project, I'll attempt one last stab at this... (Although cameronsdad code, will probably be much more efficient)

I seriously had not counted to even make sure this is correct or not, maybe you can give it a run and see.

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $oArray
Dim $DatesAndNames
Dim $MasterDate
Dim $pArray
Dim $ReplaceArray
Dim $qArray
Dim $OutPut

$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)
For $i = 1 To $nArray[0]
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
;FileWriteLine("Your File Name", $DatesAndNames)
    EndIf
    $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
    ToolTip("1st Loop : Line " & $i, 0 , 0)
Next
For $x = 1 To $oArray[0]
    $CheckDate = StringLeft($oArray[$x], 5)
    If StringInStr($MasterDate, $CheckDate) = 0 Then
        $MasterDate = $MasterDate & $CheckDate & @LF
    EndIf
    $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF)
    ToolTip("2nd Loop : Line " & $x, 0 , 0)
Next
For $a = 1 To UBound($pArray) - 1
    For $k = 1 To UBound($oArray) - 1
        If StringLeft($oArray[$k], 5) = $pArray[$a] Then
            If StringInStr($ReplaceArray, StringTrimLeft($oArray[$k], 8)) = 0 Then
            $ReplaceArray = $ReplaceArray & StringTrimLeft($oArray[$k], 8) & @TAB & 1 & @LF
            Else
            $TrimRight = StringTrimRight($ReplaceArray, 2)
            $RightChar = StringRight($ReplaceArray, 2) + 1
            $ReplaceArray = $TrimRight & $RightChar & @LF
            EndIf
        EndIf
    Next
    $OutPut = $OutPut & $pArray[$a] & @LF & $ReplaceArray
    $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF)
    $ReplaceArray = ''
    ToolTip("Last Loop : Line " & $a, 0 , 0)
Next
_ArrayDisplay($qArray, '')

Edit: I just saw you had the log file up there...

This is a premature post, it in fact does not put the correct number in the right places.

Edited by SmOke_N

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

Well, since I started trying to help this project, I'll attempt one last stab at this... (Although cameronsdad code, will probably be much more efficient)

I seriously had not counted to even make sure this is correct or not, maybe you can give it a run and see.

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $oArray
Dim $DatesAndNames
Dim $MasterDate
Dim $pArray
Dim $ReplaceArray
Dim $qArray
Dim $OutPut

$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)
For $i = 1 To $nArray[0]
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
;FileWriteLine("Your File Name", $DatesAndNames)
    EndIf
    $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
    ToolTip("1st Loop : Line " & $i, 0 , 0)
Next
For $x = 1 To $oArray[0]
    $CheckDate = StringLeft($oArray[$x], 5)
    If StringInStr($MasterDate, $CheckDate) = 0 Then
        $MasterDate = $MasterDate & $CheckDate & @LF
    EndIf
    $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF)
    ToolTip("2nd Loop : Line " & $x, 0 , 0)
Next
For $a = 1 To UBound($pArray) - 1
    For $k = 1 To UBound($oArray) - 1
        If StringLeft($oArray[$k], 5) = $pArray[$a] Then
            If StringInStr($ReplaceArray, StringTrimLeft($oArray[$k], 8)) = 0 Then
            $ReplaceArray = $ReplaceArray & StringTrimLeft($oArray[$k], 8) & @TAB & 1 & @LF
            Else
            $TrimRight = StringTrimRight($ReplaceArray, 2)
            $RightChar = StringRight($ReplaceArray, 2) + 1
            $ReplaceArray = $TrimRight & $RightChar & @LF
            EndIf
        EndIf
    Next
    $OutPut = $OutPut & $pArray[$a] & @LF & $ReplaceArray
    $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF)
    $ReplaceArray = ''
    ToolTip("Last Loop : Line " & $a, 0 , 0)
Next
_ArrayDisplay($qArray, '')

Edit: I just saw you had the log file up there...

This is a premature post, it in fact does not put the correct number in the right places.

don't sell yourself short smoke, you write plenty of stuff more efficiently than me. the only reason i re-did what you had already done smoke was that i only had an hour left at work when i was getting started on this, and figured i'd have a better chance of finishing before quitting time if i started from scratch than if i tried to work off of a started script. bad news though, just got home and i guess i've a date with the wife tonight, dinner and a movie, so i won't be able to work on this more tonight. another thing i was thinking about on the way home is that my code has a prominent point of failure in that if any part of the listed file's path contains a hyphen. i tried to make my script not take advantage of the date being in the same place on every log entry (i'm sure they won't all be at v:\test\ directory) but the way that i did it, it only checks for the first hyphen in the string, and grabs 2 chars before to 2 chars after...it's a fine solution if you can be sure there will never be a hyphen in a folder name... if i get home early enough tonight i'll try to finish this up, otherwise it'll be my first project in the morning. 8am ish PST

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

don't sell yourself short smoke, you write plenty of stuff more efficiently than me. the only reason i re-did what you had already done smoke was that i only had an hour left at work when i was getting started on this, and figured i'd have a better chance of finishing before quitting time if i started from scratch than if i tried to work off of a started script. bad news though, just got home and i guess i've a date with the wife tonight, dinner and a movie, so i won't be able to work on this more tonight. another thing i was thinking about on the way home is that my code has a prominent point of failure in that if any part of the listed file's path contains a hyphen. i tried to make my script not take advantage of the date being in the same place on every log entry (i'm sure they won't all be at v:\test\ directory) but the way that i did it, it only checks for the first hyphen in the string, and grabs 2 chars before to 2 chars after...it's a fine solution if you can be sure there will never be a hyphen in a folder name... if i get home early enough tonight i'll try to finish this up, otherwise it'll be my first project in the morning. 8am ish PST

Here are a few 'constants' that will occur in EVERY log entry:

The drive will always be V:\ with NO subdirectories (V:\test was only used for initial script testing).

The file name will always start with MM-DD (2-digit month 'dash' 2-digit day).

The initial file extension will always be .MSG.

Example: V:\12-28<random characters>.msg...

Below is the code I written up to this point. It shows how the files get the date appended to the begining of the file name. It might shed light on some of the details you question or allow you to suggest a better way to do the same thing. I am a network security administrator, our company uses a program called MIMESweeper to filter email. Any email that contains a virus is quaraintined to a specific folder on the server (that is where the V:\ drive is mapped to). Two files make up each message, one being *.MSG and the other *.RCP. The *.MSG file is the one that contains the actual message content and therefore the virus attachment. I currently have to manually scan these files to report how many of a paticular virus we have stopped per day (this is all for managment). My intent was to use AutoIT (thank God for such a great tool!) to automate this task. I have written several scripts to automate other tasks in the past with great success. The only problem is I got in over my head on this one. :P This is where your help is requested and appreciated!

#include <date.au3>
#include <file.au3>

$Error = 0
$SearchPath = "v:\"
$FileType = "*.msg"
$CurrentDate = _NowCalcDate()

Func Scan ()
;scan MSG files for viruses
    RunWait( "C:\Program Files\Common Files\Network Associates\Engine\scan /CHECKLIST list.txt /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT vlog.txt", "", @SW_HIDE)
;working on reporting results
EndFunc

Func WorkFiles ()
    $Error = 0
    $FileList = FileOpen ("list.txt",2)
;log all files older than today with MSG extension in V:\ to file
    $Search = FileFindFirstFile($SearchPath & $FileType)  
    If $search = -1 Then
        MsgBox(0, "Error", "No files in directory")
        $Error = 1
        FileClose($Search)
        FileClose($FileList)
        Return
    EndIf
    While 1
        $File = FileFindNextFile($search);full file name
        If $File = "" Then ExitLoop
        $File2 = StringTrimRight($File, 4);file name less extension
        If @error Then ExitLoop
        $FileDate = FileGetTime($SearchPath & $File)
        $ymd = $FileDate[0] & "/" & $FileDate[1] & "/" & $FileDate[2]
        $ddiff = _DateDiff('d', $ymd, $CurrentDate)
        If $ddiff >= 1 Then;work only with files older than today's date
            FileWriteLine ($FileList, $SearchPath & $FileDate[1] & "-" & $FileDate[2] & $File);write MSG filename to log
            RunWait(@ComSpec & " /c " & "ren " & $SearchPath & $File2 & ".* " & $FileDate[1] & "-" & $FileDate[2] & $File2 & ".*", "", @SW_HIDE);rename both MSG and RCP file appending date
        EndIf
    WEnd
    FileClose($Search)
    FileClose($FileList)
EndFunc

Share this post


Link to post
Share on other sites

Well to be quite frank, this/your task is pissing me off!! :P

I got then I don't, it's like a polish sex manual, 'In Out Repeat... Only If Necessary'!


[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

This has to be the most horrible coding there is, but I think it works now...

Try this:

#include <File.au3>
#include <array.au3>
Dim $nArray
Dim $oArray
Dim $DatesAndNames
Dim $MasterDate
Dim $pArray
Dim $ReplaceArray
Dim $qArray
Dim $OutPut
Dim $InPut
Dim $Count
Dim $FInput
$VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)")
_FileReadToArray($VLog, $nArray)
For $i = 1 To UBound($nArray) - 1
    $SSW = StringStripWS($nArray[$i], 7)
    $SnS1 = StringInStr($SSW, 'v:\')
    If $SnS1 Then
        $Date = StringLeft(StringTrimLeft($SSW, 8), 5)
        $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4)
        $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF
    EndIf
    $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF)
    ToolTip("1st Loop : Line " & $i, 0 , 0)
Next
For $x = 1 To UBound($oArray) - 1
    $CheckDate = StringLeft($oArray[$x], 5)
    If StringInStr($MasterDate, $CheckDate) = 0 Then
        $MasterDate = $MasterDate & $CheckDate & @LF
    EndIf
    $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF)
    ToolTip("2nd Loop : Line " & $x, 0 , 0)
Next
For $a = 1 To UBound($pArray) - 1
    For $k = 1 To UBound($oArray) - 1
        If StringLeft($oArray[$k], 5) = $pArray[$a] Then
            $Extension = StringTrimLeft($oArray[$k], 8) & @LF
            $ReplaceArray = $ReplaceArray & $Extension
        EndIf
    Next
    $rArray = StringSplit(StringTrimRight($ReplaceArray, 1), @LF)
    For $i = 1 To UBound($rArray) - 1
        If StringInStr($InPut, $rArray[$i]) = 0 Then $InPut = $InPut & StringStripWS($rArray[$i], 7) & @LF
    Next
    $sArray = StringSplit(StringTrimRight($InPut, 1), @LF)
    For $j = 1 To UBound($sArray) - 1
        For $c = 1 To UBound($rArray) - 1
            If StringInStr($sArray[$j], $rArray[$c]) Then
                $Count = $Count + 1
            EndIf
        Next
        If $Count <> "" Then
            $FInput = $FInput & $sArray[$j] & @TAB & $Count & @LF
        Else
            $FInput = $FInput & $sArray[$j] & @TAB & 1 & @LF
        EndIf
        $Count = ""
    Next
    $OutPut = $OutPut & $pArray[$a] & @LF & $FInPut
    $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF)
    $InPut = ''
    $FInPut = ''
    $ReplaceArray = ''
    ToolTip("Last Loop : Line " & $a, 0 , 0)
Next
_ArrayDisplay($qArray, '')

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

Here's another approach if you're interested (it requires the beta):

#Include <Array.au3>
#Include <File.au3>

Local $FilePath = 'C:\Log.txt'

; Read the file into memory
Local $FileData
If Not _FileReadToArray($FilePath, $FileData) Then
    MsgBox(0x10, 'Error', 'Could not read from file:' & @LF & $FilePath)
    Exit
EndIf

; Attemt to parse each line
Local $VirusData = ''
For $I = 1 To $FileData[0]
    Local $Result = StringRegExp($FileData[$I], '(\d\d-\d\d).*Found (the|potentially unwanted program) (.*)( \a+ !!!|\.)', 1)
    If @Extended Then $VirusData &= $Result[0] & @TAB & $Result[2] & @LF
Next

; Consolidate each entry to their totals
Local $VirusTotals = ''
While $VirusData <> ''
    Local $Line = StringLeft($VirusData, StringInStr($VirusData, @LF))
    $VirusData = StringReplace($VirusData, $Line, '')
    Local $Occurrences = @Extended
    $VirusTotals &= StringTrimRight($Line, 1) & @TAB & $Occurrences & @LF
WEnd

; Sort by date to aid outputting in the desired format
$VirusTotals = StringSplit(StringTrimRight($VirusTotals, 1), @LF)
_ArraySort($VirusTotals, False, 1)

; Start outputting in the desired format
Local $Output = ''
Local $CurrentDate
For $I = 1 To $VirusTotals[0]
    Local $LineDate = StringLeft($VirusTotals[$I], StringInStr($VirusTotals[$I], @TAB) - 1)
    If $LineDate <> $CurrentDate Then
        If $Output <> '' Then $Output &= @LF
        $Output &= $LineDate & @LF
        $CurrentDate = $LineDate
    EndIf
    $Output &= StringTrimLeft($VirusTotals[$I], StringInStr($VirusTotals[$I], @TAB)) & @LF
Next
$Output &= @LF

; Display
MsgBox(0, 'Report', $Output)

; Append to some file
; Local $Handle = FileOpen('SomeFile', 1)
; If $Handle = -1 Then
;    MsgBox(0x10, 'Error', 'Could not write the output.')
;    Exit
; EndIf
; FileWrite($Handle, $Output)
; FileClose($Handle)

Edit: Minor improvements.

Edit: Now handles lines such as 'Found potentially unwanted program Exploit-MIME.gen.c.'.

Edited by LxP

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0