Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: AV Module to use Cylance Scoring #105

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

WIP: AV Module to use Cylance Scoring #105

Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
d3f81e1
AV module which uses Cylance Score
jmlong1027 Mar 13, 2018
24971fc
Update CylanceScore.py
jmlong1027 Mar 13, 2018
f0527b2
Update CylanceScore.py
jmlong1027 Mar 13, 2018
a9b9e4b
Added check function
jmlong1027 Mar 23, 2018
bf50831
Update scoreFile command
jmlong1027 Mar 29, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
72 changes: 72 additions & 0 deletions modules/Antivirus/CylanceScore.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
from __future__ import division, absolute_import, with_statement, print_function, unicode_literals
import subprocess
import re

__author__ = "Mike Long"
__license__ = "MPL 2.0"

TYPE = "Antivirus"
NAME = "Cylance"

SCORE = "/opt/infinity/bin/mono /opt/infinity/bin/InfinityDaemonClient localhost:9002 p ScoreFile"

DEFAULTCONF = {
"ENABLED": False,
"score": SCORE
}

def check(conf=DEFAULTCONF):
if not conf['ENABLED']:
return False
if not ping():
return False
return True

def ping():
try:
# Cylance service runs locally on port 9002 by default, change if configured differently
status = "(echo >/dev/tcp/127.0.0.1/9002) &>/dev/null && echo '0' || echo '1'"
return bool(subprocess.check_output([status], shell=True, executable='/bin/bash'))
except:
raise


def scan(filelist, conf=DEFAULTCONF):
results = []

if ping():
try:
for f in filelist:
scoreFile = conf["score"] + " "+ f
output = subprocess.check_output([scoreFile], shell=True)

## Cleaning up the output ##
## Let's Remove the first two lines, not needed
output = output.split("\n", 2)[2]
## Splitting output at funky characaters
output = re.split('---- | ----|{|}|,|\n', output)
## There are empty strings in the list, removing....
output = [i for i in output if i != '']
## Cleaning up leading whitespaces
output = [x.strip(' ') for x in output]
## End of cleaning ##

# Add list to result
# results.append((f,output))
# Add score only to result
results.append((f, output[9]))

except:
raise
else:
print("Cylance Service on port 9002 is not running...")

metadata = {
'Name': "Cylance",
'Type': "Antivirus"
}

return (results, metadata)