def _list_files(self):
pe = None
yara_matching = None
self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
for directory in self.dirs:
shadow_directory = self._changeroot(directory)
lst = _ListFiles(shadow_directory, self.logger)
for f in lst.list_files(shadow_directory):
zip_proc = False
if self._filtered_by_date(f) and self._filtered_size(f) and self._check_depth(f,self.dirs[directory], shadow_directory):
if self.filtered_yara:
if not yara_matching:
yara_matching = _Intel(f, self.params)
else:
setattr(yara_matching, 'path', f)
rules = yara_matching.process()
if rules:
self.zip_file.record(f)
try:
md5, sha1, sha256 = self._process_hashes(f)
yield f, str(rules), md5, sha1, sha256, 'yara', self._get_creation_date(f), os.stat(
f).st_size == 0
except Exception as e:
yield f, str(rules), 'N/A', 'N/A', 'N/A', str(e), self._get_creation_date(f), os.stat(
f).st_size == 0
if self._is_PE(mime):
if self.filtered_certificates:
if not pe:
pe = _PE(f, self.params)
self.logger.debug("Create Singleton PE")
else:
setattr(pe, 'path', f)
if pe.process():
continue
self.logger.debug("Certificats Check")
zip_proc = False
ext = os.path.splitext(f)[1][1:]
mime_filter, mime_zip, mime = self._filtered_magic(f)
if self.zip_file:
if self._filtered([mime_zip, self._filtered_ext(ext, self.zip_ext_file)]):
self.zip_file.record(f)
zip_proc = True
if self._filtered([mime_filter, self._filtered_ext(ext, self.ext_file)]):
try:
md5, sha1, sha256 = self._process_hashes(f)
yield f, mime, md5, sha1, sha256, zip_proc, self._get_creation_date(f), os.stat(
f).st_size == 0
except Exception as e:
yield f, mime, 'N/A', 'N/A', 'N/A', str(e), self._get_creation_date(f), os.stat(
f).st_size == 0
else:
try:
self.logger.warn('file %s not cache by size %s or date %s' % (f, os.stat(f).st_size, self._get_modification_date(f)))
except Exception as e:
self.logger.error(e)
self.logger.error(f)
def _list_files(self):
pe = None
yara_matching = None
self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
for directory in self.dirs:
directory = self._changeroot(directory)
lst = _ListFiles(directory, self.logger)
for f in lst.list_files(directory):
if self.filtered_yara:
if not yara_matching:
yara_matching = _Intel(f, self.params)
else:
setattr(yara_matching, 'path', f)
rules = yara_matching.process()
if rules:
self.zip_file.record(f)
try:
yield f, str(rules), self._process_hash(
f), 'yara', self._timestamp(f), os.stat(
f).st_size == 0
except Exception as e:
yield f, str(rules), 'Permission denied', str(
e), self._timestamp(f), os.stat(f).st_size == 0
ext = os.path.splitext(f)[1][1:]
if self._filtered_size(f):
mime_filter, mime_zip, mime = self._filtered_magic(f)
if self._is_PE(mime):
if self.filtered_certificates:
if not pe:
pe = _PE(f, self.params)
self.logger.debug("Create Singleton PE")
else:
setattr(pe, 'path', f)
if pe.process():
continue
self.logger.debug("Certificats Check")
zip_proc = False
if self.zip_file:
if self._filtered([
mime_zip,
self._filtered_ext(ext, self.zip_ext_file)
]):
self.zip_file.record(f)
zip_proc = True
if self._filtered(
[mime_filter,
self._filtered_ext(ext, self.ext_file)]):
try:
yield f, mime, self._process_hash(
f), zip_proc, self._timestamp(f), os.stat(
f).st_size == 0
except Exception as e:
yield f, mime, 'Permission denied', str(
e), self._timestamp(f), os.stat(f).st_size == 0
def _list_files(self):
pe = None
yara_matching = None
self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
for directory in self.dirs:
directory = self._changeroot(directory)
lst = _ListFiles(directory, self.logger)
for f in lst.list_files(directory):
if self.filtered_yara:
if not yara_matching:
yara_matching = _Intel(f, self.params)
else:
setattr(yara_matching, 'path', f)
rules = yara_matching.process()
if rules:
self.zip_file.record(f)
try:
yield f, str(rules), self._process_hash(f), 'yara', self._timestamp(f), os.stat(f).st_size == 0
except Exception as e:
yield f, str(rules), 'Permission denied', str(e), self._timestamp(f), os.stat(f).st_size == 0
ext = os.path.splitext(f)[1][1:]
if self._filtered_size(f):
mime_filter, mime_zip, mime = self._filtered_magic(f)
if self._is_PE(mime):
if self.filtered_certificates:
if not pe:
pe = _PE(f, self.params)
self.logger.debug("Create Singleton PE")
else:
setattr(pe, 'path', f)
if pe.process():
continue
self.logger.debug("Certificats Check")
zip_proc = False
if self.zip_file:
if self._filtered([mime_zip, self._filtered_ext(ext, self.zip_ext_file)]):
self.zip_file.record(f)
zip_proc = True
if self._filtered([mime_filter, self._filtered_ext(ext, self.ext_file)]):
try:
yield f, mime, self._process_hash(f), zip_proc, self._timestamp(f), os.stat(f).st_size == 0
except Exception as e:
yield f, mime, 'Permission denied', str(e), self._timestamp(f), os.stat(f).st_size == 0
def _list_files(self):
pe = None
yara_matching = None
self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
for directory in self.dirs:
shadow_directory = self._changeroot(directory)
lst = _ListFiles(shadow_directory, self.logger)
for f in lst.list_files(shadow_directory):
zip_proc = False
if self._filtered_by_date(
f) and self._filtered_size(f) and self._check_depth(
f, self.dirs[directory], shadow_directory):
if self.filtered_yara:
if not yara_matching:
yara_matching = _Intel(f, self.params)
else:
setattr(yara_matching, 'path', f)
rules = yara_matching.process()
if rules:
self.zip_file.record(f)
try:
md5, sha1, sha256 = self._process_hashes(f)
yield f, str(
rules
), md5, sha1, sha256, 'yara', self._get_creation_date(
f), os.stat(f).st_size == 0
except Exception as e:
yield f, str(rules), 'N/A', 'N/A', 'N/A', str(
e), self._get_creation_date(f), os.stat(
f).st_size == 0
if self._is_PE(mime):
if self.filtered_certificates:
if not pe:
pe = _PE(f, self.params)
self.logger.debug("Create Singleton PE")
else:
setattr(pe, 'path', f)
if pe.process():
continue
self.logger.debug("Certificats Check")
zip_proc = False
ext = os.path.splitext(f)[1][1:]
mime_filter, mime_zip, mime = self._filtered_magic(f)
if self.zip_file:
if self._filtered([
mime_zip,
self._filtered_ext(ext, self.zip_ext_file)
]):
self.zip_file.record(f)
zip_proc = True
if self._filtered(
[mime_filter,
self._filtered_ext(ext, self.ext_file)]):
try:
md5, sha1, sha256 = self._process_hashes(f)
yield f, mime, md5, sha1, sha256, zip_proc, self._get_creation_date(
f), os.stat(f).st_size == 0
except Exception as e:
yield f, mime, 'N/A', 'N/A', 'N/A', str(
e), self._get_creation_date(f), os.stat(
f).st_size == 0
else:
try:
self.logger.warn(
'file %s not cache by size %s or date %s' %
(f, os.stat(f).st_size,
self._get_modification_date(f)))
except Exception as e:
self.logger.error(e)
self.logger.error(f)