def __init__(self, debug=False, config_path=None, vt_api_key=None, monitor_changes=1, monitor_usb=1): self.debug = debug # Initialize logger self.logger = AntiVirusLogger(__name__, debug=self.debug) if config_path: self._CONFIG_PATH = config_path else: self.logger.log("Configuration file not found", logtype="error") sys.exit(0) # Load Configuration self.config_dict = utils.json_to_dict(self._CONFIG_PATH) # Categorize OS self.os_name = utils.categorize_os() if self.os_name: # Load malicious-file log path self.changes_min_time = int( self.config_dict[self.os_name]["monitor"]["threshold_min"]) self.monitor_changes = int(monitor_changes) self.monitor_usb = int(monitor_usb) # Create a pool of process self.process_pool = [] # Initialize VirusTotal API key self.vt_api_key = vt_api_key
def __init__(self, debug=False, config_path=None): self.logger = AntiVirusLogger(__name__, debug=debug) if config_path: self._CONFIG_PATH = config_path else: self.logger.log("Configuration file not found", logtype="error") sys.exit(0) # Load Configuration self.config_dict = utils.json_to_dict(self._CONFIG_PATH) # Categorize OS self.os_name = utils.categorize_os() if self.os_name: # Load malicious-file log path self._MAL_FILE_PATH = self.config_dict[ self.os_name]["scanner"]["malicious_file_log_path"]
def __init__(self, debug=False, config_path=None, min_time=20, vt_api_key=None): self.debug = debug # Initialize logger self.logger = AntiVirusLogger(__name__, debug=self.debug) # Initialize time before (minutes) threshold self._THRESHOLD = int(min_time) * 60 # List of recently modified files self.modified_files = list() # Salt to encode file name and their time-stamp self._SALT = ":@/*&" # Time to sleep before next monitoring process self._SLEEP_TIME = 300 self.os_name = utils.categorize_os() if config_path and self.os_name: self._CONFIG_PATH = config_path self.config_data = utils.json_to_dict(self._CONFIG_PATH) try: self._PASSWORD_LOG = self.config_data[ self.os_name]["monitor"]["password_log_file"] except KeyError: self.logger.log("Could not load password log file", logtype="error") sys.exit(0) except Exception as e: self.logger.log("Error occurred: " + str(e), logtype="error") else: self.logger.log("Configuration file path not found.", logtype="error") sys.exit(0) # Create GatherFile object self.gather_file_obj = file_gather.GatherFile(path="/") # List of files recently modified and scanned self.done_scanning = [] # Virus Total API key self.vt_api_key = vt_api_key # UID list self.verified_uid_list = self.get_initial_uid()
def __init__(self, debug=False, config_path=None): # Initialize logger self.logger = AntiVirusLogger(__name__, debug=debug) if config_path is not None: self._CONFIG_PATH = config_path else: self.logger.log("Configuration file path not found.", logtype="error") sys.exit(0) # Yara Download URL self._YARA_DW_URL = "https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/" # Yara GitHub Repo URL to update list of rules self._YARA_NAMELIST_URL = "https://github.com/Yara-Rules/rules/tree/master/malware" # Match string to get names of rules self._YARA_MATCH = "/Yara-Rules/rules/blob/master/malware/" # Load Configuration self.config_dict = utils.json_to_dict(self._CONFIG_PATH) # Categorize OS self.os_name = utils.categorize_os() if self.os_name: try: # Load Yara storage path self._YARA_STORAGE = self.config_dict[ self.os_name]["update"]["yara"]["storage"] except KeyError: self.logger.log("Could not load configuration for: {}".format( self.os_name), logtype="error") sys.exit(0) else: self.logger.log("Could not determine the OS", logtype="error") sys.exit(0) # Check whether Yara rules storage directory exists, create one if not helper.check_dir(self._YARA_STORAGE) # List of Yara rules to download self.name_list = [] # List of already downloaded (updated) rules self.downloaded = self.current_status() # Set flag to no download required (default) self.flag = 0
def __init__(self, debug=False, config_path=None, file_list=None, vt_api_key=None): # Initialize logger self.logger = AntiVirusLogger(__name__, debug=debug) if config_path is not None: self._CONFIG_PATH = config_path else: self.logger.log("Configuration file path not found.", logtype="error") sys.exit(0) # Load Configuration self.config_dict = utils.json_to_dict(self._CONFIG_PATH) # Categorize OS self.os_name = utils.categorize_os() if self.os_name: # Load malicious-file log path self._MAL_FILE_PATH = self.config_dict[ self.os_name]["scanner"]["malicious_file_log_path"] if file_list is not None: self.file_list = file_list else: self.file_list = [] # List of malicious files detected try: self.malicious_file_list = [file_path.strip("\n") \ for file_path in utils.open_file(self._MAL_FILE_PATH)] except FileNotFoundError: # Initialize empty list self.malicious_file_list = list() self.vt_api_key = vt_api_key if self.vt_api_key and self.vt_api_key != "XXXX": # If VirusTotal API Key is provided & valid self.vt_obj = VirusTotal(debug=debug, api_key=self.vt_api_key)
def __init__(self, debug=False, config_path=None): # Initialize logger self.logger = AntiVirusLogger(__name__, debug=debug) if config_path is not None: self._CONFIG_PATH = config_path else: self.logger.log("Configuration file path not found.", logtype="error") sys.exit(0) # Load Configuration self.config_dict = utils.json_to_dict(self._CONFIG_PATH) # Categorize OS self.os_name = utils.categorize_os() if self.os_name: try: # Load hash storage path self._HASH_STORAGE = self.config_dict[ self.os_name]["update"]["hash"]["storage"] except KeyError: self.logger.log("Could not load configuration for: {}".format( self.os_name), logtype="error") sys.exit(0) # VirusShare Base URL Path self._HASH_URL = "https://www.virusshare.com/hashes/VirusShare_%05d.md5" # Max number of Hash files to download self._MAX = 366 # Create AntiVirus directory, create if not helper.check_dir(self._HASH_STORAGE) else: self.logger.log("Could not determine the OS", logtype="error") sys.exit(0)
def test_categorize_os(self, mock_system): """ Test categorize_os. """ mock_system.return_value = "debian" self.assertEqual(utils.categorize_os(), "debian")