COMMAND LINE WARRIORS

Taking Control of your Own Technology

  • RSS-Button

Three Useful Python Bindings - ClamAV, Apt and Evolution

1 December 2007

Python is not just cool because it easy to code with, it also has loads of bindings to almost every major open source project, (as well as to some famous proprietary software that we don't care about here).

In this article, I will quickly look at three sets of bindings that you may not have noticed before. Hopefully, one of them may be useful in your own programs.

To join in, get the dependencies when I say and then paste the code samples into the Python interpreter line by line (type python at a command prompt to start the command prompt). Another way is to save the snippets to files and run them at the command line (e.g. python filename.py) but that is somewhat less fun.

1. Virus checking with ClamAV

ClamAV is the leading Open Source Virus Checker, it is often used in mail servers and firewalls and so on to check for viruses that might infect Windows PCs.

pyClamAV are Python bindings for ClamAV. Get it from the pyClamAV homepage, or from your friendly neighbourhood package manager, for example:

On Gentoo, you can go:

emerge pyclamav

On Ubuntu and Debian, you can just go:

apt-get install python-clamav

You may also want to get the test virus from Eicar

So now we can do:

::filename = 'eicar_com.zip'

import pyclamav if pyclamav.scanfile(testfilename)[0]:

System Message: ERROR/3 (<string>, line 39)

Unexpected indentation.
print "Rejecting File"

This is immediately useful. For example, say we have made a website form that allows the user to upload a file, we can pass this file to pyclamav.scanfile and then reject the file if it contains a virus.

2. Package Management in Ubuntu

In Gentoo, the whole packager manager (portage) is in Python, making it easy to get information from it (just type import portage and go from there).

A lesser known fact is that Ubuntu and Debian have a package called python- apt, which allows for similar capabilities. To get it, you need to:

apt-get install python-apt

Now lets have some fun:

::import apt

t = apt.cache.Cache()

# Lets see all the packages available: for i in t:

System Message: ERROR/3 (<string>, line 63)

Unexpected indentation.
print i.name

# Lets choose the package called 'pacman' and look at some information about it:

print t['pacman'].summary print t['pacman'].description print t['pacman'].packageSize print t['pacman'].section

# Lets see all the dependencies for pacman:

for i in t['pacman'].candidateDependencies:
print 'Depends:', i.or_dependencies[0].name, i.or_dependencies[0].version

3. Groupware in Evolution

Evolution is the default email client for GNOME. However, it is also a powerful workgroup tool, the bottom-left corner of Evolution shows the main features:

Evolution Screenshot

The Evolution Python bindings allow you to access your workgroup information from within Python. Lets go through these features, one at a time.

It is not in Gentoo at the moment so `go get it yourself`_, and then run the included script:

./autogen.sh

If you do not have the correct dependencies then it will pause and ask you to install them, then you can run it again to carry on.

On Ubuntu and Debian, you can use:

sudo apt-get install python-evolution

Evolution Contacts

Being able to access the user's address book could be a useful feature in many programs:

::# Access the address book

import evolution addresses = evolution.ebook.open_addressbook('default')

# Print out the names and email addresses for i in addresses.get_all_contacts():

System Message: ERROR/3 (<string>, line 118)

Unexpected indentation.
print i.get_name(), i.get_property('email-1')

# View all the properties that we have available: print addresses.get_all_contacts()[0].__doc__

# Handy search method r = addresses.search('Zeth') # Returns List of results l = [x.get_name() for x in r] # list of results u = r[0].get_name() # name of the first result print r[0].get_vcard_string() # vcard for first result

Evolution Calendar

Now lets look at events in the Evolution Calendar:

::# Access the Calendar events
import evolution events = evolution.ecal.open_calendar_source('default',

System Message: WARNING/2 (<string>, line 137)

Definition list ends without a blank line; unexpected unindent.

evolution.ecal.CAL_SOURCE_TYPE_EVENT)

# Print out all of the Events for i in events.get_all_objects():

System Message: ERROR/3 (<string>, line 141)

Unexpected indentation.
print i.get_summary()

Evolution Memos

A similar process for memos:

::# Access the memos
import evolution memos = evolution.ecal.open_calendar_source('default',

System Message: WARNING/2 (<string>, line 151)

Block quote ends without a blank line; unexpected unindent.
evolution.ecal.CAL_SOURCE_TYPE_JOU
RNAL)

# Print out memo summaries and descriptions for i in memos.get_all_objects():

System Message: ERROR/3 (<string>, line 156)

Unexpected indentation.
print i.get_summary(), i.get_description()

Evolution Tasks

And again, the same process for tasks - by now it is easy:

::# Access your tasks
import evolution tasks = evolution.ecal.open_calendar_source('default',

System Message: WARNING/2 (<string>, line 166)

Definition list ends without a blank line; unexpected unindent.

evolution.ecal.CAL_SOURCE_TYPE_TODO)

# Print out all tasks and their due dates for i in tasks.get_all_objects():

System Message: ERROR/3 (<string>, line 170)

Unexpected indentation.
print i.get_summary(), datetime.datetime.fromtimestamp(i.get_due()).ctime()

All of my examples have been reading data, but the python bindings for evolution allow your programs to create new contacts, events, tasks and memos.

Digg this

Discuss this post - Leave a comment

Docutils System Messages

System Message: ERROR/3 (<string>, line 95); backlink

Unknown target name: "go get it yourself".

1 Paul says...

I get:

"/usr/lib/python2.5/site-packages/apt/_init_.py:18: FutureWarning: apt API not stable yet

System Message: ERROR/3 (<string>, line 5)

Unexpected indentation.
warnings.warn("apt API not stable yet", FutureWarning)"

when importing apt. Is that supposed to happen?

Posted at 12:08 p.m. on December 2, 2007


2 Zeth says...

Hi Paul,

Thanks for visiting and getting your hands dirty! Yeah the future warning is there, the writer of the apt API is giving you a tip that he might change his mind, it is just warning not an error so you can carry on anyway. Many APIs authors just change them as needs arise, so this author is just being particularly polite.

Best Wishes, Zeth

Posted at 12:18 p.m. on December 2, 2007


3 Brock Noland says...

That ClamAV binding is awesome! Thanks!

Posted at 2:21 a.m. on February 26, 2008


What do you have to say?


About

Hello, my name is Zeth, I'll be your host here.

Command Line Warriors is about taking control of your own technology, it looks at our experiences of computing; especially using GNU/Linux, the Python programming language, the command-line and issues such as techno-ethics, best practices and whatever is cool now. If you take control of your technology then you are a Warrior too!

This site is your site too which means that you can contribute and get involved. You can leave comments using the facility provided. For me, the comments and discussions are by far the best part of the site. So please do have your say!

Latest Discussions

Zeth

May 16, 2008
To Anonymous, I tried your script with some old SSH keys and it did not manage to break into an apparently vulnerable system. 1. The script requires a known username. My system did not allow root logins. 2. After failed three logins, the script's IP address got added to deny hosts.
Swap out your ssh keys

Zeth

May 16, 2008
To Anonymous, I said to do three things: 1. Accept the update. 2. Replace your keys. 3. Don't *have a panic attack about it.* And I still stand by that. Most non-technical users won't even be using openssh-server. While the update, blacklists and instructions on how to regenerate comes down automatically for those that do. Indeed, I think this episode shows how fast the free/open source community can move. Everytime the open source software has a panic attack over an in-theory, technically possible, but not actually being used, 'exploit', then proprietary software people say "Look their software is no better, it is just as insecure as ours". However, that is not true. There is a range of exploits, from theoretically possible with some serious preparation and knowledge about the target system, through to automated attacks that will work against any machine without the need for knowledge about it.
Swap out your ssh keys

Anonymous

May 15, 2008
Like stefano says, you are being VERY irresponsible by downplaying this as only "theoretically possible with a supercomputer". Linked on the page stefano mentioned is this: http://milw0rm.com/exploits/5622 That will break into your computer in a couple hours is you're using public-key logins, which are considered the safest kind, and are used on many, many machines that are supposed to be extra secure. This is a horrible, horrible problem, and dismissing it does nobody any favours. I'd really suggest you re-write this article to accurately portray how serious the problem is.
Swap out your ssh keys

Ryan

May 15, 2008
Yeah, good layout too. Very clear. :) Better than the last, in fact! I'm another python/django nerd, so I'll be listening even more now. I guess one of the things that's inspiring about Django is they're concerned pretty hardcore with security fixes. Just this week, an email came out and they released new sub-versions for each major Django release to include the fix. Very awesome. For your blog post model, what did you do for entering posts? Do you still use the default admin interface, or did you make your own views for posting and whatnot? I haven't looked into it much, but does django automatically include much in the way of wysiwyg text editors for text fields?
How not to program WSGI

stefano

May 15, 2008
Apparently the bug makes a brute-force attack much easier than "theoretically possible with a supercomputer". http://metasploit.com/users/hdm/tools/debian-openssl/ It looks that the buggy code used the process ID as seed for generating the key, and there might only be 32,768 process IDs. Furthermore not all process ID are equally possible and one could use a range of 1000-3000 seeds and having a very high chance of producing a valid key.
Swap out your ssh keys

Bug

May 15, 2008
@txwikinger: Thing is, I don't use Ubuntu and I can't remember where did I generate my key [I'm using Archlinux]. @Zeth: You should add the number of comments to the front page.
Swap out your ssh keys

Kennon

May 15, 2008
The openssh-blacklist debian package (now available, and required for the latest version of openssh-client and openssh-server) is now available. You should: apt-get update apt-get install openssh-blacklist apt-get upgrade After that you'll have the ssh-vulnkey utility and can check.
Swap out your ssh keys

Krispy

May 15, 2008
mkc: debian only provided blacklists for 2048 bit RSA keys and 1024 bit DSA keys. If your key isn't one of those two types, then the blacklist isn't provided in the package. You can download one here: http://metasploit.com/users/hdm/tools/debian-openssl/ but it is nearly 100MB
Swap out your ssh keys

Ed

May 15, 2008
@Cristian: it applies to keys. If you generated a key on Ubuntu and then put it in authorized_keys on Fedora, it's possible that someone could brute force their way in to the Fedora server.
Swap out your ssh keys

Cristian

May 14, 2008
This vulnerability only applies to ssh servers, right? Aren't they the ones that generate the keys? So if my client is Ubuntu and the server is Fedora everything's okay?
Swap out your ssh keys

Made with Django. Creative Commons License Valid XHTML 1.0 Strict