#!/usr/bin/env python
# -*- coding: utf-8 -*-
import os,sys,time,pickle,shutil
from optparse import OptionParser
from operator import itemgetter
VERSION="virusampls-ratio v10.4.12"
def processLogKV(fname):
"简单处理KV查杀日志为list对象[计数,病毒名,隔离区目录]"
print fname
dumpf = "%s.dump"%fname
dumpd = {}
for line in open(fname).readlines():
if " 中发现 " in line:
tags = line.split()
print tags[3],tags[1]
viru = tags[3]
path = tags[1]
if viru in dumpd.keys():
pass
else:
dumpd[viru]=[0,path]
pickle.dump(dumpd, open(dumpf, 'wb'))
print "\n\n%s\n\tdumped %d lines checked log as Python List obj."%(VERSION,len(dumpd.keys()))
def processLogRX(fname):
"简单处理RX查杀日志为list对象[计数,病毒名,隔离区目录]"
print fname
dumpf = "%s.dump"%fname
dumpd = {}
for line in open(fname).readlines():
if "手动查杀" in line:
tags = line.split(";")
print tags[2][1:-1],tags[6][1:-1]
viru = tags[2][1:-1]
path = tags[6][1:-1]
if viru in dumpd.keys():
pass
else:
dumpd[viru]=[0,path]
pickle.dump(dumpd, open(dumpf, 'wb'))
print "\n\n%s\n\tdumped %d lines checked log as Python List obj."%(VERSION,len(dumpd.keys()))
def ratioYQ(args):
"""将查杀日志和厂商疫情进行对比,按照排名积累分数,最终得到综合热度:
前500排名的话,第一名为500分;
MiscItems/2008-07-01 - Woodpecker Wiki for CPUG
http://wiki.woodpecker.org.cn/moin/MiscItems/2008-07-01
Python中最快的字典排序方法 | Windstorm
http://www.kunli.info/2009/05/07/sorting-dictionaries-by-value-in-python/
"""
dumpf = args[0]
yqfile = args[1]
tophotf = "%s-hot4-%s.txt"%(dumpf.split(".")[0],yqfile.split(".")[0])
ratio = pickle.load(open(dumpf, 'rb'))
flines = open(yqfile).readlines()
for i in range(len(flines)):
hvname = flines[i].upper().replace(".","").replace("/","")
for v in ratio.keys():
vname = v.upper().replace(".","").replace("/","")
if vname in hvname:
ratio[v][0]+=i
unitRatioDictFile = "virusampls-ratio.dict.dump"
try:
unitRD = pickle.load(open(unitRatioDictFile, 'rb'))
except:
unitRD = {}
td = sorted(ratio.iteritems(), key=itemgetter(1), reverse=True)
hotvli=""
for t in td:
if 0!=t[1][0]:
print t
hotvli +="%s\t\t%s\n"%(t[0],t[1][1])
if t[0] in unitRD.keys():
unitRD[t[0]][0] +=t[1][0]
else:
unitRD[t[0]] =[t[1][0],t[1][1]]
open(tophotf,"w").write(hotvli)
print "\n\n%s\n\tfound top %d hotest Virus base %s...\n\t\t export as:%s"%(VERSION
,len(hotvli)
,yqfile
,tophotf
)
pickle.dump(unitRD, open(unitRatioDictFile, 'wb'))
def finalExport(args):
"将最终交叉对比出来的列表输出到指定目录/文件,同时(尝试将隔离区文件也复制到指定目录)"
expfn = "%s/%s"%(args[1],args[0])
expdir = args[1]
unitRatioDictFile = "virusampls-ratio.dict.dump"
unitRD = pickle.load(open(unitRatioDictFile, 'rb'))
td = sorted(unitRD.iteritems(), key=itemgetter(1), reverse=True)
hotvli=""
for t in td:
print t
hotvli +="%s\t\t%s\n"%(t[0],t[1][1])
#shutil.copy(t[1][1],expdir)
open(expfn,"w").write(hotvli)
print "\n\n%s\n\tfound top %d hotest Virus in my pc \n\t\t export list file::%s"%(VERSION
,len(td)
,expfn
)
if __name__ == '__main__': # this way the module can be
begin = time.time()
usage = "usage: %prog [option0] arg0 [arg1]"
parser = OptionParser(usage,version=VERSION)
parser.add_option("-r","--ratio",dest="ratio",nargs=2,
type="string",metavar="*.dump some-hot-virus-list.txt",
help="YiQing comparison,uasge --lrx|lkv processed .dump file "
"e.g KV-RESULT.dump some-hot-virus-list.txt")
parser.add_option("--lrx",dest="lrx",
type="string",
help="process RX checking log")
parser.add_option("--lkv",dest="lkv",
type="string",
help="process KV checking log")
parser.add_option("-e","--export",dest="export",nargs=2,
type="string",metavar="*.txt path/2/export ",
help="export total hotest virus list into dir "
"e.g -e virus-hotest-in-my-pc.tx tmp")
(options, args) = parser.parse_args()
if 1 == len(sys.argv):
parser.print_help()
if options.ratio :
print "comparison checked list and YiQing list\n\n"
ratioYQ(options.ratio)
else:
if options.lrx:
print "\n\nreFormat RX checking list\n\n"
processLogRX(options.lrx)
if options.lkv:
print "\n\nreFormat KV checking list\n\n"
processLogKV(options.lkv)
if options.export:
print "\n\nexport total hotest virus list in to\n\n"
finalExport(options.export)
if (options.lrx and options.ratio) or (options.lkv and options.ratio):
print "\n\nATTENTION!\n\t -r and --lrx|lkx can not usage in same time!\n\n"
parser.error("incorrect number of arguments! \nATTENTION!\n"
"\ne.g.\n \tpython %s -lrx something.txt "
"\nor\n\tpython %s -r sonething.dump top500-from-RX.TXT"%(parser.get_prog_name()
,parser.get_prog_name())
)
parser.print_help()