Python lesson please
Peter Otten
__peter__ at web.de
Mon Nov 7 09:15:53 EST 2011
gene heskett wrote:
> On Monday, November 07, 2011 05:35:15 AM Peter Otten did opine:
>
>> gene heskett wrote:
>> > Greetings experts:
>> >
>> > I just dl'd the duqu driver finder script from a link to NSS on /.,
>> > and fixed enough of the tabs in it to make it run error-free. At
>> > least python isn't having a litter of cows over the indentation now.
>> >
>> > But it also runs instantly on linux.
>> >
>> > This line looks suspect to me:
>> > rootdir = sys.argv[1]
>> >
>> > And I have a suspicion it is null on a linux box.
>> >
>> > How can I fix that best?
>>
>> Are you talking about this one?
>>
>> https://github.com/halsten/Duqu-detectors/blob/master/DuquDriverPatterns
>> .py
>
> Yes. My save as renamed it, still has about 30k of tabs in it. But I
> pulled it again, using the 'raw' link, saved it, no extra tabs.
>
> But it still doesn't work for linux. My python is 2.6.6
Maybe the browser messes up things. Try installing git and then make a
clone:
$ git clone git://github.com/halsten/Duqu-detectors
>> With a current checkout I don't get any tab-related (nor other) errors,
>> so I would prefer to run the script as-is. Also, the README clearly
>> states that you have to invoke it with
>>
>> python DuquDriverPatterns.py ./directoryOfMalware
>>
>> and the line you are quoting then puts the value "./directoryOfMalware"
>> into the rootdir variable.
>
> If only it would... Using this version, the failure is silent and
> instant.
The actual code which comprises only the last 30 lines of the script looks
like it is written by a newbie. Try replacing the bare except: with
something noisy along the lines of
except Exception as e:
print e
continue
> Besides, the malware could be anyplace on the system. But it needs to
> skip /dev since it hangs on the midi tree, /mnt and /media because they
> are not part of the running system even if disks are mounted there.
I don't think the script is meant to find malware on a running system.
Rather you would mount a suspicious harddisk and pass the mountpoint to the
script. Of course I'm only guessing...
>> or similar once you've installed the python-examples package.
>
> On PCLos it doesn't even exist in the repo's.
Maybe it's in python's srpm, or in a python-dev.rpm or similar.
If all else fails you can download the source distribution from python.org
at
http://www.python.org/download/releases/2.6.7/
More information about the Python-list
mailing list