Python 3.3
#Basic Trend Micro SQL pull
def virusreport(path):
import sqlite3, datetime
try:
results = []
#make a sqlite connection
conn = sqlite3.connect(path)
c = conn.cursor()
#pass query to list 'query'
c.execute("Select * FROM LOG_WOFIE_WTP_MAIN")
query = c.fetchall()
#return results of query with formatting
for i in query:
results = str(i).split(',')
if datetime.datetime.fromtimestamp(int(results[4])).strftime('%y-%m-%d') >= datetime.date.today().strftime('%y-%m-%d'):
if int(results[9]) == 1:
action = "Virus Cleaned"
elif int(results[10]) == 2:
action = "Virus Deleted"
elif int(results[9]) == 3:
action = "Virus Quarantined"
elif int(resluts[9]) == 4:
action = "Virus Access Denied, Couldn't Clean the Virus"
elif int(results[9]) == 5:
action = "Virus Passed"
elif int(results[9]) == 6:
action = "Action Required, Virus Left Uncleaned"
logpas= 'Virus =' + results[2],'Action Taken=' + action,'Location=' + results[3],'Time=' + datetime.datetime.fromtimestamp(int(results[4])).strftime('%y-%m-%d %H:%M:%S')
try:
evntcreate(str(logpas),int(results[9]))
except:
raise
finally:
print(str(logpas))
c.close #obvious
except: #What happens on Error
print("oops, something is wrong!")
raise
##End virusreport():
def evntcreate(x,y):
import win32evtlogutil, win32evtlog
win32evtlogutil.ReportEvent("TrendMicro",y,0,win32evtlog.EVENTLOG_INFORMATION_TYPE,[x])
##End evntcreate(x,y):
def main(path):
import sqlite3
try:
#make a sqlite connection
conn = sqlite3.connect(path)
c = conn.cursor()
#pass query to list 'yat'
yat = c.execute("Select * FROM CFG_WOFIE_THREAT_COUNTER")
f = open(r'c:\temp\trendlog.txt', 'a')
for i in yat: #writing results to file
f.write(str(i) + '\n')
f.close()
except: #default if something goes wrong
print("oops, something is wrong!")
print("oops, something is wrong!")
raise
finally:
virusreport(path)
##End Main(path):
def file_len(fname):
try:
with open(fname) as f:
for i , l in enumerate(f):
pass
return i + 1
except:
return 0
##End file_len(fname):
def logparse(fpath):
try:
pccnt35 = file_len(fpath + "\\pccnt35.log")
spyware = file_len(fpath + "\\spyware.log")
ofcUrlCat = file_len(fpath + "\\OfcUrlCategory.log")
ofcUrlMal = file_len(fpath + "\\OfcUrlf.log")
f = open(r'c:\temp\trendlog.txt', 'a')
f.write("('VIRUS_MALWARE', " + str(pccnt35) + ")" + '\n')
f.write(r"('SPYWARE_GRAYWARE', " + str(spyware) + ")" + '\n')
f.write(r"('MALICIOUS_URL', " + str(ofcUrlMal) + ")" + '\n')
f.write(r"('INAPPROPRIATE_URL', " + str(ofcUrlMal) + ")" + '\n')
f.close()
except:
f = open(r'c:\temp\trendlog.txt', 'a')
f.write("missing trend log file")
f.close()
##End logparse(fpath):
if __name__=="__main__":
import os
x86 = r"c:\Program Files\Trend Micro\UniClient\plugins\EventLog.db"
x64 = r"c:\Program Files (x86)\Trend Micro\UniClient\Plugins\EventLog.db"
log32 = r"c:\Program files\Trend Micro\Client Server Security Agent\Misc"
log64 = r"c:\Program files (x86)\Trend Micro\Client Server Security Agent\Misc"
#clear out old log file if it's there
if os.path.isfile(r'c:\temp\trendlog.txt'):
os.remove(r'c:\temp\trendlog.txt')
elif os.path.exists('c:\\temp')== False:
os.mkdir('c:\\temp')
#check for 64 or 32 bit program folder
if os.path.exists(x86):
main(x86)
elif os.path.exists(x64):
main(x64)
elif os.path.exists(log32):
logparse(log32)
elif os.path.exists(log64):
logparse(log64)
else:
f = open("c:\\temp\\trendlog.txt", 'w')
f.write('Trend db not found on c:\\')
f.close()