示例#1
0
    def run(self, paths):
        results = PluginResult(name=type(self).plugin_display_name,
                               type=type(self).plugin_category,
                               version=self.module.version)
        try:
            # add database metadata
            results.database = None
            if self.module.database:
                results.database = dict()
                for filename in self.module.database:
                    results.database[filename] = self.file_metadata(filename)
            # launch an antivirus scan, automatically append scan results
            started = timestamp(datetime.utcnow())
            results.status = self.module.scan(paths)
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started
            # as only one result is expected, we simply remove the filename
            # and we return the result got
            return_results = list(self.module.scan_results.values())[0]
            # add scan results or append error
            if results.status < 0:
                results.error = return_results
            else:
                results.results = return_results

            # Add virus_database_version metadata
            results.virus_database_version = self.module.virus_database_version
        except Exception as e:
            results.status = -1
            results.error = str(e)
        return results
示例#2
0
文件: plugin.py 项目: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self)._plugin_display_name_,
                            type=type(self)._plugin_category_,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         with open(paths,"r") as fileobj:
             response = self.module.lookup_by_sha1(sha1sum(fileobj))
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
示例#3
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = str(response['error'])
         elif (response['response_code'] == 204):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif (response['response_code'] == 403):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif (response['response_code'] == 200) and \
              (response['results']['response_code'] != 1):
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
示例#4
0
 def run(self, paths):
     results = PluginResult(name="National Software Reference Library",
                            type=type(self).plugin_category,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         response = self.module.lookup_by_sha1(sha1sum(paths).upper())
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
示例#5
0
 def run(self, paths):
     results = PluginResult(name="National Software Reference Library",
                            type=type(self).plugin_category,
                            version=None)
     try:
         # lookup the specified sha1
         started = timestamp(datetime.utcnow())
         response = self.module.lookup_by_sha1(sha1sum(paths).upper())
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check for errors
         if isinstance(response, dict) and \
             (not response.get('MfgCode', None) or
              not response.get('OpSystemCode', None) or
              not response.get('ProductCode', None) or
              not response.get('SHA-1', None)):
             results.status = self.NSRLPluginResult.NOT_FOUND
             response = None
         else:
             results.status = self.NSRLPluginResult.FOUND
         results.results = response
     except Exception as e:
         results.status = self.NSRLPluginResult.ERROR
         results.error = str(e)
     return results
示例#6
0
 def run(self, paths):
     results = PluginResult(name=self.module.name,
                            type=type(self).plugin_category,
                            version=self.module.version)
     try:
         # add database metadata
         results.database = None
         if self.module.database:
             results.database = dict()
             for filename in self.module.database:
                 results.database[filename] = self.file_metadata(filename)
         # launch an antivirus scan, automatically append scan results
         started = timestamp(datetime.utcnow())
         results.status = self.module.scan(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # add scan results or append error
         if results.status < 0:
             results.error = self.module.scan_results
         else:
             # as only one result is expected, we simply remove the filename
             # and we return the result got
             results.results = self.module.scan_results.values()[0]
     except Exception as e:
         results.status = -1
         results.error = str(e)
     return results
示例#7
0
文件: plugin.py 项目: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         (error_raised, response) = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if error_raised:
             results.status = self.YaraResult.ERROR
             results.error = response
         elif response.__len__() == 0:
             results.status = self.YaraResult.NOT_FOUND
         else:
             results.status = self.YaraResult.FOUND
         match_string = ""
         matches = []
         if results.status is self.YaraResult.FOUND:
             for match in response:
                 match_string = "{0}, {1}".format(match_string, match)
                 matches.append("{0!s}".format(match))
         results.results = None
         if not error_raised:
             # results.results = {'Matches': "{0}".format(match_string)}
             results.results = {'Matches': matches}
     except Exception as e:
         results.status = self.YaraResult.ERROR
         results.results = str(e)
     return results
示例#8
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         response = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if 'error' in response:
             results.status = self.VirusTotalResult.ERROR
             results.error = response['error']
         elif (response['response_code'] == 204):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Public API request rate limit exceeded"
         elif (response['response_code'] == 403):
             results.status = self.VirusTotalResult.ERROR
             results.error = "Access forbidden (wrong key value or type)"
         elif (response['response_code'] == 200) and \
              (response['results']['response_code'] != 1):
             results.status = self.VirusTotalResult.NOT_FOUND
         else:
             results.status = self.VirusTotalResult.FOUND
         results.results = response if 'error' not in response else None
     except Exception as e:
         results.status = self.VirusTotalResult.ERROR
         results.results = str(e)
     return results
示例#9
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # get the report, automatically append results
         started = timestamp(datetime.utcnow())
         (error_raised, response) = self.get_file_report(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # check eventually for errors
         if error_raised:
             results.status = self.YaraResult.ERROR
             results.error = response
         elif response.__len__() == 0:
             results.status = self.YaraResult.NOT_FOUND
         else:
             results.status = self.YaraResult.FOUND
         match_string = ""
         matches = []
         if results.status is self.YaraResult.FOUND:
             for match in response:
                 match_string = "{0}, {1}".format(match_string, match)
                 matches.append("{0!s}".format(match))
         results.results = None
         if not error_raised:
             # results.results = {'Matches': "{0}".format(match_string)}
             results.results = {'Matches': matches}
     except Exception as e:
         results.status = self.YaraResult.ERROR
         results.results = str(e)
     return results
示例#10
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         results.status, results.results = self.module.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
     except Exception as e:
         results.status = self.TrIDResults.ERROR
         results.error = str(e)
     return results
示例#11
0
文件: plugin.py 项目: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         results.status, results.results = self.module.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
     except Exception as e:
         results.status = self.TrIDResults.ERROR
         results.error = str(e)
     return results
示例#12
0
 def run(self, paths):
     response = PluginResult(name=type(self).plugin_display_name,
                             type=type(self).plugin_category,
                             version=None)
     try:
         started = timestamp(datetime.utcnow())
         response.results = "Main analysis call here"
         stopped = timestamp(datetime.utcnow())
         response.duration = stopped - started
         response.status = self.SkeletonResult.SUCCESS
     except Exception as e:
         response.status = self.SkeletonResult.ERROR
         response.results = str(e)
     return response
示例#13
0
 def run(self, paths):
     response = PluginResult(name=type(self).plugin_display_name,
                             type=type(self).plugin_category,
                             version=None)
     try:
         started = timestamp(datetime.utcnow())
         response.results = "Main analysis call here"
         stopped = timestamp(datetime.utcnow())
         response.duration = stopped - started
         response.status = self.SkeletonResult.SUCCESS
     except Exception as e:
         response.status = self.SkeletonResult.ERROR
         response.results = str(e)
     return response
示例#14
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = str(e)
     return results
示例#15
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         (status, response) = self.analyze(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = status
         results.results = response
     except Exception as e:
         results.status = self.PEiDResult.ERROR
         results.error = str(e)
     return results
示例#16
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name, type=type(self).plugin_category, version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = "No threat found"
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = str(e)
     return results
示例#17
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         output_dir = tempfile.mkdtemp()
         file_list = self.unarchive(paths, output_dir)
         results.output_files = {}
         results.output_files['output_dir'] = output_dir
         results.output_files['file_list'] = file_list
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = self.UnarchiveResult.OK
         results.results = None
     except Exception as e:
         results.status = self.UnarchiveResult.ERROR
         results.error = str(e)
     return results
示例#18
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         started = timestamp(datetime.utcnow())
         output_dir = tempfile.mkdtemp()
         file_list = self.unarchive(paths, output_dir)
         results.output_files = {}
         results.output_files['output_dir'] = output_dir
         results.output_files['file_list'] = file_list
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         results.status = self.UnarchiveResult.OK
         results.results = None
     except Exception as e:
         results.status = self.UnarchiveResult.ERROR
         results.error = str(e)
     return results
示例#19
0
文件: plugin.py 项目: vaginessa/irma
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     try:
         # query the ICAP server: issue a REQMOD request
         started = timestamp(datetime.utcnow())
         response = self.query_server(paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         if response is None:
             results.status = self.ICAPResult.CLEAN
             results.results = 'No threat found'
         else:
             results.status = self.ICAPResult.INFECTED
             results.results = response
     except Exception as e:
         results.status = self.ICAPResult.ERROR
         results.error = str(e)
     return results
示例#20
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = str(e)
     return results
示例#21
0
 def run(self, paths):
     results = PluginResult(name=type(self).plugin_display_name,
                            type=type(self).plugin_category,
                            version=None)
     # launch file analysis
     try:
         started = timestamp(datetime.utcnow())
         response = self.analyze(filename=paths)
         stopped = timestamp(datetime.utcnow())
         results.duration = stopped - started
         # update results
         if not response:
             results.status = self.StaticAnalyzerResults.FAILURE
             results.results = "Not a PE file"
         else:
             results.status = self.StaticAnalyzerResults.SUCCESS
             results.results = response
     except Exception as e:
         results.status = self.StaticAnalyzerResults.ERROR
         results.error = str(e)
     return results