def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=self.module.version) try: # add database metadata results.database = None if self.module.database: results.database = dict() for filename in self.module.database: results.database[filename] = self.file_metadata(filename) # launch an antivirus scan, automatically append scan results started = timestamp(datetime.utcnow()) results.status = self.module.scan(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # as only one result is expected, we simply remove the filename # and we return the result got return_results = list(self.module.scan_results.values())[0] # add scan results or append error if results.status < 0: results.error = return_results else: results.results = return_results # Add virus_database_version metadata results.virus_database_version = self.module.virus_database_version except Exception as e: results.status = -1 results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self)._plugin_display_name_, type=type(self)._plugin_category_, version=None) try: # lookup the specified sha1 started = timestamp(datetime.utcnow()) with open(paths,"r") as fileobj: response = self.module.lookup_by_sha1(sha1sum(fileobj)) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check for errors if isinstance(response, dict) and \ (not response.get('MfgCode', None) or not response.get('OpSystemCode', None) or not response.get('ProductCode', None) or not response.get('SHA-1', None)): results.status = self.NSRLPluginResult.NOT_FOUND response = None else: results.status = self.NSRLPluginResult.FOUND results.results = response except Exception as e: results.status = self.NSRLPluginResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name="National Software Reference Library", type=type(self).plugin_category, version=None) try: # lookup the specified sha1 started = timestamp(datetime.utcnow()) response = self.module.lookup_by_sha1(sha1sum(paths).upper()) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check for errors if isinstance(response, dict) and \ (not response.get('MfgCode', None) or not response.get('OpSystemCode', None) or not response.get('ProductCode', None) or not response.get('SHA-1', None)): results.status = self.NSRLPluginResult.NOT_FOUND response = None else: results.status = self.NSRLPluginResult.FOUND results.results = response except Exception as e: results.status = self.NSRLPluginResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) try: # get the report, automatically append results started = timestamp(datetime.utcnow()) (error_raised, response) = self.get_file_report(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check eventually for errors if error_raised: results.status = self.YaraResult.ERROR results.error = response elif response.__len__() == 0: results.status = self.YaraResult.NOT_FOUND else: results.status = self.YaraResult.FOUND match_string = "" matches = [] if results.status is self.YaraResult.FOUND: for match in response: match_string = "{0}, {1}".format(match_string, match) matches.append("{0!s}".format(match)) results.results = None if not error_raised: # results.results = {'Matches': "{0}".format(match_string)} results.results = {'Matches': matches} except Exception as e: results.status = self.YaraResult.ERROR results.results = str(e) return results
def run(self, paths): results = PluginResult(name=self.module.name, type=type(self).plugin_category, version=self.module.version) try: # add database metadata results.database = None if self.module.database: results.database = dict() for filename in self.module.database: results.database[filename] = self.file_metadata(filename) # launch an antivirus scan, automatically append scan results started = timestamp(datetime.utcnow()) results.status = self.module.scan(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # add scan results or append error if results.status < 0: results.error = self.module.scan_results else: # as only one result is expected, we simply remove the filename # and we return the result got results.results = self.module.scan_results.values()[0] except Exception as e: results.status = -1 results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) try: # get the report, automatically append results started = timestamp(datetime.utcnow()) (error_raised, response) = self.get_file_report(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check eventually for errors if error_raised: results.status = self.YaraResult.ERROR results.error = response elif response.__len__() == 0: results.status = self.YaraResult.NOT_FOUND else: results.status = self.YaraResult.FOUND match_string = "" matches = [] if results.status is self.YaraResult.FOUND: for match in response: match_string = "{0}, {1}".format(match_string, match) matches.append("{0!s}".format(match)) results.results = None if not error_raised: # results.results = {'Matches': "{0}".format(match_string)} results.results = {'Matches': matches} except Exception as e: results.status = self.YaraResult.ERROR results.results = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) # launch file analysis try: started = timestamp(datetime.utcnow()) results.status, results.results = self.module.analyze(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started except Exception as e: results.status = self.TrIDResults.ERROR results.error = str(e) return results
def run(self, paths): response = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) try: started = timestamp(datetime.utcnow()) response.results = "Main analysis call here" stopped = timestamp(datetime.utcnow()) response.duration = stopped - started response.status = self.SkeletonResult.SUCCESS except Exception as e: response.status = self.SkeletonResult.ERROR response.results = str(e) return response
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) # launch file analysis try: started = timestamp(datetime.utcnow()) results.status, results.results = self.module.analyze(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started except Exception as e: results.status = self.TrIDResults.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) try: started = timestamp(datetime.utcnow()) (status, response) = self.analyze(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started results.status = status results.results = response except Exception as e: results.status = self.PEiDResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) try: started = timestamp(datetime.utcnow()) (status, response) = self.analyze(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started results.status = status results.results = response except Exception as e: results.status = self.PEiDResult.ERROR results.error = str(e) return results
def format(cls, probe_name, raw_result): res = PluginResult(**raw_result) try: # call formatter until one declares that it can handle it for formatter in cls().formatters: if formatter.can_handle_results(res): res = formatter.format(res) log.debug("using formatter {0} for raw results: {1}" "".format(formatter.plugin_name, res)) break # reduce output to hide or to overload the client unnecessarily res.pop('platform', None) if res.status < 0: res.pop('results', None) else: res.pop('error', None) duration = res.pop('duration', None) if duration is not None: # Round duration to 2 decimals res['duration'] = round(duration, 2) except Exception as e: res.pop('results', None) res.status = -1 res.error = e return res
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) try: # query the ICAP server: issue a REQMOD request started = timestamp(datetime.utcnow()) response = self.query_server(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started if response is None: results.status = self.ICAPResult.CLEAN results.results = "No threat found" else: results.status = self.ICAPResult.INFECTED results.results = response except Exception as e: results.status = self.ICAPResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) try: started = timestamp(datetime.utcnow()) output_dir = tempfile.mkdtemp() file_list = self.unarchive(paths, output_dir) results.output_files = {} results.output_files['output_dir'] = output_dir results.output_files['file_list'] = file_list stopped = timestamp(datetime.utcnow()) results.duration = stopped - started results.status = self.UnarchiveResult.OK results.results = None except Exception as e: results.status = self.UnarchiveResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) try: # query the ICAP server: issue a REQMOD request started = timestamp(datetime.utcnow()) response = self.query_server(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started if response is None: results.status = self.ICAPResult.CLEAN results.results = 'No threat found' else: results.status = self.ICAPResult.INFECTED results.results = response except Exception as e: results.status = self.ICAPResult.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) # launch file analysis try: started = timestamp(datetime.utcnow()) response = self.analyze(filename=paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # update results if not response: results.status = self.StaticAnalyzerResults.FAILURE results.results = "Not a PE file" else: results.status = self.StaticAnalyzerResults.SUCCESS results.results = response except Exception as e: results.status = self.StaticAnalyzerResults.ERROR results.error = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_display_name, type=type(self).plugin_category, version=None) try: # get the report, automatically append results started = timestamp(datetime.utcnow()) response = self.get_file_report(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check eventually for errors if 'error' in response: results.status = self.VirusTotalResult.ERROR results.error = str(response['error']) elif (response['response_code'] == 204): results.status = self.VirusTotalResult.ERROR results.error = "Public API request rate limit exceeded" elif (response['response_code'] == 403): results.status = self.VirusTotalResult.ERROR results.error = "Access forbidden (wrong key value or type)" elif (response['response_code'] == 200) and \ (response['results']['response_code'] != 1): results.status = self.VirusTotalResult.NOT_FOUND else: results.status = self.VirusTotalResult.FOUND results.results = response if 'error' not in response else None except Exception as e: results.status = self.VirusTotalResult.ERROR results.results = str(e) return results
def run(self, paths): results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None) try: # get the report, automatically append results started = timestamp(datetime.utcnow()) response = self.get_file_report(paths) stopped = timestamp(datetime.utcnow()) results.duration = stopped - started # check eventually for errors if 'error' in response: results.status = self.VirusTotalResult.ERROR results.error = response['error'] elif (response['response_code'] == 204): results.status = self.VirusTotalResult.ERROR results.error = "Public API request rate limit exceeded" elif (response['response_code'] == 403): results.status = self.VirusTotalResult.ERROR results.error = "Access forbidden (wrong key value or type)" elif (response['response_code'] == 200) and \ (response['results']['response_code'] != 1): results.status = self.VirusTotalResult.NOT_FOUND else: results.status = self.VirusTotalResult.FOUND results.results = response if 'error' not in response else None except Exception as e: results.status = self.VirusTotalResult.ERROR results.results = str(e) return results