def test_yara_exe(self):
additional_params = {
"directories_with_rules": [
"/opt/deploy/yara/rules",
"/opt/deploy/yara/intezer_rules",
"/opt/deploy/yara/mcafee_rules/APT",
"/opt/deploy/yara/mcafee_rules/RAT",
"/opt/deploy/yara/mcafee_rules/malware",
"/opt/deploy/yara/mcafee_rules/miners",
"/opt/deploy/yara/mcafee_rules/ransomware",
"/opt/deploy/yara/mcafee_rules/stealer",
"/opt/deploy/yara/signature-base/yara",
"/opt/deploy/yara/stratosphere_rules/malware",
"/opt/deploy/yara/stratosphere_rules/protocols",
]
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def test_yara_reversinglabs(self):
additional_params = {
"directories_with_rules": ["/opt/deploy/yara/reversinglabs_rules/yara"],
"recursive": True,
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def test_yara_community(self):
additional_params = {
"directories_with_rules": [
"/opt/deploy/yara/rules",
]
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def test_yara_stratosphere(self):
additional_params = {
"directories_with_rules": [
"/opt/deploy/yara/stratosphere_rules/malware",
"/opt/deploy/yara/stratosphere_rules/protocols",
]
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def test_yara_exe(self):
additional_params = {
"directories_with_rules": [
"/opt/deploy/yara/rules",
"/opt/deploy/yara/intezer_rules",
"/opt/deploy/yara/mcafee_rules",
"/opt/deploy/yara/signature-base/yara",
]
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def test_yara_reversinglabs(self):
additional_params = {
"directories_with_rules": [
"/opt/deploy/yara/reversinglabs_rules/yara/certificate",
"/opt/deploy/yara/reversinglabs_rules/yara/downloader",
"/opt/deploy/yara/reversinglabs_rules/yara/exploit",
"/opt/deploy/yara/reversinglabs_rules/yara/infostealer",
"/opt/deploy/yara/reversinglabs_rules/yara/pua",
"/opt/deploy/yara/reversinglabs_rules/yara/ransomware",
"/opt/deploy/yara/reversinglabs_rules/yara/trojan",
"/opt/deploy/yara/reversinglabs_rules/yara/virus",
]
}
report = yara_scan.YaraScan(
"Yara_Scan",
self.job_id,
self.filepath,
self.filename,
self.md5,
additional_params,
).start()
self.assertEqual(report.get("success", False), True)
def yara_run(analyzer_name, job_id, filepath, filename, md5,
additional_config_params):
yara_scan.YaraScan(analyzer_name, job_id, filepath, filename, md5,
additional_config_params).start()
