Package modules :: Package processing :: Module virustotal
[hide private]
[frames] | no frames]

Source Code for Module modules.processing.virustotal

  1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
  2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
  3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
  4  # See the file 'docs/LICENSE' for copying permission. 
  5   
  6  import logging 
  7  import os 
  8   
  9  from lib.cuckoo.common.abstracts import Processing 
 10  from lib.cuckoo.common.exceptions import CuckooOperationalError 
 11  from lib.cuckoo.common.exceptions import CuckooProcessingError 
 12  from lib.cuckoo.common.virustotal import VirusTotalAPI 
 13  from lib.cuckoo.common.virustotal import VirusTotalResourceNotScanned 
 14   
 15  log = logging.getLogger(__name__) 
 16   
17 -class VirusTotal(Processing):
18 """Gets antivirus signatures from VirusTotal.com for various results. 19 20 Currently obtains VirusTotal results for the target sample or URL and the 21 dropped files. 22 """ 23 order = 2 24
25 - def run(self):
26 """Runs VirusTotal processing 27 @return: full VirusTotal report. 28 """ 29 self.key = "virustotal" 30 31 apikey = self.options.get("key") 32 timeout = int(self.options.get("timeout", 60)) 33 scan = int(self.options.get("scan", 0)) 34 35 if not apikey: 36 raise CuckooProcessingError("VirusTotal API key not " 37 "configured, skipping VirusTotal " 38 "processing module.") 39 40 self.vt = VirusTotalAPI(apikey, timeout, scan) 41 42 # Scan the original sample or URL. 43 if self.task["category"] == "file": 44 results = self.scan_file(self.file_path) 45 elif self.task["category"] == "url": 46 results = self.scan_url(self.task["target"]) 47 elif self.task["category"] == "baseline": 48 return 49 elif self.task["category"] == "service": 50 return 51 else: 52 raise CuckooProcessingError("Unsupported task category: %s" % 53 self.task["category"]) 54 55 # Scan any dropped files that have an interesting filetype. 56 for row in self.results.get("dropped", []): 57 if not self.should_scan_file(row["type"]): 58 continue 59 60 row["virustotal"] = self.scan_file(row["path"], summary=True) 61 62 return results
63
64 - def scan_file(self, filepath, summary=False):
65 """Retrieve VirusTotal results for a file. 66 @param filepath: file path 67 @param summary: if you want a summary report 68 """ 69 if not os.path.exists(filepath): 70 log.warning("Path \"%s\" could not be found for VirusTotal " 71 "lookup, skipping it", os.path.basename(filepath)) 72 return 73 74 try: 75 return self.vt.file_report(filepath, summary=summary) 76 except VirusTotalResourceNotScanned: 77 return self.vt.file_scan(filepath) 78 except CuckooOperationalError as e: 79 log.warning("Error fetching results from VirusTotal for " 80 "\"%s\": %s", os.path.basename(filepath), e.message)
81
82 - def scan_url(self, url, summary=False):
83 """Retrieve VirusTotal results for a URL. 84 @param url: URL 85 @param summary: if you want a summary report 86 """ 87 try: 88 return self.vt.url_report(url, summary=summary) 89 except VirusTotalResourceNotScanned: 90 return self.vt.url_scan(url) 91 except CuckooOperationalError as e: 92 log.warning("Error fetching results from VirusTotal for " 93 "\"%s\": %s", url, e.message)
94
95 - def should_scan_file(self, filetype):
96 """Determines whether a certain filetype should be scanned on 97 VirusTotal. For example, we're not interested in scanning text 98 files. 99 @param filetype: file type 100 """ 101 return "PE32" in filetype or "MS-DOS" in filetype
102