예제 #1
0
    def _list_files(self):
        pe = None
        yara_matching = None
        self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
        for directory in self.dirs:
            shadow_directory = self._changeroot(directory)
            lst = _ListFiles(shadow_directory, self.logger)

            for f in lst.list_files(shadow_directory):
                zip_proc = False
                if self._filtered_by_date(f) and self._filtered_size(f) and self._check_depth(f,self.dirs[directory], shadow_directory):
                    if self.filtered_yara:
                        if not yara_matching:
                            yara_matching = _Intel(f, self.params)
                        else:
                            setattr(yara_matching, 'path', f)
                        rules = yara_matching.process()
                        if rules:
                            self.zip_file.record(f)
                            try:
                                md5, sha1, sha256 = self._process_hashes(f)
                                yield f, str(rules), md5, sha1, sha256, 'yara', self._get_creation_date(f), os.stat(
                                    f).st_size == 0
                            except Exception as e:
                                yield f, str(rules), 'N/A', 'N/A', 'N/A', str(e), self._get_creation_date(f), os.stat(
                                    f).st_size == 0


                        if self._is_PE(mime):
                            if self.filtered_certificates:
                                if not pe:
                                    pe = _PE(f, self.params)
                                    self.logger.debug("Create Singleton PE")
                                else:
                                    setattr(pe, 'path', f)
                                if pe.process():
                                    continue
                        self.logger.debug("Certificats Check")
                        zip_proc = False

                    ext = os.path.splitext(f)[1][1:]
                    mime_filter, mime_zip, mime = self._filtered_magic(f)
                    if self.zip_file:
                        if self._filtered([mime_zip, self._filtered_ext(ext, self.zip_ext_file)]):
                            self.zip_file.record(f)
                            zip_proc = True
                    if self._filtered([mime_filter, self._filtered_ext(ext, self.ext_file)]):
                        try:
                            md5, sha1, sha256 = self._process_hashes(f)
                            yield f, mime, md5, sha1, sha256, zip_proc, self._get_creation_date(f), os.stat(
                                f).st_size == 0
                        except Exception as e:
                            yield f, mime, 'N/A', 'N/A', 'N/A', str(e), self._get_creation_date(f), os.stat(
                                f).st_size == 0
                else:
                    try:
                        self.logger.warn('file %s not cache by size %s or date %s' % (f, os.stat(f).st_size, self._get_modification_date(f)))
                    except Exception as e:
                        self.logger.error(e)
                        self.logger.error(f)
예제 #2
0
    def _list_files(self):
        pe = None
        yara_matching = None
        self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
        for directory in self.dirs:
            directory = self._changeroot(directory)
            lst = _ListFiles(directory, self.logger)

            for f in lst.list_files(directory):
                if self.filtered_yara:
                    if not yara_matching:
                        yara_matching = _Intel(f, self.params)
                    else:
                        setattr(yara_matching, 'path', f)
                    rules = yara_matching.process()
                    if rules:
                        self.zip_file.record(f)
                        try:
                            yield f, str(rules), self._process_hash(
                                f), 'yara', self._timestamp(f), os.stat(
                                    f).st_size == 0
                        except Exception as e:
                            yield f, str(rules), 'Permission denied', str(
                                e), self._timestamp(f), os.stat(f).st_size == 0
                ext = os.path.splitext(f)[1][1:]
                if self._filtered_size(f):
                    mime_filter, mime_zip, mime = self._filtered_magic(f)

                    if self._is_PE(mime):
                        if self.filtered_certificates:
                            if not pe:
                                pe = _PE(f, self.params)
                                self.logger.debug("Create Singleton PE")
                            else:
                                setattr(pe, 'path', f)
                            if pe.process():
                                continue
                    self.logger.debug("Certificats Check")
                    zip_proc = False
                    if self.zip_file:
                        if self._filtered([
                                mime_zip,
                                self._filtered_ext(ext, self.zip_ext_file)
                        ]):
                            self.zip_file.record(f)
                            zip_proc = True
                    if self._filtered(
                        [mime_filter,
                         self._filtered_ext(ext, self.ext_file)]):
                        try:
                            yield f, mime, self._process_hash(
                                f), zip_proc, self._timestamp(f), os.stat(
                                    f).st_size == 0
                        except Exception as e:
                            yield f, mime, 'Permission denied', str(
                                e), self._timestamp(f), os.stat(f).st_size == 0
예제 #3
0
    def _list_files(self):
        pe = None
        yara_matching = None
        self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
        for directory in self.dirs:
            directory = self._changeroot(directory)
            lst = _ListFiles(directory, self.logger)

            for f in lst.list_files(directory):
                if self.filtered_yara:
                    if not yara_matching:
                        yara_matching = _Intel(f, self.params)
                    else:
                        setattr(yara_matching, 'path', f)
                    rules = yara_matching.process()
                    if rules:
                        self.zip_file.record(f)
                        try:
                            yield f, str(rules), self._process_hash(f), 'yara', self._timestamp(f), os.stat(f).st_size == 0
                        except Exception as e:
                            yield f, str(rules), 'Permission denied', str(e), self._timestamp(f), os.stat(f).st_size == 0
                ext = os.path.splitext(f)[1][1:]
                if self._filtered_size(f):
                    mime_filter, mime_zip, mime = self._filtered_magic(f)

                    if self._is_PE(mime):
                        if self.filtered_certificates:
                            if not pe:
                                pe = _PE(f, self.params)
                                self.logger.debug("Create Singleton PE")
                            else:
                                setattr(pe, 'path', f)
                            if pe.process():
                                continue
                    self.logger.debug("Certificats Check")
                    zip_proc = False
                    if self.zip_file:
                        if self._filtered([mime_zip, self._filtered_ext(ext, self.zip_ext_file)]):
                            self.zip_file.record(f)
                            zip_proc = True
                    if self._filtered([mime_filter, self._filtered_ext(ext, self.ext_file)]):
                        try:
                            yield f, mime, self._process_hash(f), zip_proc, self._timestamp(f), os.stat(f).st_size == 0
                        except Exception as e:
                            yield f, mime, 'Permission denied', str(e), self._timestamp(f), os.stat(f).st_size == 0
예제 #4
0
    def _list_files(self):
        pe = None
        yara_matching = None
        self.logger.warn('Dirs: ' + str(self.dirs) + 'to catch')
        for directory in self.dirs:
            shadow_directory = self._changeroot(directory)
            lst = _ListFiles(shadow_directory, self.logger)

            for f in lst.list_files(shadow_directory):
                zip_proc = False
                if self._filtered_by_date(
                        f) and self._filtered_size(f) and self._check_depth(
                            f, self.dirs[directory], shadow_directory):
                    if self.filtered_yara:
                        if not yara_matching:
                            yara_matching = _Intel(f, self.params)
                        else:
                            setattr(yara_matching, 'path', f)
                        rules = yara_matching.process()
                        if rules:
                            self.zip_file.record(f)
                            try:
                                md5, sha1, sha256 = self._process_hashes(f)
                                yield f, str(
                                    rules
                                ), md5, sha1, sha256, 'yara', self._get_creation_date(
                                    f), os.stat(f).st_size == 0
                            except Exception as e:
                                yield f, str(rules), 'N/A', 'N/A', 'N/A', str(
                                    e), self._get_creation_date(f), os.stat(
                                        f).st_size == 0

                        if self._is_PE(mime):
                            if self.filtered_certificates:
                                if not pe:
                                    pe = _PE(f, self.params)
                                    self.logger.debug("Create Singleton PE")
                                else:
                                    setattr(pe, 'path', f)
                                if pe.process():
                                    continue
                        self.logger.debug("Certificats Check")
                        zip_proc = False

                    ext = os.path.splitext(f)[1][1:]
                    mime_filter, mime_zip, mime = self._filtered_magic(f)
                    if self.zip_file:
                        if self._filtered([
                                mime_zip,
                                self._filtered_ext(ext, self.zip_ext_file)
                        ]):
                            self.zip_file.record(f)
                            zip_proc = True
                    if self._filtered(
                        [mime_filter,
                         self._filtered_ext(ext, self.ext_file)]):
                        try:
                            md5, sha1, sha256 = self._process_hashes(f)
                            yield f, mime, md5, sha1, sha256, zip_proc, self._get_creation_date(
                                f), os.stat(f).st_size == 0
                        except Exception as e:
                            yield f, mime, 'N/A', 'N/A', 'N/A', str(
                                e), self._get_creation_date(f), os.stat(
                                    f).st_size == 0
                else:
                    try:
                        self.logger.warn(
                            'file %s not cache by size %s or date %s' %
                            (f, os.stat(f).st_size,
                             self._get_modification_date(f)))
                    except Exception as e:
                        self.logger.error(e)
                        self.logger.error(f)