On 11/07/2011 06:22 AM, gene heskett wrote:
On Monday, November 07, 2011 05:35:15 AM Peter Otten did opine:
<SNIP>
Are you talking about this one?
https://github.com/halsten/Duqu-detectors/blob/master/DuquDriverPatterns
.py
Yes. My save as renamed it, still has about 30k of tabs in it. But I
pulled it again, using the 'raw' link, saved it, no extra tabs.
But it still doesn't work for linux. My python is 2.6.6
To start with, what's the md5 of the file you downloaded and are
testing? I get c4592a187f8f7880d3b685537e3bf9a5
from md5sum. If you get something different, one of us changed the
file, or you got it before today.
The whole tab issue is a red-herring in this case. But I don't see how
you can find 30k tabs in a thousand lines. And if I were going to detab
it, I'd pick 4 spaces, so the code doesn't stretch across the page.
<SNIP>
python DuquDriverPatterns.py ./directoryOfMalware
and the line you are quoting then puts the value "./directoryOfMalware"
into the rootdir variable.
If only it would... Using this version, the failure is silent and instant.
Besides, the malware could be anyplace on the system. But it needs to skip
/dev since it hangs on the midi tree, /mnt and /media because they are not
part of the running system even if disks are mounted there.
First, run it on the current directory, and it should list the files in
that directory:
I ran it in the directory I unzipped it into, so there are two files,
the README and the source file itself.
$ python DuquDriverPatterns.py .
Scanning ./README:
No match for pattern #0 on file named: README
No match for pattern #1 on file named: README
No match for pattern #2 on file named: README
etc.
The only way I can see to get NO output is to run it on an empty directory:
$mkdir junk
$ python DuquDriverPatterns.py junk
As for skipping certain directories, we can deal with that as soon as
you get proper behavior for any subtree of directories.
Have you tried adding a print ("Hello World " + rootdir) just before the
for root, subFolders, files in os.walk(rootdir):
line ? Or putting a print len(files) just after it (indented, of
course) ?
--
DaveA
--
http://mail.python.org/mailman/listinfo/python-list
