Package modules :: Package processing :: Module virustotal
[hide private]
[frames] | no frames]

Source Code for Module modules.processing.virustotal

 1  # Copyright (C) 2010-2015 Cuckoo Foundation. 
 2  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 3  # See the file 'docs/LICENSE' for copying permission. 
 4   
 5  import os 
 6  import json 
 7  import urllib 
 8  import urllib2 
 9   
10  from lib.cuckoo.common.abstracts import Processing 
11  from lib.cuckoo.common.exceptions import CuckooProcessingError 
12  from lib.cuckoo.common.objects import File 
13   
14  VIRUSTOTAL_FILE_URL = "https://www.virustotal.com/vtapi/v2/file/report" 
15  VIRUSTOTAL_URL_URL = "https://www.virustotal.com/vtapi/v2/url/report" 
16   
17 -class VirusTotal(Processing):
18 """Gets antivirus signatures from VirusTotal.com""" 19
20 - def run(self):
21 """Runs VirusTotal processing 22 @return: full VirusTotal report. 23 """ 24 self.key = "virustotal" 25 virustotal = [] 26 27 key = self.options.get("key", None) 28 timeout = self.options.get("timeout", 60) 29 30 if not key: 31 raise CuckooProcessingError("VirusTotal API key not " 32 "configured, skip") 33 34 if self.task["category"] == "file": 35 if not os.path.exists(self.file_path): 36 raise CuckooProcessingError("File {0} not found, skipping it".format(self.file_path)) 37 38 resource = File(self.file_path).get_md5() 39 url = VIRUSTOTAL_FILE_URL 40 elif self.task["category"] == "url": 41 resource = self.task["target"] 42 url = VIRUSTOTAL_URL_URL 43 else: 44 # Not supported type, exit. 45 return virustotal 46 47 data = urllib.urlencode({"resource": resource, "apikey": key}) 48 49 try: 50 request = urllib2.Request(url, data) 51 response = urllib2.urlopen(request, timeout=int(timeout)) 52 response_data = response.read() 53 except urllib2.URLError as e: 54 raise CuckooProcessingError("Unable to establish connection " 55 "to VirusTotal: {0}".format(e)) 56 except urllib2.HTTPError as e: 57 raise CuckooProcessingError("Unable to perform HTTP request to " 58 "VirusTotal " 59 "(http code={0})".format(e.code)) 60 61 try: 62 virustotal = json.loads(response_data) 63 except ValueError as e: 64 raise CuckooProcessingError("Unable to convert response to " 65 "JSON: {0}".format(e)) 66 67 if "scans" in virustotal: 68 items = virustotal["scans"].items() 69 virustotal["scans"] = dict((engine.replace(".", "_"), signature) 70 for engine, signature in items) 71 72 return virustotal
73