def get_av_result(file_id):
#buscar si ya existe
mdc=MetaController()
analysis_result=mdc.search_av_analysis(file_id)
if analysis_result==None:
print("Buscando analysis de %s en VT" % file_id)
analysis_result=get_vt_av_result(file_id)
#guardar en la base de datos
if(analysis_result==None): return None
mdc.save_av_analysis(file_id,analysis_result)
scans=analysis_result.get("scans")
for s in scans:
av_name=s.get("name")
if(av_name=="ESET-NOD32" or av_name=="NOD32" or av_name=="NOD32v2"):
type=s.get("result")
positives=analysis_result.get("positives")
total=analysis_result.get("total")
return (type,positives,total)
return None
def get_av_result(file_id):
mdc = MetaController()
analysis_result = mdc.search_av_analysis(file_id)
#analysis_result = None #while we test VT function
if analysis_result == None:
print("Searching analysis of %s in VT" % file_id)
analysis_result = parse_vt_response(get_vt_av_result(file_id))
# Save in mongo
if (analysis_result == None):
return None
mdc.save_av_analysis(file_id, analysis_result)
scans = analysis_result.get("scans")
for s in scans:
av_name = s.get("name")
if (av_name == "ESET-NOD32" or av_name == "NOD32"
or av_name == "NOD32v2"):
type = s.get("result")
positives = analysis_result.get("positives")
total = analysis_result.get("total")
return (type, positives, total)
return None
def get_av_result(file_id,priority="low"):
if not valid_hash(file_id):
raise ValueError("Invalid hash")
mdc=MetaController()
analysis_result=mdc.search_av_analysis(file_id)
added=False
status = None
if analysis_result==None:
logging.info("Searching analysis of %s in VT" % file_id)
vt_av_result = get_vt_av_result(file_id,priority)
status = vt_av_result.get('status')
if vt_av_result.get('status') == "ok":
vt_av_result_response = vt_av_result.get('response')
analysis_result=parse_vt_response(vt_av_result_response)
# Save in mongo
if(analysis_result is not None):
logging.info( "saving vt av from "+str(file_id)+ " in mongo")
mdc.save_av_analysis(file_id,analysis_result)
status = "added"
elif vt_av_result.get('status') == "error":
return {"scans": None, "hash": file_id, "status": "error", "error_message": vt_av_result.get('error_message')}
else:
status = "already_had_it"
if analysis_result is not None:
scans=analysis_result.get("scans")
positives = analysis_result.get('positives')
total = analysis_result.get('total')
else:
positives = 0
total = 0
scans = None
response = {"scans": scans, "positives": positives,
"total": total, "hash": file_id, "status": status}
return response
def get_av_result(file_id, priority="low"):
if not valid_hash(file_id):
raise ValueError("Invalid hash")
mdc = MetaController()
analysis_result = mdc.search_av_analysis(file_id)
added = False
status = None
if analysis_result is None:
logging.info("Searching analysis of %s in VT" % file_id)
vt_av_result = get_vt_av_result(file_id, priority)
status = vt_av_result.get('status')
if vt_av_result.get('status') == "ok":
vt_av_result_response = vt_av_result.get('response')
analysis_result = parse_vt_response(vt_av_result_response)
# Save in mongo
if(analysis_result is not None):
logging.info("saving vt av from " + str(file_id) + " in mongo")
mdc.save_av_analysis(file_id, analysis_result)
status = "added"
elif vt_av_result.get('status') == "error":
return {"scans": None, "hash": file_id, "status": "error", "error_message": vt_av_result.get('error_message')}
else:
status = "already_had_it"
if analysis_result is not None:
scans = analysis_result.get("scans")
positives = analysis_result.get('positives')
total = analysis_result.get('total')
else:
positives = 0
total = 0
scans = None
response = {"scans": scans, "positives": positives,
"total": total, "hash": file_id, "status": status}
return response
