class Worker(skeletonWorker): def _preRun(self): self.vt = VirusTotalLib(self.module_config['apikey'], self.module_config['request_rate']) EnableProxy() def _do_work(self, submission): #Do the actual work report = self.vt.get(submission.file.sha256) s = Session() r = Report( module=self.__ModuleName__, short="Short desc...", full="", submission=submission ) s.add(r) new_vt_submission = False if report is None: # Unknown in VT r.short = "Unknown on VT" if self.module_config['submit_unknown']: report = self.vt.scan(submission.file.path, reanalyze=True) report.join() new_vt_submission = True try: assert report.done is True # Known in VT r.short = "Detection rate : %s/%s - %s" % (report.positives, report.total, report.verbose_msg) if new_vt_submission: r.short += " (First submission in VT)" if report.positives == 0: r.threat_level = 0 elif report.positives > 5: r.threat_level = 100 report_details = report._report json = JSONEncoder().encode(report_details) section = ReportSection( type='json', value=json, report=r ) s.add(section) except Exception as e: logging.error("Could not get report from vt : %s"%e) s.commit() #r._sa_instance_state.session.expunge(r) return r
def _preRun(self): self.vt = VirusTotalLib(self.module_config['apikey'], self.module_config['request_rate']) EnableProxy()