#446 #361 use python3 and the library maintained by blacktop instead …

…of a local one https://pypi.org/project/virustotal-api/
TheHive-Project · May 14, 2019 · cd0cf6d · cd0cf6d
1 parent 12682d2
commit cd0cf6d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 799 deletions.
diff --git a/analyzers/VirusTotal/requirements.txt b/analyzers/VirusTotal/requirements.txt
@@ -1,3 +1,4 @@
 cortexutils
 future
 requests
+virustotal-api
diff --git a/analyzers/VirusTotal/virustotal.py b/analyzers/VirusTotal/virustotal.py
@@ -1,10 +1,10 @@
 #!/usr/bin/env python
 # encoding: utf-8
-import sys
+
 import time
 import hashlib
 
-from virustotal_api import PublicApi as VirusTotalPublicApi
+from virus_total_apis import PublicApi as VirusTotalPublicApi
 from cortexutils.analyzer import Analyzer
 
 
@@ -45,8 +45,6 @@ def check_response(self, response):
         if status != 200:
             self.error('Bad status : ' + str(status))
         results = response.get('results', {})
-        if 'verbose_msg' in results:
-            print (str(results.get('verbose_msg')), sys.stderr)
         if 'Missing IP address' in results.get('verbose_msg', ''):
             results['verbose_msg'] = 'IP address not available in VirusTotal'
         return results
@@ -140,8 +138,10 @@ def run(self):
             if self.data_type == 'file':
                 filename = self.get_param('filename', 'noname.ext')
                 filepath = self.get_param('file', None, 'File is missing')
-                self.read_scan_response(self.vt.scan_file(
-                    (filename, open(filepath, 'rb'))), self.wait_file_report)
+                self.read_scan_response(
+                    self.vt.scan_file(filepath, from_disk=True, filename=filename),
+                    self.wait_file_report
+                )
             elif self.data_type == 'url':
                 data = self.get_param('data', None, 'Data is missing')
                 self.read_scan_response(
@@ -160,7 +160,7 @@ def run(self):
                 hashes = self.get_param('attachment.hashes', None)
                 if hashes is None:
                     filepath = self.get_param('file', None, 'File is missing')
-                    hash = hashlib.sha256(open(filepath, 'r').read()).hexdigest()
+                    hash = hashlib.sha256(open(filepath, 'rb').read()).hexdigest()
                 else:
                     # find SHA256 hash
                     hash = next(h for h in hashes if len(h) == 64)