def __init__(self,
debug=False,
config_path=None,
file_list=None,
vt_api_key=None):
"""
Initialize Scanner.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
file_list (list): List of files to scan
vt_api_key (str): Virus Total API Key
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=debug)
if config_path is not None:
self._CONFIG_PATH = config_path
else:
self.logger.log("Configuration file path not found.",
logtype="error")
sys.exit(0)
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
# Load malicious-file log path
self._MAL_FILE_PATH = self.config_dict[
self.os_name]["scanner"]["malicious_file_log_path"]
if file_list is not None:
self.file_list = file_list
else:
self.file_list = []
# List of malicious files detected
try:
self.malicious_file_list = [file_path.strip("\n") \
for file_path in utils.open_file(self._MAL_FILE_PATH)]
except FileNotFoundError:
# Initialize empty list
self.malicious_file_list = list()
self.vt_api_key = vt_api_key
if self.vt_api_key and self.vt_api_key != "XXXX":
# If VirusTotal API Key is provided & valid
self.vt_obj = VirusTotal(debug=debug, api_key=self.vt_api_key)
def __init__(self, debug=False, config_path=None):
"""
Initialize UpdateYara.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=debug)
if config_path is not None:
self._CONFIG_PATH = config_path
else:
self.logger.log("Configuration file path not found.",
logtype="error")
sys.exit(0)
# Yara Download URL
self._YARA_DW_URL = "https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/"
# Yara GitHub Repo URL to update list of rules
self._YARA_NAMELIST_URL = "https://github.com/Yara-Rules/rules/tree/master/malware"
# Match string to get names of rules
self._YARA_MATCH = "/Yara-Rules/rules/blob/master/malware/"
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
try:
# Load Yara storage path
self._YARA_STORAGE = self.config_dict[
self.os_name]["update"]["yara"]["storage"]
except KeyError:
self.logger.log("Could not load configuration for: {}".format(
self.os_name),
logtype="error")
sys.exit(0)
else:
self.logger.log("Could not determine the OS", logtype="error")
sys.exit(0)
# Check whether Yara rules storage directory exists, create one if not
helper.check_dir(self._YARA_STORAGE)
# List of Yara rules to download
self.name_list = []
# List of already downloaded (updated) rules
self.downloaded = self.current_status()
# Set flag to no download required (default)
self.flag = 0
def __init__(self,
debug=False,
config_path=None,
vt_api_key=None,
monitor_changes=1,
monitor_usb=1):
"""
Initialize MonitorEngine.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
vt_api_key (str): VirusTotal API Key
monitor_changes (int): Monitor changes (1) or not (0)
monitor_usb (int): Monitor USB (1) or not (0)
Raises:
None
Returns:
None
"""
self.debug = debug
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=self.debug)
if config_path:
self._CONFIG_PATH = config_path
else:
self.logger.log("Configuration file not found", logtype="error")
sys.exit(0)
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
# Load malicious-file log path
self.changes_min_time = int(
self.config_dict[self.os_name]["monitor"]["threshold_min"])
self.monitor_changes = int(monitor_changes)
self.monitor_usb = int(monitor_usb)
# Create a pool of process
self.process_pool = []
# Initialize VirusTotal API key
self.vt_api_key = vt_api_key
def __init__(self, debug=False, config_path=None):
"""
Initialize UpdateHash.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=debug)
if config_path is not None:
self._CONFIG_PATH = config_path
else:
self.logger.log("Configuration file path not found.",
logtype="error")
sys.exit(0)
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
try:
# Load hash storage path
self._HASH_STORAGE = self.config_dict[
self.os_name]["update"]["hash"]["storage"]
except KeyError:
self.logger.log("Could not load configuration for: {}".format(
self.os_name),
logtype="error")
sys.exit(0)
# VirusShare Base URL Path
self._HASH_URL = "https://www.virusshare.com/hashes/VirusShare_%05d.md5"
# Max number of Hash files to download
self._MAX = 366
# Create AntiVirus directory, create if not
helper.check_dir(self._HASH_STORAGE)
else:
self.logger.log("Could not determine the OS", logtype="error")
sys.exit(0)
def __init__(self, debug=False, config_path=None):
"""
Initialize Cleaner.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = AntiVirusLogger(
__name__,
debug=debug
)
if config_path:
self._CONFIG_PATH = config_path
else:
self.logger.log(
"Configuration file not found",
logtype="error"
)
sys.exit(0)
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
# Load malicious-file log path
self._MAL_FILE_PATH = self.config_dict[self.os_name]["scanner"]["malicious_file_log_path"]
def test_json_to_dict(mck_open):
"""
Test json_to_dict.
"""
utils.json_to_dict("random_path")
mck_open.assert_called_with('random_path', 'r')
def __init__(self,
debug=False,
config_path=None,
min_time=20,
vt_api_key=None,
use_clamav=False,
use_yara=False):
"""
Initialize MonitorChanges class.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
min_time (int): Minutes before to monitor
vt_api_key (str): Virus Total API Key
Raises:
None
Returns:
None
"""
self.debug = debug
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=self.debug)
# Initialize time before (minutes) threshold
self._THRESHOLD = int(min_time) * 60
# List of recently modified files
self.modified_files = list()
# Salt to encode file name and their time-stamp
self._SALT = ":@/*&"
# Time to sleep before next monitoring process
self._SLEEP_TIME = 300
self.os_name = utils.categorize_os()
if config_path and self.os_name:
self._CONFIG_PATH = config_path
self.config_data = utils.json_to_dict(self._CONFIG_PATH)
try:
self._PASSWORD_LOG = self.config_data[
self.os_name]["monitor"]["password_log_file"]
except KeyError:
self.logger.log("Could not load password log file",
logtype="error")
sys.exit(0)
except Exception as e:
self.logger.log("Error occurred: " + str(e), logtype="error")
else:
self.logger.log("Configuration file path not found.",
logtype="error")
sys.exit(0)
# Create GatherFile object
self.gather_file_obj = file_gather.GatherFile(path="/")
# List of files recently modified and scanned
self.done_scanning = []
# Virus Total API key
self.vt_api_key = vt_api_key
# UID list
self.verified_uid_list = self.get_initial_uid()
# Store whether to use clamav and yara
self.use_clamav = use_clamav
self.use_yara = use_yara