You are not logged in.
Pages: 1
Hi all,
Can someone help me make a script where a file will be rename according to a file content in a Antivirus Log File..
Example:
This a sample line content of a Scan Report from Kaspersky Total Security 2018..
24.08.2017 14.18.41 Object (file) detected C:\Zip\VIRUS\New\065AD63D6E4246EE8219831C55A7B4E6DCF23693.EXE File: C:\Zip\VIRUS\New\065AD63D6E4246EE8219831C55A7B4E6DCF23693.EXE Object name: not-a-virus:Downloader.Win32.Somato.r
24.08.2017 14.18.39 Object (file) detected C:\Zip\VIRUS\New\063BA2111709246C94B784F7DA952847D20B6930.exe File: C:\Zip\VIRUS\New\063BA2111709246C94B784F7DA952847D20B6930.exe Object name: HEUR:Trojan.Win32.Generic
24.08.2017 14.18.38 Object (file) detected C:\Zip\VIRUS\New\057A2FCF7C45C53BB36CC2DC8EED371E1CD70393.exe File: C:\Zip\VIRUS\New\057A2FCF7C45C53BB36CC2DC8EED371E1CD70393.exe Object name: not-a-virus:HEUR:AdWare.NSIS.Xpyn.heur
24.08.2017 14.18.38 Object (file) detected C:\Zip\VIRUS\New\05C04443C43C27F2728014817B1265594B79DBFF.EXE File: C:\Zip\VIRUS\New\05C04443C43C27F2728014817B1265594B79DBFF.EXE Object name: not-a-virus:HEUR:AdWare.MSIL.Imali.gen
24.08.2017 14.18.36 Object (file) detected C:\Zip\VIRUS\New\02F1421A0B7784A42BE5B42E3A527041D5E3344E.EXE File: C:\Zip\VIRUS\New\02F1421A0B7784A42BE5B42E3A527041D5E3344E.EXE Object name: not-a-virus:Downloader.Win32.DownloAdmin.bupz
24.08.2017 14.18.29 Object (file) detected C:\Zip\VIRUS\New\09C6B30B7FF918D54EE6DB72BF1BC41B5D6F1CA1.ZIP File: C:\Zip\VIRUS\New\09C6B30B7FF918D54EE6DB72BF1BC41B5D6F1CA1.ZIP Object name: Backdoor.Java.Adwind.cw
24.08.2017 14.18.29 Object (file) detected C:\Zip\VIRUS\New\09C6B30B7FF918D54EE6DB72BF1BC41B5D6F1CA1.ZIP//plugins/Server.class File: C:\Zip\VIRUS\New\09C6B30B7FF918D54EE6DB72BF1BC41B5D6F1CA1.ZIP//plugins/Server.class Object name: Backdoor.Java.Adwind.cw
24.08.2017 14.18.29 Object (file) detected C:\Zip\VIRUS\New\00DE86EF1C2638C5CDC696792C383702585842E3.EXE File: C:\Zip\VIRUS\New\00DE86EF1C2638C5CDC696792C383702585842E3.EXE Object name: not-a-virus:Downloader.Win32.Somato.r
24.08.2017 14.18.28 Selective Scan Task started Time: Today, 8/24/2017 2:18 PM
I need a script that finds its current filename in Report then rename the file according to the "OBJECT NAME:"
For example in the First line
24.08.2017 14.18.41 Object (file) detected C:\Zip\VIRUS\New\065AD63D6E4246EE8219831C55A7B4E6DCF23693.EXE File: C:\Zip\VIRUS\New\065AD63D6E4246EE8219831C55A7B4E6DCF23693.EXE Object name: not-a-virus:Downloader.Win32.Somato.r
FileName.Ext="065AD63D6E4246EE8219831C55A7B4E6DCF23693.EXE" ===> OBjectName="not-a-virus.Downloader.Win32.Somato.r + EXT"
Im absolute newbie in coding but can easily learn..
Offline
Hello,
Below is a script which will parse the report file and rename each matching file in ReNamer to its detected threat name.
Adjust the REPORT constant so it points to your report file. Also, you will most likely have many duplicated filenames and invalid characters in filenames. You can fix them using the standard renaming rules.
Now, learn...
const
REPORT = 'C:\Temp\Report.txt';
PATTERN = '\tFile:\s*(.+?)\tObject name:\s*([^\s]+)';
MATCH_FILE = 0;
MATCH_VIRUS = 1;
SUBCONTENT_DELIM = '//';
var
Initialized: Boolean;
Matches, ReportLines, ReportFiles, ReportViruses: TWideStringArray;
I, DelimPos: Integer;
begin
// Initialize
if not Initialized then
begin
Initialized := True;
// Read report file lines
ReportLines := FileReadTextLines(REPORT);
// Parse each line into Files and Viruses arrays
for I := 0 to Length(ReportLines) - 1 do
begin
Matches := SubMatchesRegEx(ReportLines[I], PATTERN, False);
if (Length(Matches) > MATCH_FILE) and (Length(Matches) > MATCH_VIRUS) then
begin
SetLength(ReportFiles, Length(ReportFiles) + 1);
SetLength(ReportViruses, Length(ReportViruses) + 1);
ReportFiles[Length(ReportFiles) - 1] := Matches[MATCH_FILE];
ReportViruses[Length(ReportViruses) - 1] := Matches[MATCH_VIRUS];
end;
end;
// Strip subcontent component from file paths
for I := 0 to Length(ReportFiles) - 1 do
begin
DelimPos := Pos(SUBCONTENT_DELIM, ReportFiles[I]);
if DelimPos > 0 then
ReportFiles[I] := Copy(ReportFiles[I], 1, DelimPos - 1);
end;
end;
// Find current file in the report and change its new name to a virus name
for I := 0 to Length(ReportFiles) - 1 do
begin
if WideSameFileName(FilePath, ReportFiles[I]) then
begin
FileName := ReportViruses[I] + WideExtractFileExt(FileName);
Break;
end;
end;
end.
For the reference: http://www.den4b.com/wiki/ReNamer:Pascal_Script
Offline
Thanks..
Added Destination Folder
const
DEST_FOLDER = 'Renamed\';
begin
FileName := DEST_FOLDER + ReportViruses[I] + WideExtractFileExt(FileName);
Break;
end;
added rule for Invalid Char
added Serialize Duplicate
Just want to ask, as per Karspersky Virus Naming Procedure.. Duplicate name but different variant must be by letters, sample:
vir.exe
vir (2).exe
vir (3).exe
....
....
vir (200).exe
vir (201).exe
to
vir.exe
vir.a.exe
vir.b.exe
....
....
vir.aa.exe
vir.ab.exe
Offline
Found the Solution for the Invalid Chars. and the Alphabathical Serialize for the Duplicate files
Offline
Duplicate name but different variant must be by letters
You might find useful a new option in the Serialize rule which allows you to select a different numbering system, including: Decimal digits (0..9), English letters (a..z), Roman numerals (I,II,III,IV,...), Simplified Chinese, Custom alphabetic and Custom numeric.
This option was added in ReNamer v6.7.0.2 Beta.
Added Destination Folder
You can also do that with a simple Insert rule, to keep things more transparent.
Offline
Pages: 1