malice-plugins / kaspersky Goto Github PK

View Code? Open in Web Editor NEW

15.0 5.0 12.0 3.46 MB

Malice Kaspersky Antivirus Plugin

License: MIT License

Makefile 24.55% Go 56.18% Dockerfile 15.85% Shell 3.43%

malice plugin antivirus docker malware malware-analysis kaspersky

kaspersky's Introduction

malice-kaspersky

Malice Kaspersky Antivirus Plugin

This repository contains a Dockerfile of kaspersky.

Dependencies

ubuntu:bionic (84.1MB)

Installation

Install Docker.
Download trusted build from public docker store: docker pull malice/kaspersky

Usage

docker run --rm malice/kaspersky EICAR

Or link your own malware folder:

Usage: kaspersky [OPTIONS] COMMAND [arg...]

Malice Kaspersky AntiVirus Plugin

Version: v0.1.0, BuildTime: 20181126

Author:
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V          verbose output
  --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
  --table, -t            output as Markdown table
  --callback, -c         POST results back to Malice webhook [$MALICE_ENDPOINT]
  --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
  --timeout value        malice plugin timeout (in seconds) (default: 120) [$MALICE_TIMEOUT]
  --help, -h             show help
  --version, -v          print the version

Commands:
  update  Update virus definitions
  web     Create a Kaspersky scan web service
  help    Shows a list of commands or help for one command

Run 'kaspersky COMMAND --help' for more information on a command.

Sample Output

JSON

{
  "kaspersky": {
    "infected": true,
    "result": "EICAR-Test-File",
    "engine": "8.0.4.312",
    "database": "9282732",
    "updated": "20181126"
  }
}

Markdown

Kaspersky

Infected	Result	Engine	Updated
true	EICAR-Test-File	8.0.4.312	20181126

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue.

TODO

add licence expiration detection
expose WEB ui

CHANGELOG

See CHANGELOG.md

Thanks

Thank you @abunasar for helping me get this AV completed!

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

kaspersky's People

Contributors

Stargazers

Watchers

Forkers

thdotnet benhe119 lenusmargin baranafsar thephenom27 kennycaiguo xzvb12 strajansebastian overag3 ryuchen crackercat

kaspersky's Issues

Fatal crash: exit status 2

All plugins are up to date.

I tested multiple files (both binary and text files) and all resulted in the following message from the kaspersky plugin:

>> docker run --rm -v /var/run/docker.sock:/var/run/docker.sock -v `pwd`:/malice/samples --network="host" malice/engine scan --logs putty.exe

...

time="2018-11-29T09:43:44Z" level=fatal msg="exit status 2" category=av path=/malware/7afb56dd48565c3c9804f683c80ef47e5333f847f2d3211ec11ed13ad36061e1 plugin=kaspersky

...

Let me know if there is a way i can provide more information to help debug the problem.

Docker version:

Docker version:
Client:
 Version:           18.09.0
 API version:       1.39
 Go version:        go1.10.4
 Git commit:        4d60db4
 Built:             Wed Nov  7 00:49:01 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.0
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       4d60db4
  Built:            Wed Nov  7 00:16:44 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Docker info (with some info removed):

Docker info:
Containers: 6
 Running: 1
 Paused: 0
 Stopped: 5
Images: 26
Server Version: 18.09.0
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: c4446665cb9c30056f4998ed953e6d4ff22c7c39
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.15.0-39-generic
Operating System: Linux Mint 19
OSType: linux
Architecture: x86_64
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false
Product License: Community Engine

WARNING: No swap limit support

Exit status 2

time="2019-12-10T14:41:18Z" level=debug msg="checking Kaspersky license"
time="2019-12-10T14:41:18Z" level=fatal msg="exit status 2" category=av path=/malware/EICAR plugin=kaspersky

Not working with normal malice scan

Heya,

After installing, I ran:

malice scan file.txt

It was tested against all other avs but not Kaspersky, it has yet to be added to plug-ins?

msg="fork/exec /etc/init.d/kav4fs-supervisor: no such file or directory"

hello,
I tried to compile the image myself and encountered 2 problems.
First, if don't use elasticsearch, is license.key don't needed?
Second, time="2019-10-23T02:51:36Z" level=fatal msg="fork/exec /etc/init.d/kav4fs-supervisor: no such file or directory" category=av path=/malware/tests/malware plugin=kaspersky

Looking forward to your reply!