python自动化运维之python2.6升级2.7和集中病毒扫描
2015-09-02 11:02
447 查看
1.因为我linux的python是2.6.6,所以因为有些模块是2.7的,先进行升级。
步骤地址:http://www.linuxidc.com/Linux/2014-07/104555.htm
2.安装pyclamd
yum install -y clamav clamd clamav-update 安装clamavp的相关程序包
chkconfig --level 235 clamd on
/usr/bin/freshclam
pyClamd-0.3.15.tar.gz安装包安装
3.vim /etc/clamd.conf
把本机的127.0.0.1,修改成0.0.0.0 监控所有IP
/etc/init.d/clamd restart
4.扫描脚本 scan_file.py
# -*- coding: utf-8 -*-
import time
import pyclamd
from threading import Thread
class Scan(Thread):
def __init__ (self,IP,scan_type,file):
"""构造方法,参数初始化"""
Thread.__init__(self)
self.IP = IP
self.scan_type = scan_type
self.file = file
self.connstr = ""
self.scanresult = ""
def run(self):
"""多进程run方法"""
try:
cd = pyclamd.ClamdNetworkSocket(self.IP,3310)
if cd.ping():
self.connstr=self.IP+"connection [OK]"
cd.reload()
if self.scan_type == "contscan_file":
self.scanresult="{0}\n".format(cd.contscan_file(self.file))
elif self.scan_type=="multiscan_file":
self.scanresult="{0}\n".format(cd.multiscan_file(self.file))
elif self.scan_type=="scan_file":
self.scanresult="{0}\n".format(cd.scan_file(self.file))
time.sleep(2)
else:
self.connstr=self.IP+"ping error,exit"
return
except Exception,e:
self.connstr=self.IP+" "+str(e)
IPs=['192.168.20.28','192.168.20.140']
scantype="multiscan_file"
scanfile="/home/python"
i=1
threadnum=2
scanlist = []
for ip in IPs:
currp = Scan(ip,scantype,scanfile)
scanlist.append(currp)
if i%threadnum==0 or i==len(IPs):
for task in scanlist:
task.start()
for task in scanlist:
task.join()
print task.connstr
print task.scanresult
scanlist = []
i+=1
运行脚本会出现
192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)
192.168.20.140 Could not reach clamd using network (192.168.20.140, 3310)
说明脚本可以正常运行了。
3.通过EICAR()方法生成带有病毒特征文件
python自动化运维是直接给我们一段
void = open('/tmp/EICAR','w').write(cd.EICAR())
会直接提示 cd是没有定义的,
所以我们要给cd定义下,
cd = pyclamd.ClamdAgnostic()
然后在void = open('/tmp/EICAR','w').write(cd.EICAR())
这样就会在/tmp下生成EICAR的文件,然后在把这文件复制到你要扫描的目录就可以进行检测了。
[root@localhost python]# python scan_file.py
192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)
192.168.20.140connection [OK]
{u'/home/python/EICAR': ('FOUND', 'Eicar-Test-Signature')}
就会看到提示140下有个病毒测试文件EICAR。
步骤地址:http://www.linuxidc.com/Linux/2014-07/104555.htm
2.安装pyclamd
yum install -y clamav clamd clamav-update 安装clamavp的相关程序包
chkconfig --level 235 clamd on
/usr/bin/freshclam
pyClamd-0.3.15.tar.gz安装包安装
3.vim /etc/clamd.conf
把本机的127.0.0.1,修改成0.0.0.0 监控所有IP
/etc/init.d/clamd restart
4.扫描脚本 scan_file.py
# -*- coding: utf-8 -*-
import time
import pyclamd
from threading import Thread
class Scan(Thread):
def __init__ (self,IP,scan_type,file):
"""构造方法,参数初始化"""
Thread.__init__(self)
self.IP = IP
self.scan_type = scan_type
self.file = file
self.connstr = ""
self.scanresult = ""
def run(self):
"""多进程run方法"""
try:
cd = pyclamd.ClamdNetworkSocket(self.IP,3310)
if cd.ping():
self.connstr=self.IP+"connection [OK]"
cd.reload()
if self.scan_type == "contscan_file":
self.scanresult="{0}\n".format(cd.contscan_file(self.file))
elif self.scan_type=="multiscan_file":
self.scanresult="{0}\n".format(cd.multiscan_file(self.file))
elif self.scan_type=="scan_file":
self.scanresult="{0}\n".format(cd.scan_file(self.file))
time.sleep(2)
else:
self.connstr=self.IP+"ping error,exit"
return
except Exception,e:
self.connstr=self.IP+" "+str(e)
IPs=['192.168.20.28','192.168.20.140']
scantype="multiscan_file"
scanfile="/home/python"
i=1
threadnum=2
scanlist = []
for ip in IPs:
currp = Scan(ip,scantype,scanfile)
scanlist.append(currp)
if i%threadnum==0 or i==len(IPs):
for task in scanlist:
task.start()
for task in scanlist:
task.join()
print task.connstr
print task.scanresult
scanlist = []
i+=1
运行脚本会出现
192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)
192.168.20.140 Could not reach clamd using network (192.168.20.140, 3310)
说明脚本可以正常运行了。
3.通过EICAR()方法生成带有病毒特征文件
python自动化运维是直接给我们一段
void = open('/tmp/EICAR','w').write(cd.EICAR())
会直接提示 cd是没有定义的,
所以我们要给cd定义下,
cd = pyclamd.ClamdAgnostic()
然后在void = open('/tmp/EICAR','w').write(cd.EICAR())
这样就会在/tmp下生成EICAR的文件,然后在把这文件复制到你要扫描的目录就可以进行检测了。
[root@localhost python]# python scan_file.py
192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)
192.168.20.140connection [OK]
{u'/home/python/EICAR': ('FOUND', 'Eicar-Test-Signature')}
就会看到提示140下有个病毒测试文件EICAR。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- Python动态类型的学习---引用的理解
- Python3写爬虫(四)多线程实现数据爬取
- 垃圾邮件过滤器 python简单实现
- 下载并遍历 names.txt 文件,输出长度最长的回文人名。
- install and upgrade scrapy
- Scrapy的架构介绍
- Centos6 编译安装Python
- 使用Python生成Excel格式的图片
- 让Python文件也可以当bat文件运行
- [Python]推算数独
- Python中zip()函数用法举例
- Python中map()函数浅析
- Python将excel导入到mysql中
- Python在CAM软件Genesis2000中的应用
- 使用Shiboken为C++和Qt库创建Python绑定
- FREEBASIC 编译可被python调用的dll函数示例
- Python 七步捉虫法