def is_my_filetype(self, id_dict, file_name): """Determine if the magic string is appropriate for this category""" # check magic string first try: if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]: return self.cat_name except: return None # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name # check TrID output, if available # this can likely be removed for (percent, desc) in id_dict['trid']: for type_ in self.my_types: # make sure percent is high enough and trid string matches if type_ in desc and percent > 50: return self.cat_name # add your own code on additional file type determination here return None
def is_my_filetype(self, id_dict, file_name): """Determine if magic string is appropriate for this category.""" if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]: return self.cat_name # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name return None
def is_my_filetype(self, id_dict, file_name): """Determine if magic string is appropriate for this category.""" try: if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]: return self.cat_name except: return None # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name return None
def is_my_filetype(self, id_dict, file_name): """Determine if magic string is appropriate for this category.""" # check magic string first try: if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]: return self.cat_name except: return None # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name # perform a manual check if self.is_exe(file_name): return self.cat_name return None
def is_my_filetype(self, id_dict, file_name): """Determine if magic string is appropriate for this category.""" # check the magic string for our file type if [ type_ for type_ in self.my_types if type_ in id_dict['magic'] ]: return self.cat_name # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name # the PDF header may be in the first 1024 bytes of the file # libmagic and TrID may not pick this up with open(file_name, 'r') as pdf_file: data = pdf_file.read(1024) if '%PDF-' in data: return self.cat_name return None
def is_my_filetype(self, id_dict, file_name): """Determine if magic string is appropriate for this category.""" # check the magic string for our file type try: if [ type_ for type_ in self.my_types if type_ in id_dict['magic'] ]: return self.cat_name except: return None # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name # the PDF header may be in the first 1024 bytes of the file # libmagic and TrID may not pick this up with open(file_name, 'r') as pdf_file: data = pdf_file.read(1024) if '%PDF-' in data: return self.cat_name return None
def is_my_filetype(self, id_dict, file_name): """Determine if the magic string is appropriate for this category""" # Use the python library first try: # there are times where is_zipfile returns true for non-zipfiles # so we have to try and open it as well if zipfile.is_zipfile(file_name) is True: return self.cat_name except: return None # check magic string next try: if [ type_ for type_ in self.my_types if type_ in id_dict['magic']]: return self.cat_name except TypeError: return None # run Yara type check if FileType.yara_typecheck(file_name, self.yara_filetype) is True: return self.cat_name return None