gene heskett wrote: > On Monday, November 07, 2011 05:35:15 AM Peter Otten did opine: > >> gene heskett wrote: >> > Greetings experts: >> > >> > I just dl'd the duqu driver finder script from a link to NSS on /., >> > and fixed enough of the tabs in it to make it run error-free. At >> > least python isn't having a litter of cows over the indentation now. >> > >> > But it also runs instantly on linux. >> > >> > This line looks suspect to me: >> > rootdir = sys.argv[1] >> > >> > And I have a suspicion it is null on a linux box. >> > >> > How can I fix that best? >> >> Are you talking about this one? >> >> https://github.com/halsten/Duqu-detectors/blob/master/DuquDriverPatterns >> .py > > Yes. My save as renamed it, still has about 30k of tabs in it. But I > pulled it again, using the 'raw' link, saved it, no extra tabs. > > But it still doesn't work for linux. My python is 2.6.6
Maybe the browser messes up things. Try installing git and then make a clone: $ git clone git://github.com/halsten/Duqu-detectors >> With a current checkout I don't get any tab-related (nor other) errors, >> so I would prefer to run the script as-is. Also, the README clearly >> states that you have to invoke it with >> >> python DuquDriverPatterns.py ./directoryOfMalware >> >> and the line you are quoting then puts the value "./directoryOfMalware" >> into the rootdir variable. > > If only it would... Using this version, the failure is silent and > instant. The actual code which comprises only the last 30 lines of the script looks like it is written by a newbie. Try replacing the bare except: with something noisy along the lines of except Exception as e: print e continue > Besides, the malware could be anyplace on the system. But it needs to > skip /dev since it hangs on the midi tree, /mnt and /media because they > are not part of the running system even if disks are mounted there. I don't think the script is meant to find malware on a running system. Rather you would mount a suspicious harddisk and pass the mountpoint to the script. Of course I'm only guessing... >> or similar once you've installed the python-examples package. > > On PCLos it doesn't even exist in the repo's. Maybe it's in python's srpm, or in a python-dev.rpm or similar. If all else fails you can download the source distribution from python.org at http://www.python.org/download/releases/2.6.7/ -- http://mail.python.org/mailman/listinfo/python-list