Python lesson please

gene heskett gheskett at wdtv.com
Mon Nov 7 11:30:16 EST 2011 

On Monday, November 07, 2011 10:38:32 AM Andreas Perstinger did opine:

> On 2011-11-07 12:22, gene heskett wrote:
> > On Monday, November 07, 2011 05:35:15 AM Peter Otten did opine:
> >>  Are you talking about this one?
> >>  
> >>  https://github.com/halsten/Duqu-detectors/blob/master/DuquDriverPatt
> >>  erns .py
> > 
> > Yes.  My save as renamed it, still has about 30k of tabs in it.  But I
> > pulled it again, using the 'raw' link, saved it, no extra tabs.
> > 
> > But it still doesn't work for linux.  My python is 2.6.6
> 
> Go to the directory where you've downloaded the file and type:
> 
> python DuquDriverPatterns.py .
> 
> What output do you get?

Well now, I'll be dipped.  It scanned that directory, took it perhaps 15 
minutes, without finding anything.  So I gave it two dots & its munching 
its way through the ../Mail/inbox now.  Why the hell can't it be given a 
valid absolute path without editing it directly into the rootdir = 
statement?

This may be a usable tool, but I think that before it was committed to a 
daily cron script, we would need some history as to where to look for such 
shenanigans as its certainly not fast enough to turn it loose to scan the 
whole system on a daily basis.  This on a quad core 2.1Ghz phenom, 4 gigs 
of dram.

And I just found one of its Achilles heels, it is now stuck on a pipe file 
at /home/gene/.kde4/share/apps/kaffeine/dvbpipe:
prw------- 1 gene gene      0 Sep 24 18:50 dvbpipe.m2t|

And using no cpu.

I was going to ctl+c it but this is where, after several such, that it took 
the machine down yesterday. But it appears as only one process to htop (I 
keep a copy of it running as root here) and that killed it clean, no crash.

So, it needs an exception (or likely several) of file types to stay away 
from, starting with pipes like the above.  But I am not the one to carve 
that code as I have NDI how to go about writing a check stanza for that 
condition in python.

Perhaps winderz does not have 'pipe' files so the authors never got caught 
out on this?  The only windows experience I have is the copy of xp that was 
on the lappy I bought back in 2005 or so to take with me when I am on the 
road (I am a broadcast engineer who gets sent here and there to "put out 
the fires" when the station is off the air.  Despite being retired for 9 
years now at 77 yo, my phone still rings occasionally)
I went straight from amigados-3.2 to redhat-5.0 in the late '90's, 
bypassing windows completely. I built the redhat machine from scratch.
The lappy's xp, used only for warranty testing, got overwritten by mandriva 
2008 when the warranty had expired.

You could call me anti-M$ I think.  :)

> Bye, Andreas

Thanks for listening, Andreas.

Now I wonder how to get a message back to the authors that its broken in at 
least two aspects...

Cheers, Gene
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
My web page: <http://coyoteden.dyndns-free.com:85/gene>

More information about the Python-list mailing list