[lib.cuckoo.core.plugins] WARNING: The reporting module "Malheur" returned the following error: Failed to perform Malheur classification: [Errno 2] No such file or directory about cuckoo-modified HOT 13 OPEN

Are you running the latest version of Malheur from https://github.com/rieck/malheur ? We changed to using their new config format, so it will fail if you're using an older version.

-Brad

from cuckoo-modified.

Yes, version 0.5.4. However, I am running from OS X--not sure if this might be the issue..?

from cuckoo-modified.

Possibly -- I can't test on there. Can you run the malheur command present in the reporting module manually and see what error it's giving?

-Brad

from cuckoo-modified.

Sure.. it doesn't seem to like the -c command-line option to reference the config file..

from cuckoo-modified.

resolved: edited malheur.py with following changes..

line 148: cfgpath = os.path.join(CUCKOO_ROOT, "cons")
line 167: cmdline = ["malheur", "-m", cfgpath, "-o", outputfile, "cluster", reportsdir]

from cuckoo-modified.

You're not running the latest version (via git HEAD, not version number -- the changes I mentioned above were after the bump to 0.5.4)? There is no -m option in the latest version, and the -c option was added via this commit: rieck/malheur@28e0368

-Brad

from cuckoo-modified.

right you are! working now with latest and greatest version of Malheur. many thanks.

from cuckoo-modified.

After analyzing 178 samples, I'm getting this same error again. While restarting Cuckoo does not help, a total clean of jobs/samples/data/etc. does resolve the issue... for a while, then it consistently prints this error after 178 samples.

from cuckoo-modified.

That could be a different issue (there are a couple bugs in Malheur that I had fixed upstream, this is also why we require the current git HEAD). Can you re-run the commandline and see what the problem is?

-Brad

from cuckoo-modified.

Ran the command-line, and Malheur completed with no problems against the (>178) reports I generated with Cuckoo.

Note that, even when it prints the error after 178 samples, the individual report files are being generated in storage/malheur/reports, but everything after sample 178 is not being saved to storage/malheur/malheur.txt.

As a next step, I am going to run it against a different batch of samples..

from cuckoo-modified.

The other batch got well past 178. I then threw sample 178 from the original batch into another batch and, as bizarre as it sounds, that same sample is what killed the Malheur reporting (this time as sample 33).

from cuckoo-modified.

I'm having same issue too, after some time when malheur was working correctly, now I'm receiving that error:
WARNING: The reporting module "Malheur" returned the following error: Failed to perform Malheur classification: [Errno 2] No such file or directory
I'm using latest version etc...

from cuckoo-modified.

But for other analysis, exmaple the file 11323.txt under /storage/malheur/reports is generated..

from cuckoo-modified.