def __init__(self): super(Tracker_Yara, self).__init__() self.pending_seconds = 5 self.full_item_url = self.process.config.get( "Notifications", "ail_domain") + "/object/item?id=" # Load Yara rules self.rules = Tracker.reload_yara_rules() self.last_refresh = time.time() self.item = None self.redis_logger.info(f"Module: {self.module_name} Launched")
def compute(self, item_id): # refresh YARA list if self.last_refresh < Tracker.get_tracker_last_updated_by_type( 'yara'): self.rules = Tracker.reload_yara_rules() self.last_refresh = time.time() self.redis_logger.debug('Tracked set refreshed') print('Tracked set refreshed') self.item = Item(item_id) item_content = self.item.get_content() try: yara_match = self.rules.match( data=item_content, callback=self.yara_rules_match, which_callbacks=yara.CALLBACK_MATCHES, timeout=60) if yara_match: self.redis_logger.info(f'{self.item.get_id()}: {yara_match}') print(f'{self.item.get_id()}: {yara_match}') except yara.TimeoutError as e: print(f'{self.item.get_id()}: yara scanning timed out') self.redis_logger.info( f'{self.item.get_id()}: yara scanning timed out')