The song is only for motivation, but the interesting coincidence was that I was listening to it on the radio when a client asked for a way to delete whole archives with infected objects inside and well so the title was naturally born "Let me see you script".
I wrote another perl script to solve this challenge. It takes the report file of the antivirus which looks like this.
REPORT.TXT:
Command line: *************
Workstation name: test
Scanning options: ***********
Scanning Engines:
Cannot open a file in archive C:\test3\test.CAB
C:\test\test.zip\test.exe Infection: Trojan.Generic.3290465
File C:\test2\test2.zip\RUSSE/goldpriemopred.doc is encrypted
Cannot open a file in archive C:\test\test.DBX
Scanned
Files: *
Result
Viruses: *
Spyware: 0
Suspected: 0
Riskware: 0
Actions
Disinfected: 0
Deleted: 0
Renamed: 0
Quarantined: *
Boot Sectors
Scanned: *
Infected: 0
Suspected: 0
Disinfected: 0
And gives this output:
del /p C:\test\test.zip
You can basicly do report_parse.exe > del.bat and then execute it to do the deleting. Here is the script itself:
#!/usr/bin/perl # open(OUTF,"REPORT.TXT") or dienice("Can't open survey.out: $!"); @ary = <OUTF>; @files = (); $command = "del /p "; close(OUTF); foreach $line (@ary) { if (index($line, '.zip') != -1) { #print $line; #($encrypted) = $line =~ /File (.*).zip/; #print $encrypted .".zip" ."\n"; if ($line =~ m/Infection/){ my @infected = split('.zip',$line); print $command; print "@infected[0].zip\n"; #print $line ."\n"; } } if (index($line, '.ZIP') != -1) { if ($line =~ m/Infection/){ my @infectedd = split('.zip',$line); print $command; print "@infectedd[0].ZIP\n"; } } if (index($line, '.7Z') != -1) { # print $line; } if (index($line, '.7z') != -1) { # print $line; } if (index($line, '.rar') != -1) { if ($line =~ m/Infection/){ my @infecteddd = split('.zip',$line); print $command; print "@infecteddd[0].rar\n"; } } if (index($line, '.RAR') != -1) { if ($line =~ m/Infection/){ my @infectedddd = split('.zip',$line); print $command; print "@infectedddd[0].RAR\n"; } } }
To convert the perl to an exe file you can use tinyperl