Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Custom Magic for Quarantine #243

Merged
merged 5 commits into from
Jul 21, 2021

Conversation

malvidin
Copy link
Contributor

@malvidin malvidin commented May 25, 2021

Added a few quarantine file types from DeXRAY. The McAfee file typing to quarantine/mcafee may not work, as the file command may still apply the Composite Document File V2 Document magic.

@cccs-sgaron
Copy link
Contributor

Can you please resolve the conflicts?

malvidin added 2 commits May 27, 2021 10:07
Move McAfee BUP to identify.py
# Conflicts:
#	assemblyline/common/custom.magic
@malvidin
Copy link
Contributor Author

During OLE_CLSID_GUID extraction, it should compare the buffer bytes against bytes, not string.

if len(clsid) == 16 and clsid != "\0" * len(clsid):

vs.

if len(clsid) == 16 and clsid != b"\0" * len(clsid):

@codecov-commenter
Copy link

codecov-commenter commented May 27, 2021

Codecov Report

Merging #243 (119bdb3) into master (25deb64) will increase coverage by 0.82%.
The diff coverage is 0.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #243      +/-   ##
==========================================
+ Coverage   65.20%   66.02%   +0.82%     
==========================================
  Files         119      119              
  Lines       10411    10762     +351     
==========================================
+ Hits         6788     7106     +318     
- Misses       3623     3656      +33     
Impacted Files Coverage Δ
assemblyline/common/constants.py 87.87% <ø> (ø)
assemblyline/common/identify.py 33.33% <0.00%> (-0.31%) ⬇️
assemblyline/odm/randomizer.py 96.05% <0.00%> (+0.87%) ⬆️
assemblyline/datastore/stores/es_store.py 65.80% <0.00%> (+5.91%) ⬆️
assemblyline/datastore/__init__.py 71.20% <0.00%> (+7.06%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 25deb64...119bdb3. Read the comment docs.

@cccs-kevin
Copy link
Contributor

@malvidin Can you please resolve the conflicts so that we can move on with this ticket? 😄

@cccs-kevin cccs-kevin requested a review from cccs-sgaron July 21, 2021 13:53
@cccs-sgaron cccs-sgaron merged commit dd65b05 into CybercentreCanada:master Jul 21, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants