28 Nov 2016 - v1.5.3 - IRMA is now one single repository check <https://github.com/quarkslab/irma>
quarkslab / irma-probe Goto Github PK
View Code? Open in Web Editor NEWIRMA probe
IRMA probe
28 Nov 2016 - v1.5.3 - IRMA is now one single repository check <https://github.com/quarkslab/irma>
Running 'python -m tools.run_module FProt eicar.com' as the deploy user returns:
{'database': None,
'duration': 0.844196081161499,
'error': None,
'name': 'F-PROT Antivirus',
'platform': 'linux2',
'results': 'EICAR_Test_File (exact)',
'status': 1,
'type': 'antivirus',
'version': '1.0.0'}
However, when I check the probe.log I see the following:
[2016-06-26 12:26:42,981: DEBUG/Worker-1] probe.tasks.probe_scan[16ef2430-22f7-4b64-bcd0-f2be14147c72]: scanid 5cfc6081-643a-45a8-8965-e8$
$6132s: {u'status': -1, u'name': u'F-PROT Antivirus', u'database': None, u'results': None, u'platform': u'linux2', u'version':...
Any ideas?
The Virus Blokada's script interfacing with Virus Blokada does not consider suspect binaries as infected (return value == 6 from the tool). Irma consider therefore that 6 is an error and result into a -1 status in the json report from the API.
Issue 1:
Antivirus was not found (i.e. folder not in PATH) -> celery starts with default queue. Frontend recognizes it and schedules a scan -> timeout for scan
Issue 2:
Got not detected:
McAfee Antivirus 2014
In the returned json, use filehash instead of temporary filename
Allow irma-probe to use SSL with RabbitMQ
installed cav-linux_1.1.268025-1_amd64.deb started probe AV got recognized as ComodoCAVL, but the results are always as follows
ComodoCAVL :
The file came out as: no formatter
ClamAV Probe doesn't recognize EICAR
docs dir was removed to merge all docs in irma repo but setup.py need to be fixed
Hi all,
My environment is as follows:
All post-install checks return expected results and no errors are being reported in any logs that I can find.
Network wise the VMs can all ping hostnames and IP addresses of eachother, there are no firewalls and IPtables has not been configured with any rules on the Debian boxes.
When running up the Frontend, no probes show. Is anyone able to help with this issue and suggest ways forward?
Kind Regards
Andrew
in modules/antivirus/base.py
. We also need to correct the command injection problem
Currently we get results like this,
{"status": 0, "name": "McAfee VirusScan Command Line scanner", "results": null, "version": "6.0.4.564", "duration": 12.68, "type": "antivirus"}
It's great that we get AV product version "6.0.4.564". But the thing is, AV product version doesn't update automatically but virus definitions does (& happen almost daily).
It will be great if you can include Virus definition information along with (or instead of ) AV product version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.