Path: csiph.com!usenet.pasdenom.info!news.redatomik.org!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <davea@davea.name>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.010
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'python.': 0.02; 'patterns': 0.04; 'root': 0.05; 'string.': 0.05; 'subject:Python': 0.06; 'subject:module': 0.09; 'subject:using': 0.09; 'python': 0.11; '"."': 0.16; 'files:': 0.16; 'slave': 0.16; 'thread?': 0.16; 'files.': 0.16; 'wrote:': 0.18; 'trying': 0.19; 'import': 0.22; 'print': 0.22; 'header:User-Agent:1': 0.23; 'string,': 0.24; 'script': 0.25; 'header:In-Reply-To:1': 0.27; 'skip:p 30': 0.29; 'quickly': 0.29; "i'm": 0.30; 'fast.': 0.31; 'file': 0.32; 'could': 0.34; 'basic': 0.35; 'thanks': 0.36; 'improving': 0.38; 'to:addr:python-list': 0.38; 'files': 0.38; 'pm,': 0.38; 'explain': 0.39; '(from': 0.39; 'to:addr:python.org': 0.39; 'how': 0.40; 'easy': 0.60; 'subject:  ': 0.61; 'new': 0.61; "you're": 0.61; 'name': 0.63; 'more': 0.64; 'charset:windows-1252': 0.65; 'received:74.208': 0.68; 'containing': 0.69; 'drive.': 0.84; 'gregg': 0.84; 'subject:Search': 0.84; 'assessing': 0.91
Date: Wed, 25 Mar 2015 21:20:35 -0400
From: Dave Angel <davea@davea.name>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: python-list@python.org
Subject: Re: Basic Python V3  Search Tool using RE module
References: <b8b86122-0653-42eb-b9d9-2ba0f45f30f9@googlegroups.com>
In-Reply-To: <b8b86122-0653-42eb-b9d9-2ba0f45f30f9@googlegroups.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:rMzr2IFSUJneAhMnijOCfzrBbndGULzhom6i8oGJel4nlxSjlsx Llj/fhFqKWQuJy9nGjazEvARaFAVltGJYxZFotuAAS++jMaRhsiuPI7Y2cbuVNEB/XehIid +9rV2bobMN9pf9iNxzHWs7WfR6S6D4Sq0q0Z5BvehdPZ/GGbe5hGnwqEA3gRxwr/P958nVM Vb6ta7Kpu3N0RmWBVriiA==
X-UI-Out-Filterresults: notjunk:1;
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.19
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.174.1427332859.10327.python-list@python.org>
Lines: 37
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1427332859 news.xs4all.nl 2832 [2001:888:2000:d::a6]:58753
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:88010

On 03/25/2015 03:43 PM, Gregg Dotoli wrote:
>
> This basic script will help to find
> evidence of CryptoWall on a slave drive. Although it is
> just a string, more complex regex patterns can be
> replaced with the string. It is incredible how fast Python is and
> how easy it has helped in quickly assessing a pool of slave drives.
> I'm improving it as we speak.
>
>
> Thanks for your help and patience. I'm new with Python.
>
>
> import os
> import re
> # From the Root
> topdir = "."
>
> # Regex Pattern
> pattern="DECRYPT_I"
> regexp=re.compile(pattern)
> for dirpath,dirnames, files in os.walk(topdir):
>      for name in files:
>              result=regexp.search(name)
>              print(os.path.join(dirpath,name))
>              print (result)

Any reason you started a new thread?

And I thought (from the other thread) that you were trying to search the 
contents of the files.  Right now you're just looking for a file name 
containing the pattern.

That could explain why it's so fast.

-- 
DaveA