-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathservice_manifest.yml
77 lines (69 loc) · 2.34 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: AntiVirus
version: $SERVICE_TAG
description: This service provides integration of various anti-virus products with the Assemblyline platform.
# Regex defining the types of files the service accepts and rejects
accepts: .*
rejects: empty|metadata/iccprofile
# At which stage the service should run (one of FILTER, EXTRACT, CORE, SECONDARY, POST, REVIEW)
# NOTE: Stages are executed in the order defined in the list
stage: CORE
# Which category the service is part of (one of Antivirus, Dynamic Analysis, External, Extraction, Filtering, Internet Connected, Networking, Static Analysis)
category: Antivirus
# Does the service require access to the file to perform its task
# If set to false, the service will only have access to the file metadata (e.g. Hashes, size, type, ...)
file_required: true
# Maximum execution time the service has before it's considered to be timed out
timeout: 120
# is the service enabled by default
enabled: false
privileged: true
config:
av_config:
products:
- product: "Product1"
heuristic_analysis_keys:
- "HEUR:"
hosts:
- ip: "localhost"
port: 1344
method: "icap"
update_period: 240 # in minutes
- product: "Product2"
heuristic_analysis_keys:
- "HEUR/"
hosts:
- ip: "localhost"
port: 8000
scan_details:
version_endpoint: "version"
scan_endpoint: "scan"
method: "http"
update_period: 240 # in minutes
# Specific keywords found in a signature name
kw_score_revision_map:
adware: 0
# Signature names are not valid YAML keys according to the Assemblyline
# ODM so we cannot use them in the heuristic signature_score_map. Hence why we're putting this here.
sig_score_revision_map:
blahblahblah: 0
sleep_time: 60 # in seconds
connection_timeout: 10 # in seconds
number_of_retries: 3
mercy_limit: 5
sleep_on_version_error: true
heuristics:
- heur_id: 1
name: File is infected
score: 1000
filetype: '*'
description: AntiVirus hit.
- heur_id: 2
name: File is suspicious
score: 500
filetype: '*'
description: Heuristic Analysis hit.
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-antivirus:$SERVICE_TAG
cpu_cores: 0.25
ram_mb: 2048
allow_internet_access: true