def is_my_filetype(self, id_dict, file_name):
"""Determine if the magic string is appropriate for this category"""
# check magic string first
try:
if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]:
return self.cat_name
except:
return None
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
# check TrID output, if available
# this can likely be removed
for (percent, desc) in id_dict['trid']:
for type_ in self.my_types:
# make sure percent is high enough and trid string matches
if type_ in desc and percent > 50:
return self.cat_name
# add your own code on additional file type determination here
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if magic string is appropriate for this category."""
if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]:
return self.cat_name
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if magic string is appropriate for this category."""
try:
if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]:
return self.cat_name
except:
return None
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if magic string is appropriate for this category."""
# check magic string first
try:
if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]:
return self.cat_name
except:
return None
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
# perform a manual check
if self.is_exe(file_name):
return self.cat_name
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if magic string is appropriate for this category."""
# check the magic string for our file type
if [ type_ for type_ in self.my_types if type_ in id_dict['magic'] ]:
return self.cat_name
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
# the PDF header may be in the first 1024 bytes of the file
# libmagic and TrID may not pick this up
with open(file_name, 'r') as pdf_file:
data = pdf_file.read(1024)
if '%PDF-' in data:
return self.cat_name
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if magic string is appropriate for this category."""
# check the magic string for our file type
try:
if [ type_ for type_ in self.my_types if type_ in id_dict['magic'] ]:
return self.cat_name
except:
return None
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
# the PDF header may be in the first 1024 bytes of the file
# libmagic and TrID may not pick this up
with open(file_name, 'r') as pdf_file:
data = pdf_file.read(1024)
if '%PDF-' in data:
return self.cat_name
return None
def is_my_filetype(self, id_dict, file_name):
"""Determine if the magic string is appropriate for this category"""
# Use the python library first
try:
# there are times where is_zipfile returns true for non-zipfiles
# so we have to try and open it as well
if zipfile.is_zipfile(file_name) is True:
return self.cat_name
except:
return None
# check magic string next
try:
if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]:
return self.cat_name
except TypeError:
return None
# run Yara type check
if FileType.yara_typecheck(file_name, self.yara_filetype) is True:
return self.cat_name
return None
