python自動化運維之python2.6升級2.7和集中病毒掃描

1.因爲我linux的python是2.6.6，所以因爲有些模塊是2.7的，先進行升級。

   步驟地址：http://www.linuxidc.com/Linux/2014-07/104555.htm

2.安裝pyclamd

    yum install -y clamav clamd clamav-update 安裝clamavp的相關程序包

    chkconfig --level 235 clamd on

    /usr/bin/freshclam

    pyClamd-0.3.15.tar.gz安裝包安裝

3.vim /etc/clamd.conf

   把本機的127.0.0.1，修改成0.0.0.0 監控所有IP

   /etc/init.d/clamd restart

4.掃描腳本 scan_file.py

  

# -*- coding: utf-8 -*-

import time

import pyclamd

from threading import Thread

class Scan(Thread):

    def __init__ (self,IP,scan_type,file):

        """構造方法，參數初始化"""

        Thread.__init__(self)

        self.IP = IP

        self.scan_type = scan_type

        self.file = file

        self.connstr = ""

        self.scanresult = ""

    def run(self):

        """多進程run方法"""

        try:

            cd = pyclamd.ClamdNetworkSocket(self.IP,3310)

            if cd.ping():

                self.connstr=self.IP+"connection  [OK]"

                cd.reload()

                if self.scan_type == "contscan_file":

                    self.scanresult="{0}\n".format(cd.contscan_file(self.file))

                elif self.scan_type=="multiscan_file":

                    self.scanresult="{0}\n".format(cd.multiscan_file(self.file))

                elif self.scan_type=="scan_file":

                        self.scanresult="{0}\n".format(cd.scan_file(self.file))

                time.sleep(2)

            else:

                    self.connstr=self.IP+"ping error,exit"

                    return

        except Exception,e:

                    self.connstr=self.IP+" "+str(e)

                    

IPs=['192.168.20.28','192.168.20.140']

scantype="multiscan_file"

scanfile="/home/python"

i=1

threadnum=2

scanlist = []

for ip in IPs:

    

    currp = Scan(ip,scantype,scanfile)

    scanlist.append(currp)

    if i%threadnum==0 or i==len(IPs):

        for task in scanlist:

            task.start()

        for task in scanlist:

            task.join()

            print task.connstr

            print task.scanresult

        scanlist = []

    i+=1

運行腳本會出現

192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)

192.168.20.140 Could not reach clamd using network (192.168.20.140, 3310)

說明腳本可以正常運行了。

3.通過EICAR()方法生成帶有病毒特徵文件    

    python自動化運維是直接給我們一段

    void = open('/tmp/EICAR','w').write(cd.EICAR())

    會直接提示 cd是沒有定義的，

    所以我們要給cd定義下，

    cd = pyclamd.ClamdAgnostic()

    然後在void = open('/tmp/EICAR','w').write(cd.EICAR())

    這樣就會在/tmp下生成EICAR的文件，然後在把這文件複製到你要掃描的目錄就可以進行檢測了。

[root@localhost python]# python scan_file.py  

192.168.20.28 Could not reach clamd using network (192.168.20.28, 3310)

192.168.20.140connection  [OK]

{u'/home/python/EICAR': ('FOUND', 'Eicar-Test-Signature')}

就會看到提示140下有個病毒測試文件EICAR。