MightyGuru Posted December 27, 2005 Share Posted December 27, 2005 I am running the McAfee command line scanner against a list of files and generating a report of the scan results. This report contains a listing of all the files that were scanned and the viruses detected. What I am trying to do is extract the number of individual viruses detected by date. I have appended the date to the begining of the file name with another script. The output of the report file looks like this (output contains many more records than shown): V:\TEST\12-16T7540163e8e0a01145016f8.msg\document.zip ... Found the W32/Netsky.p@MM!zip virus !!! V:\TEST\12-17T7540fca63f0a01145016ec.msg\information.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-17T7540fe58230a01145016ec.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!! V:\TEST\12-18T75410331ff0a01145016ec.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-18T754106b5650a01145016ec.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!! V:\TEST\12-20T75410ec1be0a01145016ec.msg\0000050a.EML ... Found the Phish-BankFraud.eml.a trojan !!! What I would like to do is end up with a report file that contains something like: DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES NEXT DATE VIRUS NAME <TAB> NUMBER of OCCURANCES NEXT VIRUS <TAB> NUMBER of OCCURANCES 12-16 W32/Netsky.p@MM!zip virus 4 Generic Malware.a!zip trojan 6 12-20 Phish-BankFraud.eml.a trojan 2 W32/Sober@MM!M681 virus 10 I am guessing this could be done via an Array, but I'm not too familiar with Arrays. I can extract the date and virus name using: $number = 1 $VLog = FileOpen("vlog.txt", 0) While 1 $var = FileReadLine($VLog, $number) ;reads current line at $number (starting at 1) If StringInStr($var, "v:\") > 0 Then $Date = StringTrimLeft($var, 8) $Date = StringLeft($Date, 5);extract date $Vname = StringTrimLeft($var, StringInStr($var, "Found" ) +9) $Vname = StringTrimRight($Vname, 4);extract virus name EndIf $number = $number + 1 WEnd But I am lost figuring out how to track individual viruses per date. ANY help is greatly appreciated! Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 27, 2005 Moderators Share Posted December 27, 2005 Just curious, you posted dates like: Date Next Date 12-16 12-20 Is that directly copied from the .log or .txt file? I mean is that an exact example of how the .txt file your pulling from looks like? If not, could you post an 'exact' example, and myself or someone else would be sure to lend a hand I'm sure. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 27, 2005 Moderators Share Posted December 27, 2005 I'm assuming your example is correct, this should work then... #include <File.au3> #include <array.au3> Dim $nArray Dim $SSplit Dim $DatesAndNames $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To $nArray[0] $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF ;FileWriteLine("Your File Name", $DatesAndNames) EndIf $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) Next _ArrayDisplay($SSplit, "") Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
MightyGuru Posted December 28, 2005 Author Share Posted December 28, 2005 Just curious, you posted dates like:DateNext Date12-1612-20Is that directly copied from the .log or .txt file? I mean is that an exact example of how the .txt file your pulling from looks like?If not, could you post an 'exact' example, and myself or someone else would be sure to lend a hand I'm sure.The exact report file looks like this:--------------------------------------------------------------------------------------------------------------------------McAfee VirusScan for Win32 v4.40.0Copyright © 1992-2004 Networks Associates Technology Inc. All rights reserved.(408) 988-3832 LICENSED COPY - Sep 23 2004Scan engine v4.4.00 for Win32.Virus data file v4655 created Dec 21 2005Scanning for 167009 viruses, trojans and variants.12/27/2005 14:23:59Options:/CHECKLIST LIST.TXT /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT VLOG.TXTV:\TEST\12-16r7540830ae65014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830b445014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!!V:\TEST\12-16r7540830b545014010ACF8.msg\info-text.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830b735014010ACF8.msg\email-details.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830b835014010ACF8.msg\email-info.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830bc15014010ACF8.msg\mailtext.zip ... Found the W32/Sober@MM!M681 virus !!!V:\TEST\12-16r7540830be05014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830c005014010ACF8.msg\instructions.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830c0f5014010ACF8.msg\information.zip ... Found the Generic Malware.a!zip trojan !!!V:\TEST\12-16r7540830c2f5014010ACF8.msg\question_list.zip ... Found the W32/Sober@MM!M681 virus !!!V:\TEST\12-16r7540830c4e5014010ACF8.msg\document.zip ... Found the Generic Malware.a!zip trojan !!!Summary report on checklist list.txtFile(s) Total files: ........... 293 Clean: ................. 200 Not scanned: ........... 0 Possibly Infected: ..... 93 Time: 00:00.08----------------------------------------------------------------------------------------------------------------------------I want to extract the date (first 5 characters of the file name ex. 12-16) and the virus found, so that in the end I have a separate report created by a script that shows the number(count) of individual viruses found in a given day. Something like the following:DATEVIRUS NAME <TAB> NUMBER of OCCURANCESNEXT VIRUS <TAB> NUMBER of OCCURANCESNEXT DATEVIRUS NAME <TAB> NUMBER of OCCURANCESNEXT VIRUS <TAB> NUMBER of OCCURANCES12-16W32/Netsky.p@MM!zip virus 4Generic Malware.a!zip trojan 612-20Phish-BankFraud.eml.a trojan 2W32/Sober@MM!M681 virus 10 Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 28, 2005 Moderators Share Posted December 28, 2005 Did you try the scipt I put up there? Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
MightyGuru Posted December 28, 2005 Author Share Posted December 28, 2005 Did you try the scipt I put up there? Yes, Thank you! It placed all the necessary details from the report file into an array. Do you know if the array will handle several thousand (yes thousand) entries? Is there a limitation? Finally, how can I output the information in the array so that I have a count of the individual viruses per day? Example: Given the following array output: Desired output: 12-05 Generic Malware.a!zip trojan 1 W32/Sober@MM!M681 virus 1 12-09 W32/Sober@MM!M681 virus 1 Generic Malware.a!zip trojan 1 12-16 Generic Malware.a!zip trojan 6 W32/Sober@MM!M681 virus 2 W32/Netsky.p@MM!zip virus 1 ...etc Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 28, 2005 Moderators Share Posted December 28, 2005 (edited) Well to your first question, the array will handle however many there are I'm sure.2nd question... The setup:12-16Generic Malware.a!zip trojan 6W32/Sober@MM!M681 virus 2W32/Netsky.p@MM!zip virus 1I'm a bit tired at the moment, but I'll give it a stab to see what I can do.Now the number on the end: Is that the total amount of times that virus has shown up year to date? Or how many instances was found at that session?Edit:Nevermind, I see you need it for that session... Edited December 28, 2005 by SmOke_N Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 28, 2005 Moderators Share Posted December 28, 2005 Here's a crude start for you possibly: expandcollapse popup#include <File.au3> #include <array.au3> Dim $nArray Dim $SSplit Dim $DatesAndNames Dim $MasterDate Dim $SSplit2 Dim $AnotherArray Dim $SSplit3 Dim $LastArray $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To $nArray[0] $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF ;FileWriteLine("Your File Name", $DatesAndNames) EndIf $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) Next For $x = 1 To $SSplit[0] $CheckDate = StringLeft($SSplit[$x], 5) If StringInStr($MasterDate, $CheckDate) = 0 Then $MasterDate = $MasterDate & $CheckDate & @LF EndIf $SSplit2 = StringSplit(StringTrimRight($MasterDate, 1), @LF) Next For $a = 1 To UBound($SSplit2) - 1 For $k = 1 To UBound($SSplit) - 1 If StringLeft($SSplit[$k], 5) = $SSplit2[$a] Then $AnotherArray = $AnotherArray & StringTrimLeft($SSplit[$k], 8) & @LF EndIf Next $LastArray = $LastArray & $SSplit2[$a] & @LF & $AnotherArray $SSplit3 = StringSplit(StringTrimRight($LastArray, 1), @LF) $AnotherArray = '' Next _ArrayDisplay($SSplit3, '') Trying to finish this movie . Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
MightyGuru Posted December 28, 2005 Author Share Posted December 28, 2005 Here's a crude start for you possibly: expandcollapse popup#include <File.au3> #include <array.au3> Dim $nArray Dim $SSplit Dim $DatesAndNames Dim $MasterDate Dim $SSplit2 Dim $AnotherArray Dim $SSplit3 Dim $LastArray $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To $nArray[0] $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF ;FileWriteLine("Your File Name", $DatesAndNames) EndIf $SSplit = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) Next For $x = 1 To $SSplit[0] $CheckDate = StringLeft($SSplit[$x], 5) If StringInStr($MasterDate, $CheckDate) = 0 Then $MasterDate = $MasterDate & $CheckDate & @LF EndIf $SSplit2 = StringSplit(StringTrimRight($MasterDate, 1), @LF) Next For $a = 1 To UBound($SSplit2) - 1 For $k = 1 To UBound($SSplit) - 1 If StringLeft($SSplit[$k], 5) = $SSplit2[$a] Then $AnotherArray = $AnotherArray & StringTrimLeft($SSplit[$k], 8) & @LF EndIf Next $LastArray = $LastArray & $SSplit2[$a] & @LF & $AnotherArray $SSplit3 = StringSplit(StringTrimRight($LastArray, 1), @LF) $AnotherArray = '' Next _ArrayDisplay($SSplit3, '') Trying to finish this movie . Damn you're good. That's almost perfect. The only small detail left is, rather than listing the duplicate viruses, count the instances. Below is an example with the output from your last code post: Lets use the 12-16 area for reference: (BEFORE is what we have now, AFTER is what I am looking for) BEFORE 12-16 Generic Malware.a!zip trojan Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan W32/Netsky.p@MM!zip virus Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan Generic Malware.a!zip trojan AFTER 12-16 Generic Malware.a!zip trojan <TAB> 6 <--- total number of occurances for that day W32/Sober@MM!M681 virus <TAB> 2 W32/Netsky.p@MM!zip virus <TAB> 1 Link to comment Share on other sites More sharing options...
seandisanti Posted December 28, 2005 Share Posted December 28, 2005 Damn you're good. That's almost perfect. The only small detail left is, rather than listing the duplicate viruses, count the instances. Below is an example with the output from your last code post: Lets use the 12-16 area for reference: (BEFORE is what we have now, AFTER is what I am looking for) BEFORE 12-16 Generic Malware.a!zip trojan Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan W32/Netsky.p@MM!zip virus Generic Malware.a!zip trojan W32/Sober@MM!M681 virus Generic Malware.a!zip trojan Generic Malware.a!zip trojan AFTER 12-16 Generic Malware.a!zip trojan <TAB> 6 <--- total number of occurances for that day W32/Sober@MM!M681 virus <TAB> 2 W32/Netsky.p@MM!zip virus <TAB> 1sorry, i see that you posted a snippet of a log file, could you attach a whole log file (including non infected files if they're listed also) i think i could whip something up for you pretty quick. Link to comment Share on other sites More sharing options...
MightyGuru Posted December 28, 2005 Author Share Posted December 28, 2005 sorry, i see that you posted a snippet of a log file, could you attach a whole log file (including non infected files if they're listed also) i think i could whip something up for you pretty quick. I really appreciate your offer to help! I have attached a complete log file. In my specific case all the files that are being scanned have viruses; therefore the log will never have non-infected listings. Also the log will normally contain hundred's and possibly thousands of entries . The sample log I have attached just contains around 30. Let me know if you need a larger one vlog2.txt Link to comment Share on other sites More sharing options...
seandisanti Posted December 28, 2005 Share Posted December 28, 2005 I really appreciate your offer to help! I have attached a complete log file. In my specific case all the files that are being scanned have viruses; therefore the log will never have non-infected listings. Also the log will normally contain hundred's and possibly thousands of entries . The sample log I have attached just contains around 30. Let me know if you need a larger one vlog2.txtwould a normal log have non infected files also? that way i can make sure that it treats each entry correctly Link to comment Share on other sites More sharing options...
MightyGuru Posted December 29, 2005 Author Share Posted December 29, 2005 would a normal log have non infected files also? that way i can make sure that it treats each entry correctlyNo Link to comment Share on other sites More sharing options...
seandisanti Posted December 29, 2005 Share Posted December 29, 2005 Nook, i'm getting off of work now, but i'll work on it at home when i get there (about an hour from now or so) but here's what i've got already. it reads in the log file, creates an output file that's just the log entries without header info, then reads that file in to strip the identified names and the date into a 2 dimensional array. that's where i'm leaving off to go home, but i'm going to make the script sort that 2 dimensional array, then do a simple count... if someone beats me to that part though, i won't take offense... #include<file.au3> #include<array.au3> $input = FileOpen("c:\log.txt",0) $output = FileOpen("c:\logout.txt",2) While 1 $line = FileReadLine($input) If @error Then ExitLoop If StringMid($line,2,1) = ":" Then FileWriteLine($output,$line) WEnd FileClose($input) FileClose($output) Dim $log _FileReadToArray("c:\logout.txt",$log) Dim $array[$log[0]][2] Global $n = $log[0] _ArrayDisplay($log,"Unsorted") $array[0][0] = $log[0] For $x = 1 To $log[0] $start = StringInStr($log[$x]," ... Found the ") + 15 $array[$x][0] = StringMid($log[$x],$start,StringLen($log[$x])-($start+3)) $array[$x][1] = StringMid($log[$x],StringInStr($log[$x],"-")-2,5) Next Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 29, 2005 Moderators Share Posted December 29, 2005 (edited) Well, since I started trying to help this project, I'll attempt one last stab at this... (Although cameronsdad code, will probably be much more efficient) I seriously had not counted to even make sure this is correct or not, maybe you can give it a run and see. expandcollapse popup#include <File.au3> #include <array.au3> Dim $nArray Dim $oArray Dim $DatesAndNames Dim $MasterDate Dim $pArray Dim $ReplaceArray Dim $qArray Dim $OutPut $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To $nArray[0] $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF ;FileWriteLine("Your File Name", $DatesAndNames) EndIf $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) ToolTip("1st Loop : Line " & $i, 0 , 0) Next For $x = 1 To $oArray[0] $CheckDate = StringLeft($oArray[$x], 5) If StringInStr($MasterDate, $CheckDate) = 0 Then $MasterDate = $MasterDate & $CheckDate & @LF EndIf $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF) ToolTip("2nd Loop : Line " & $x, 0 , 0) Next For $a = 1 To UBound($pArray) - 1 For $k = 1 To UBound($oArray) - 1 If StringLeft($oArray[$k], 5) = $pArray[$a] Then If StringInStr($ReplaceArray, StringTrimLeft($oArray[$k], 8)) = 0 Then $ReplaceArray = $ReplaceArray & StringTrimLeft($oArray[$k], 8) & @TAB & 1 & @LF Else $TrimRight = StringTrimRight($ReplaceArray, 2) $RightChar = StringRight($ReplaceArray, 2) + 1 $ReplaceArray = $TrimRight & $RightChar & @LF EndIf EndIf Next $OutPut = $OutPut & $pArray[$a] & @LF & $ReplaceArray $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF) $ReplaceArray = '' ToolTip("Last Loop : Line " & $a, 0 , 0) Next _ArrayDisplay($qArray, '') Edit: I just saw you had the log file up there... This is a premature post, it in fact does not put the correct number in the right places. Edited December 29, 2005 by SmOke_N Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
seandisanti Posted December 29, 2005 Share Posted December 29, 2005 Well, since I started trying to help this project, I'll attempt one last stab at this... (Although cameronsdad code, will probably be much more efficient) I seriously had not counted to even make sure this is correct or not, maybe you can give it a run and see. expandcollapse popup#include <File.au3> #include <array.au3> Dim $nArray Dim $oArray Dim $DatesAndNames Dim $MasterDate Dim $pArray Dim $ReplaceArray Dim $qArray Dim $OutPut $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To $nArray[0] $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF ;FileWriteLine("Your File Name", $DatesAndNames) EndIf $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) ToolTip("1st Loop : Line " & $i, 0 , 0) Next For $x = 1 To $oArray[0] $CheckDate = StringLeft($oArray[$x], 5) If StringInStr($MasterDate, $CheckDate) = 0 Then $MasterDate = $MasterDate & $CheckDate & @LF EndIf $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF) ToolTip("2nd Loop : Line " & $x, 0 , 0) Next For $a = 1 To UBound($pArray) - 1 For $k = 1 To UBound($oArray) - 1 If StringLeft($oArray[$k], 5) = $pArray[$a] Then If StringInStr($ReplaceArray, StringTrimLeft($oArray[$k], 8)) = 0 Then $ReplaceArray = $ReplaceArray & StringTrimLeft($oArray[$k], 8) & @TAB & 1 & @LF Else $TrimRight = StringTrimRight($ReplaceArray, 2) $RightChar = StringRight($ReplaceArray, 2) + 1 $ReplaceArray = $TrimRight & $RightChar & @LF EndIf EndIf Next $OutPut = $OutPut & $pArray[$a] & @LF & $ReplaceArray $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF) $ReplaceArray = '' ToolTip("Last Loop : Line " & $a, 0 , 0) Next _ArrayDisplay($qArray, '') Edit: I just saw you had the log file up there... This is a premature post, it in fact does not put the correct number in the right places.don't sell yourself short smoke, you write plenty of stuff more efficiently than me. the only reason i re-did what you had already done smoke was that i only had an hour left at work when i was getting started on this, and figured i'd have a better chance of finishing before quitting time if i started from scratch than if i tried to work off of a started script. bad news though, just got home and i guess i've a date with the wife tonight, dinner and a movie, so i won't be able to work on this more tonight. another thing i was thinking about on the way home is that my code has a prominent point of failure in that if any part of the listed file's path contains a hyphen. i tried to make my script not take advantage of the date being in the same place on every log entry (i'm sure they won't all be at v:\test\ directory) but the way that i did it, it only checks for the first hyphen in the string, and grabs 2 chars before to 2 chars after...it's a fine solution if you can be sure there will never be a hyphen in a folder name... if i get home early enough tonight i'll try to finish this up, otherwise it'll be my first project in the morning. 8am ish PST Link to comment Share on other sites More sharing options...
MightyGuru Posted December 29, 2005 Author Share Posted December 29, 2005 don't sell yourself short smoke, you write plenty of stuff more efficiently than me. the only reason i re-did what you had already done smoke was that i only had an hour left at work when i was getting started on this, and figured i'd have a better chance of finishing before quitting time if i started from scratch than if i tried to work off of a started script. bad news though, just got home and i guess i've a date with the wife tonight, dinner and a movie, so i won't be able to work on this more tonight. another thing i was thinking about on the way home is that my code has a prominent point of failure in that if any part of the listed file's path contains a hyphen. i tried to make my script not take advantage of the date being in the same place on every log entry (i'm sure they won't all be at v:\test\ directory) but the way that i did it, it only checks for the first hyphen in the string, and grabs 2 chars before to 2 chars after...it's a fine solution if you can be sure there will never be a hyphen in a folder name... if i get home early enough tonight i'll try to finish this up, otherwise it'll be my first project in the morning. 8am ish PST Here are a few 'constants' that will occur in EVERY log entry: The drive will always be V:\ with NO subdirectories (V:\test was only used for initial script testing). The file name will always start with MM-DD (2-digit month 'dash' 2-digit day). The initial file extension will always be .MSG. Example: V:\12-28<random characters>.msg... Below is the code I written up to this point. It shows how the files get the date appended to the begining of the file name. It might shed light on some of the details you question or allow you to suggest a better way to do the same thing. I am a network security administrator, our company uses a program called MIMESweeper to filter email. Any email that contains a virus is quaraintined to a specific folder on the server (that is where the V:\ drive is mapped to). Two files make up each message, one being *.MSG and the other *.RCP. The *.MSG file is the one that contains the actual message content and therefore the virus attachment. I currently have to manually scan these files to report how many of a paticular virus we have stopped per day (this is all for managment). My intent was to use AutoIT (thank God for such a great tool!) to automate this task. I have written several scripts to automate other tasks in the past with great success. The only problem is I got in over my head on this one. This is where your help is requested and appreciated! expandcollapse popup#include <date.au3> #include <file.au3> $Error = 0 $SearchPath = "v:\" $FileType = "*.msg" $CurrentDate = _NowCalcDate() Func Scan () ;scan MSG files for viruses RunWait( "C:\Program Files\Common Files\Network Associates\Engine\scan /CHECKLIST list.txt /ANALYZE /PANALYZE /MIME /PROGRAM /UNZIP /NOMEM /NOBOOT /SILENT /NOEXPIRE /NODDA /NOBREAK /NORENAME /REPORT vlog.txt", "", @SW_HIDE) ;working on reporting results EndFunc Func WorkFiles () $Error = 0 $FileList = FileOpen ("list.txt",2) ;log all files older than today with MSG extension in V:\ to file $Search = FileFindFirstFile($SearchPath & $FileType) If $search = -1 Then MsgBox(0, "Error", "No files in directory") $Error = 1 FileClose($Search) FileClose($FileList) Return EndIf While 1 $File = FileFindNextFile($search);full file name If $File = "" Then ExitLoop $File2 = StringTrimRight($File, 4);file name less extension If @error Then ExitLoop $FileDate = FileGetTime($SearchPath & $File) $ymd = $FileDate[0] & "/" & $FileDate[1] & "/" & $FileDate[2] $ddiff = _DateDiff('d', $ymd, $CurrentDate) If $ddiff >= 1 Then;work only with files older than today's date FileWriteLine ($FileList, $SearchPath & $FileDate[1] & "-" & $FileDate[2] & $File);write MSG filename to log RunWait(@ComSpec & " /c " & "ren " & $SearchPath & $File2 & ".* " & $FileDate[1] & "-" & $FileDate[2] & $File2 & ".*", "", @SW_HIDE);rename both MSG and RCP file appending date EndIf WEnd FileClose($Search) FileClose($FileList) EndFunc Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 29, 2005 Moderators Share Posted December 29, 2005 Well to be quite frank, this/your task is pissing me off!! I got then I don't, it's like a polish sex manual, 'In Out Repeat... Only If Necessary'! Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
Moderators SmOke_N Posted December 29, 2005 Moderators Share Posted December 29, 2005 This has to be the most horrible coding there is, but I think it works now... Try this:expandcollapse popup#include <File.au3> #include <array.au3> Dim $nArray Dim $oArray Dim $DatesAndNames Dim $MasterDate Dim $pArray Dim $ReplaceArray Dim $qArray Dim $OutPut Dim $InPut Dim $Count Dim $FInput $VLog = FileOpenDialog("Open Virus Text", @ScriptDir, "All (*.txt*)") _FileReadToArray($VLog, $nArray) For $i = 1 To UBound($nArray) - 1 $SSW = StringStripWS($nArray[$i], 7) $SnS1 = StringInStr($SSW, 'v:\') If $SnS1 Then $Date = StringLeft(StringTrimLeft($SSW, 8), 5) $Vname = StringTrimRight(StringTrimLeft($SSW, StringInStr($SSW, "found") + 9), 4) $DatesAndNames = $DatesAndNames & $Date & " : " & $Vname & @LF EndIf $oArray = StringSplit(StringTrimRight($DatesAndNames, 1), @LF) ToolTip("1st Loop : Line " & $i, 0 , 0) Next For $x = 1 To UBound($oArray) - 1 $CheckDate = StringLeft($oArray[$x], 5) If StringInStr($MasterDate, $CheckDate) = 0 Then $MasterDate = $MasterDate & $CheckDate & @LF EndIf $pArray = StringSplit(StringTrimRight($MasterDate, 1), @LF) ToolTip("2nd Loop : Line " & $x, 0 , 0) Next For $a = 1 To UBound($pArray) - 1 For $k = 1 To UBound($oArray) - 1 If StringLeft($oArray[$k], 5) = $pArray[$a] Then $Extension = StringTrimLeft($oArray[$k], 8) & @LF $ReplaceArray = $ReplaceArray & $Extension EndIf Next $rArray = StringSplit(StringTrimRight($ReplaceArray, 1), @LF) For $i = 1 To UBound($rArray) - 1 If StringInStr($InPut, $rArray[$i]) = 0 Then $InPut = $InPut & StringStripWS($rArray[$i], 7) & @LF Next $sArray = StringSplit(StringTrimRight($InPut, 1), @LF) For $j = 1 To UBound($sArray) - 1 For $c = 1 To UBound($rArray) - 1 If StringInStr($sArray[$j], $rArray[$c]) Then $Count = $Count + 1 EndIf Next If $Count <> "" Then $FInput = $FInput & $sArray[$j] & @TAB & $Count & @LF Else $FInput = $FInput & $sArray[$j] & @TAB & 1 & @LF EndIf $Count = "" Next $OutPut = $OutPut & $pArray[$a] & @LF & $FInPut $qArray = StringSplit(StringTrimRight($OutPut, 1), @LF) $InPut = '' $FInPut = '' $ReplaceArray = '' ToolTip("Last Loop : Line " & $a, 0 , 0) Next _ArrayDisplay($qArray, '') Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer. Link to comment Share on other sites More sharing options...
LxP Posted December 29, 2005 Share Posted December 29, 2005 (edited) Here's another approach if you're interested (it requires the beta):expandcollapse popup#Include <Array.au3> #Include <File.au3> Local $FilePath = 'C:\Log.txt' ; Read the file into memory Local $FileData If Not _FileReadToArray($FilePath, $FileData) Then MsgBox(0x10, 'Error', 'Could not read from file:' & @LF & $FilePath) Exit EndIf ; Attemt to parse each line Local $VirusData = '' For $I = 1 To $FileData[0] Local $Result = StringRegExp($FileData[$I], '(\d\d-\d\d).*Found (the|potentially unwanted program) (.*)( \a+ !!!|\.)', 1) If @Extended Then $VirusData &= $Result[0] & @TAB & $Result[2] & @LF Next ; Consolidate each entry to their totals Local $VirusTotals = '' While $VirusData <> '' Local $Line = StringLeft($VirusData, StringInStr($VirusData, @LF)) $VirusData = StringReplace($VirusData, $Line, '') Local $Occurrences = @Extended $VirusTotals &= StringTrimRight($Line, 1) & @TAB & $Occurrences & @LF WEnd ; Sort by date to aid outputting in the desired format $VirusTotals = StringSplit(StringTrimRight($VirusTotals, 1), @LF) _ArraySort($VirusTotals, False, 1) ; Start outputting in the desired format Local $Output = '' Local $CurrentDate For $I = 1 To $VirusTotals[0] Local $LineDate = StringLeft($VirusTotals[$I], StringInStr($VirusTotals[$I], @TAB) - 1) If $LineDate <> $CurrentDate Then If $Output <> '' Then $Output &= @LF $Output &= $LineDate & @LF $CurrentDate = $LineDate EndIf $Output &= StringTrimLeft($VirusTotals[$I], StringInStr($VirusTotals[$I], @TAB)) & @LF Next $Output &= @LF ; Display MsgBox(0, 'Report', $Output) ; Append to some file ; Local $Handle = FileOpen('SomeFile', 1) ; If $Handle = -1 Then ; MsgBox(0x10, 'Error', 'Could not write the output.') ; Exit ; EndIf ; FileWrite($Handle, $Output) ; FileClose($Handle)Edit: Minor improvements.Edit: Now handles lines such as 'Found potentially unwanted program Exploit-MIME.gen.c.'. Edited December 29, 2005 by LxP Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now