Skip to content

Latest commit

 

History

History
36 lines (30 loc) · 2.28 KB

README.md

File metadata and controls

36 lines (30 loc) · 2.28 KB

File malware analysis using the OPSWAT API

Introduction

This application will perform the following:

  • Calculate the hash of a given file (using sha1) and perform a file look up to see if malware scans are documented for a given hash
  • If the hash is not found for a given file, the file is uploaded to OPSWAT, analyzed with various malware engines, and the malware results are displayed to the user.

Set up programming environment

Windows: use a package manager like Anaconda (recommended)

  • Download Anaconda 3
  • Create a new empty environment, we'll use the name development from now on. Use conda create --name development
  • Activate the environment using conda activate development.
  • Install HTTP Methods for Python using pip install requests

Set up program global variables

TIME_DELAY (default = 5)

Time delay controls how long the program waits between polling malware analysis results from server. This will reduce server strain and reduce number of requests for limited account. Polling will continue until the server completes the malware scan or an error occurs.

API_KEY_META_DEFENDER_CLOUD

Authorization token to grant API access. Add your API key here. For a free account at OPSWAT PORTAL. This will create an account and generate a trial apikey for METADEFENDER PORTAL. The apikey should be displayed on the "Home" tab once you login to your portal account. Please note this apikey has rate limiting which you may encounter, this is normal.

VERBOSE (default = 0)

Verbose controls the print out of non-essential program status updates. To include all program inputs make Verbose 1. To only include the essential print outs (malware summary).

Program inputs

Argument 1

This program only takes one program input (in addition to the calling program). This should be the path to a file on your system that you wish to scan. Note: if this file is in the project directory, only the file name is needed.

  • example: on the command line, run malware analysis on the example provided file, test.txt, with: test.py test.txt