¦Û°Ê§ó·s¯f¬r½X(symantec)
§@ªÌ:csc@ocean-pioneer.com
¤W¦¸§ó·s¤é´Á:2004/03/31
³Ì«á§ó·s¤é´Á:2004/09/1(Åܰʨâ¦æ)
°Ñ¦Òhttp://nau.sourceforge.net/
®Ú¾Ú¤W­zºô¯¸,¦]¬°Ä±±o¤Ó½ÆÂø¤F,¦]¦¹¥»¤H¦Û¤v¼g¤F¤@­Ó¤pµ{¦¡,¥i¥H¦blinux¤U¦Û°Ê¤ñ¹ï¯f¬r½X¦@¤U¸ü³Ì·s,Àˬdmd5¦pªG¦¨¥\¼g¤J¤À¨É¥Ø¿ý¤¤,¤Î clientºÝwindowsªºµ{¦¡symantec.zipÀ°§A¦Û°Ê§ó·s clientºÝªº¯f¬r½X
¥H¤U¬O¤@¨Çµ{¦¡ªº°ò¥»°ÝÃD
  1. ¯f¬r½Xªº¸ê°T¦b¨ºùØ:http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html
  2. §Aªº¯f¬r½Xªº¸ê°T¦b¨ºùØ,¥i¥H¥ý«e±N¨C¤@¦¸¤U¸ü«O¯d¨äÀɮתºª©¥»¸ê°T¦b¤U¨Ó¥Î¨Ó¤ñ¹ï
    20040310-005-i32.exe (20040310ªº§ó·sÀÉ)
    ¦~¤ë¤é-vvv-i32.exe (vvv¬°ª©¥»¥i¥H¦h­Ó,001,002....)
  3. ¤U¸üUS-N95.html
    ¨Ã´M§ä¤å¦ri32.exe ,§A±N·|±o¨ì­n¤U¸üªºÀɮתº¨º¤@¦C,«h¤º§t¦³¤@­Óhref="   ",³o¬O§Ú­Ì­n¤U¸üªº§ó·sµ{¦¡,¦Ü©ómd5ªº½X¦bºô­¶¤¤¥]§t¤F³\¦h­Ó,¦ý¬O²Ä¤@­Ó´N¬O§Ú­Ì­nªº
  4. ¨Ï¥Îpython»y¨¥¨Ó¼g
  5. ¨ä¥¦ªº³nÅé¤u¨ãlinux(wget,md5sum,grep),windows(autoit)
¹ê§@
  1. ¨Ï¥Îwget -O /tmp/US-N95.html http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html
  2. ¨Ï¥Îpython¼Ò²Õre
      s=open("/tmp/US-N95.html").read()
      re.search('[0-9]*-[0-9]*-i32.exe',s) -§ä20040315-005-i32.exe
      re.search('<a href="http://[a-z0-9/-]*">',s -§äÀɮתº¸ô®|<a href="http://././20040315-005-i32.exe">
      re.search('MD5[< ][/ :0-9A-Za-z>]*',s)        -§ä md5Àˬd½X
  3. ¤U¸ü¦^¨Óªº§ó·sµ{¦¡¨Ï¥Î©T©w¦WºÙnav_db.exe
  4. ¦øªA¾¹ºÝ:¤U¸ü¤Î§ó·s¯f¬r½X
    ¥i¥H¤U¸ü¤ñ¹ï¯f¬r½X,¨ÃÀˬdmd5¬O§_¥¿½T
    ±N¥»µ{¦¡©ñ¦bcron.daily,¨Ã¦Û¤v­×§ïwork_dir°Ñ ¼Æ,³o¬O§A©ñ¸m¯f¬r½X©Ò¦b
    «h¨C¤Ñ·|¥hsymantecªººô¯¸Àˬd¬O§_§ó·s¦pªG§ó·s«h¤U¸ü¨ìwork_dir¨Ã §ó§ïÀɦW¬°nav_db.exe
  5. ¦]À³§O¤H­n¨Demail ³qª¾,¨Ï¥ÎÃþ§Osmtplib
    server=smtplib.SMTP('localhsot')
    server.sendmail("±H¥óªÌ","¦¬¥óªÌ","¤º®e") -¦pªG»Ý­n¥D¦®½Ð¥[¦b¤º®e"Subject: ¤å¦r \n¨ä¥¦¤º®e"
    server.quit()
  6. ¨Ï¥Î¥~³¡¶l¥ó,¥[¤J¤U­±µ{¦¡½X:
    import smtplib
    email_notif=1
    email_msg="/homesamba/vol1/abc.eml"
    email_from="aa@xxx.com.tw"
    email_to="bb@xxx.com.tw"

    ¤U¸ü¦¨¥\³B
    if email_notify:
       msg=open(email_msg).read()
       server.smtplib.SMTP('localhost')
       server.sendmail(email_from.email_to,msg)
       server.quit()
symantec.py
#!/usr/bin/python
import re,string,commands,sys,string,os.path
import smtplib
from time import localtime,time,strftime

work_dir='/home/samba/vol1/update_v/symantec'
version_file='sym_version.log'

#symantec web site
symantec_url="http://securityresponse.symantec.com"

#virus code data
virus_data_url='/avcenter/download/pages/US-N95.html'



#Email notify when update
#Email_notify=1 enable email notify otherwise Email_notiyf=0 to turn it off
Email_notify=1
notify_from ="set you sender email address"
notify_email="your email address"
notify_time=strftime('%m-%d-%H:%M',localtime(time()))
notify_message="Symantec update virus at "+notify_time
notify_subject='Update Symantec notify'



print "Download virus data file....."
print symantec_url+virus_data_url
status_n,status_s=commands.getstatusoutput('wget --tries=3 --timeout=30 --wait=15 -O /tmp/US-N95.html '+symantec_url+virus_data_url)
if status_n:
    print "Download virus data url error!"
    sys.exit(1)
 
source_file=open("/tmp/US-N95.html").read()
#get last_file
last_file=re.search('[0-9]*-[0-9]*-i32.exe',source_file)
if last_file==None:
   print "Parse error ! Couldn't found last_file in US-N95.html"
   sys.exit(1)
last_file=last_file.group()
######################
#get last_file url
######################
#last_file_url=re.search('<a href="/[a-z0-9:/.-]*">',source_file)
last_file_url=re.search('<a href="http://[a-z0-9/.-]*i32.exe">',source_file)
if last_file_url==None:
   print "Parse error ! Couldn't found last_file_url in US-N95.html"
   sys.exit(1)

last_file_url=last_file_url.group()
last_file_url=string.split(last_file_url,'"')[1]

###################
#get last_file md5
###################
last_file_md5=re.search('MD5[< ][/ :0-9A-Za-z>]*',source_file)
if last_file_md5==None:
   print "Parse error ! Couldn't found last_file_md5 in US-N95.html"
   sys.exit(1)

last_file_md5=last_file_md5.group()
last_file_md5=string.strip(string.split(last_file_md5,':')[1])


need_update=0
#compare version file and last_file
if os.path.exists(work_dir+"/"+version_file):
   version_f=open(work_dir+"/"+version_file,"r+")
   t_line=version_f.readline()
   if last_file>t_line:
      need_update=1
      version_f.seek(0)
else:
   version_f=open(work_dir+"/"+version_file,"w")
   need_update=1
   

if need_update:
   print "Download update file!"
   #update_url=symantec_url+last_file_url
   update_url=last_file_url
   status_n,status_f=commands.getstatusoutput('wget -O /tmp/'+last_file+' '+update_url)
   if status_n:
      print "can't get last update file!"
      sys.exit()
     
   #check md5
   status_s=commands.getoutput('md5sum '+'/tmp/'+last_file)
   md5_string=string.split(status_s," ")[0]
   md5_string=string.upper(string.strip(md5_string))
   if md5_string==last_file_md5:
      print "The md5 checksum is match !"
   else:
      print "The md5 Checksum is dismatch!"
      print "Download file:"+md5_string
      print "Web site     :"+last_file_md5
      sys.exit(1)   
   print "Install the update file....."
   status_n,status_s=commands.getstatusoutput('mv -f /tmp/'+last_file+' '+work_dir+'/nav_db.exe')
   if status_n:
      print "update file fails!"
   else:
      status_s=commands.getoutput('rm -rf '+work_dir+"/*.txt")
      if email_notify :
         notify_message="Subject: "+notify_subject+"\n"+notify_message+"\n version="+last_file
         server=smtplib.SMTP('localhsot')
         server.sendmail(notify_from,notify_email,notify_message)
         server.quit()
      print "complete update file!"
else:
   print "virus_file is up to date!"
if need_update==1:  
   version_f.write(last_file)
   version_f.close()


serverºÝ¤U¸ü§ó·s³]©w
1.¨C¤Ñ¤@¦¸,±Nµ{¦¡ª½±µ½Æ»s¨ì/etc/cron.daily,§ïÅܬ°¥i¥H°õ¦æchmod +x symantec.py
2.ª`·Nsamba¤À¨ÉªºÅv­­,¦]¬°¨Ï¥Îsamba¨Ó¤À¨É,Åv­­¥²¶·¥i¥HŪ,¦Óclient ­n¼g¤J¹q¸£¦WºÙ.txt
¦]¦¹­n¥i¥H¼g¤J
3.¨C¤Ñ¤G¦¸0ÂI10¤À,6ÂI10¤À,¦b/etc/cron.d
  ¼g¤@­ÓÀÉ®×symantec
  10 0,6 * * *  root /root/symantec.py
  ·N¸q¦p¤U:
  ¤À ®É ¤é ¤ë ¶g  °õ¦æªÌªº¨­¥÷ °õ¦æªºµ{¦¡


client ºÝªº³B²z­ì«h
¦p¦ó±oª¾client¤w¸g§ó·s¤F,³Ì²³æªº¤èªk¦bserver¥Ø¿ý¤¤©ñ¸m¤@­ÓÀɮר̧Aªº¾÷¾¹©R¦W(¦p:server1.txt),·íseverºÝ§ó·s®É·| ±N¸ÓÃþ«¬ÀɮקR°£(*.txt),¤@¥¹§A°õ¦æ§ó·s«á, ¦bserver³£·|¦³¤@­Ó§AªºÀÉ®×,´N¥i¥H®Ú¾Ú³o­ÓÀɮרӨM©w¬O§_­n§ó·s

¼g¤@­Óautoitªºµ{¦¡¨Ó°õ¦æ³o­Ó°Ê§@
symantec.au3
if Not FileExists(@ScriptDir&"\"&@computername&".txt") Then
   run(@ScriptDir&"\nav_db.exe")
   winwait("SARC Intelligent Updater","",20)
   send("y")
   winwaitactive("SARC","½T©w")
   Send("{Enter}")
   FileOpen(@ScriptDir&"\"&@computername&".txt",2)
endif
exit 
±N³o­Óµ{¦¡½sĶ¦¨¬°exeÀÉ
©ñ¦b¯f¬r½X§ó·s¥Ø¿ý¤¤´N¥i¥H,¦]¬°§Ú¬O³]¦b/home/samba/vol1/update_v/symantec¦]¦¹´N¥i¥H©ñ¦b³oùØ,«h±N³o­Ó¥Ø¿ý¤À¨É ¥X¥h´N¥i¥H,¨Ï¥Îµn¤Jªº¤è¦¡©Î¬O±Æµ{¨Ó§ó·s§Aªº¯f¬r½X

µn¤J§å¦¸ÀÉ
¥[¤J¤W­z¥Ø¿ýªº¸ô®|,´N·|¦Û°Ê§ó·s¤F
¨Ò:
f:\update_v\symantec\symantec.exe

¨C¦¸µn¤J·|Àˬd¦b°õ¦æsymantec.exe¥Ø¿ý¤U¬O§_¦³§A¹q¸£¦WºÙ.txt,¦pªG¨S¦³°õ¦æ§ó·sªº°Ê§@¨Ã¦b¸Ó¥Ø©ñ¸m¹q¸£ªº¦WºÙ.txt,«h§_´Nª½±µÂ÷¶}

¦pªG¤£¬O¨Ï¥Îµn¤Jºô°ìªº¤è¦¡,¨Ï¥Î±Æµ{µ{¦¡,¿ï¾Ü"¦b¨Ï¥ÎªÌµn¤J°õ¦æ"


«á°O:
§Ú¸I¨ì´X­Ó°ÝÃD
  1. symantecºô¯¸¦n¹³¤£¬O«Üí©w,¥i³s½uªº®É¶¡¦n¹³¦³©T©wªº®É¶¡,¨ä¤¤¤U¤È12-5ÂI¥ª¥k¦n¹³¤£¬O«Ü®e©ö³s½u¦¨¥\,¦]¦¹«Øij¤@¤Ñ¦Ü¤ÖÀˬd §ó·s¨â¦¸
  2. §Ú¦bwinodws¼gpythonµ{¦¡,¦b²Ä¤@¦æ¥[¤J#!/usr/pythonµM«á¦blinux°õ¦æ¤W·|¦³°ÝÃD,:bad interpreter: No such file or directory,¤d´M¤£¨ì§Ú­nªºµª®×,¤@·Q·|¤£·|¬OÀɮ׮榡ªº°ÝÃD,¨Ï¥Îdos2unix -o ÀÉ®×,¦A°õ¦æchmod +x ÀÉ®×,³o­Ó¿ù»~°T®§´N¤£¨£¤F
  3. ¦bwindowsºÝ¦pªG¨Ï¥Îµn¤Jªº¤è¦¡¦bµn¤J§å¦¸ÀÉ,¤£­n¥[¤Jcd¬ÛÃö«ü¥O§_«hµn¤J·|hold¦bµn¤Jµøµ¡