⚠️

malice-plugins · Nov 25, 2018 · 12e79b8 · 12e79b8
1 parent 036fcbd
commit 12e79b8
Show file tree

Hide file tree

Showing 8 changed files with 242 additions and 91 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -3,27 +3,15 @@ jobs:
   build:
     working_directory: /app
     docker:
-      - image: docker:17.06.0-ce-git
+      - image: docker:18.03.1-ce-git
     steps:
       - checkout
-      - setup_remote_docker
+      - setup_remote_docker:
+          version: 18.03.1-ce
       - run:
           name: Install dependencies
           command: |
-            apk add --no-cache \
-              py2-pip=9.0.1-r1 curl=7.54.0-r0 jq
-            pip install \
-              docker-compose==1.14.0 \
-              awscli==1.11.112 \
-              httpie
-      - run:
-          name: Install Docker client
-          command: |
-            set -x
-            VER="17.05.0-ce"
-            curl -L -o /tmp/docker-$VER.tgz https://get.docker.com/builds/Linux/x86_64/docker-$VER.tgz
-            tar -xz -C /tmp -f /tmp/docker-$VER.tgz
-            mv /tmp/docker/* /usr/bin
+            apk add --no-cache jq
       - restore_cache:
           keys:
             - v1-{{ .Branch }}
@@ -38,7 +26,7 @@ jobs:
           name: Build application Docker image
           command: |
             docker version
-            docker build --build-arg ZONE_KEY=${ZONEKEY} --cache-from=app -t app .
+            docker build --cache-from=app -t app .
       - run:
           name: Get Docker image size
           command: |
@@ -56,20 +44,33 @@ jobs:
           paths:
             - /caches/app.tar
       - run:
-          name: Run malware test
+          name: Download sample
           command: |
-            set -x
-            curl -L -o /tmp/sample https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408
-            docker create -v /malware --name malvol alpine:3.6 /bin/true
+            docker run --init blacktop/httpie --follow https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 > /tmp/sample
+            docker create -v /malware --name malvol alpine:3.8 /bin/true
             docker cp /tmp/sample malvol:/malware
+      - run:
+          name: Run test
+          command: |
+            set -x
             docker run --rm --volumes-from malvol app -V sample | jq .
             docker run --rm --volumes-from malvol app -t sample
-      # - deploy:
-      #     name: Push application Docker image
+      # - run:
+      #     name: Download samples
+      #     command: |
+      #       docker create -v /malware --name malvol2 --entrypoint=sh malice/alpine /bin/true
+      #       docker run --rm -it --volumes-from malvol2 \
+      #        malice/get-mauled -V malware-samples
+      # - run:
+      #     name: Run tests
       #     command: |
-      #       if [ "${CIRCLE_BRANCH}" == "master" ]; then
-      #         login="$(aws ecr get-login)"
-      #         ${login}
-      #         docker tag app "${ECR_ENDPOINT}/app:${CIRCLE_SHA1}"
-      #         docker push "${ECR_ENDPOINT}/app:${CIRCLE_SHA1}"
-      #       fi
+      #       set -x
+      #       for file in $(docker run --volumes-from malvol2 alpine ls -1 /malware)
+      #       do
+      #         docker run --rm --volumes-from malvol2 app $file | jq .
+      #       done
+      - run:
+          name: Run update test
+          command: |
+            set -x
+            docker run --rm app -V update
diff --git a/.dockerignore b/.dockerignore
@@ -3,13 +3,13 @@
 .gitignore
 
 .circleci*
+.vscode*
 docs*
+vendor*
 tests*
 
-README.md
-README.md.bu
+*.md
+*.md.bu
 LICENSE
-CHANGELOG.md
 Makefile
-NOTES.md
 # *.key
diff --git a/Makefile b/Makefile
@@ -1,72 +1,147 @@
 REPO=malice-plugins/kaspersky
 ORG=malice
 NAME=kaspersky
+CATEGORY=av
 VERSION=$(shell cat VERSION)
+
 KASPERSKY_KEY?=$(shell cat kaspersky.key)
 
-all: build size test avtest gotest
+MALWARE=tests/malware
+NOT_MALWARE=tests/not.malware
+
+all: build size tag test_all
 
+.PHONY: build
 build:
 	docker build -t $(ORG)/$(NAME):$(VERSION) .
-	# docker build --build-arg KASPERSKY_KEY=${KASPERSKY_KEY} -t $(ORG)/$(NAME):$(VERSION) .
 
-base:
-	docker build -f Dockerfile.base -t $(ORG)/$(NAME):base .
-
-dev:
-	docker build --build-arg KASPERSKY_KEY=${KASPERSKY_KEY} -f Dockerfile.dev -t $(ORG)/$(NAME):$(VERSION) .
+.PHONY: build_w_key
+build_w_key:
+	docker build --build-arg KASPERSKY_KEY=${KASPERSKY_KEY} -t $(ORG)/$(NAME):$(VERSION) .
 
+.PHONY: size
 size:
 	sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell docker images --format "{{.Size}}" $(ORG)/$(NAME):$(VERSION)| cut -d' ' -f1)-blue/' README.md
 
+.PHONY: tag
+tag:
+	docker tag $(ORG)/$(NAME):$(VERSION) $(ORG)/$(NAME):latest
+
+.PHONY: tags
 tags:
 	docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" $(ORG)/$(NAME)
 
+.PHONY: ssh
 ssh:
-	@docker run --init -it --rm --entrypoint=bash $(ORG)/$(NAME):$(VERSION)
+	@docker run --init -it --rm --name $(NAME) --entrypoint=bash $(ORG)/$(NAME):$(VERSION)
 
+.PHONY: tar
 tar:
 	docker save $(ORG)/$(NAME):$(VERSION) -o $(NAME).tar
 
-gotest:
+.PHONY: push
+push: build tag
+	docker push $(ORG)/$(NAME):$(VERSION)
+	docker push $(ORG)/$(NAME):latest
+
+go-test:
 	go get
 	go test -v
 
 avtest:
-	@echo "===> ${NAME} EICAR Test"
-	@docker run --init --rm --entrypoint=sh $(ORG)/$(NAME):$(VERSION) -c "/etc/init.d/zavd start --no-daemon > /dev/null 2>&1 && zavcli /malware/EICAR" > tests/av.virus || true
-	@echo "===> ${NAME} Clean Test"
-	@docker run --init --rm --entrypoint=sh $(ORG)/$(NAME):$(VERSION) -c "/etc/init.d/zavd start --no-daemon > /dev/null 2>&1 && zavcli /bin/cat" > tests/av.clean || true
-	@echo "===> ${NAME} Version"
-	@docker run --init --rm --entrypoint=sh $(ORG)/$(NAME):$(VERSION) -c "/etc/init.d/zavd start --no-daemon > /dev/null 2>&1 && zavcli --version" > tests/av.version || true
-	@echo "===> ${NAME} DB version"
-	@docker run --init --rm --entrypoint=sh $(ORG)/$(NAME):$(VERSION) -c "/etc/init.d/zavd start --no-daemon > /dev/null 2>&1 && zavcli --version-zavd" > tests/av.update || true
-
-test:
-	docker rm -f elasticsearch || true
-	docker run --init -d --name elasticsearch -p 9200:9200 blacktop/elasticsearch
-	sleep 10; docker run --init --rm $(ORG)/$(NAME):$(VERSION)
-	docker run --init --rm --link elasticsearch $(ORG)/$(NAME):$(VERSION) -V EICAR | jq . > docs/results.json
+	@echo "===> Dr.WEB Version"
+	@docker run --init --rm --entrypoint=bash $(ORG)/$(NAME):$(VERSION) -c "drweb-ctl --version" > tests/av_version.out
+	@echo "===> Dr.WEB BaseInfo"
+	@docker run --init --rm --entrypoint=bash $(ORG)/$(NAME):$(VERSION) -c "/opt/drweb.com/bin/drweb-configd -d && drweb-ctl baseinfo" > tests/av_baseinfo.out
+	@echo "===> Dr.WEB License"
+	@docker run --init --rm --entrypoint=bash $(ORG)/$(NAME):$(VERSION) -c "/opt/drweb.com/bin/drweb-configd -d && drweb-ctl license" > tests/av_license.out
+	@echo "===> Dr.WEB EICAR Test"
+	@docker run --init --rm --entrypoint=bash $(ORG)/$(NAME):$(VERSION) -c "/opt/drweb.com/bin/drweb-configd -d && drweb-ctl scan EICAR" > tests/av_eicar_scan.out || true
+	@echo "===> Dr.WEB $(MALWARE) Test"
+	@docker run --init --rm --entrypoint=bash -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -c "/opt/drweb.com/bin/drweb-configd -d && drweb-ctl scan $(MALWARE)" > tests/av_malware_scan.out || true
+	@echo "===> Dr.WEB $(NOT_MALWARE) Test"
+	@docker run --init --rm --entrypoint=bash -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -c "/opt/drweb.com/bin/drweb-configd -d && drweb-ctl scan $(NOT_MALWARE)" > tests/av_clean_scan.out || true
+
+update:
+	@docker run --init --rm $(ORG)/$(NAME):$(VERSION) -V update
+
+.PHONY: start_elasticsearch
+start_elasticsearch:
+ifeq ("$(shell docker inspect -f {{.State.Running}} elasticsearch)", "true")
+	@echo "===> elasticsearch already running.  Stopping now..."
+	@docker rm -f elasticsearch || true
+endif
+	@echo "===> Starting elasticsearch"
+	@docker run --init -d --name elasticsearch -p 9200:9200 malice/elasticsearch:6.4; sleep 15
+
+.PHONY: malware
+malware:
+ifeq (,$(wildcard $(MALWARE)))
+	wget https://github.com/maliceio/malice-av/raw/master/samples/befb88b89c2eb401900a68e9f5b78764203f2b48264fcc3f7121bf04a57fd408 -O $(MALWARE)
+	cd tests; echo "TEST" > not.malware
+endif
+
+.PHONY: test_all
+test_all: test test_elastic test_markdown test_web
+
+.PHONY: test
+test: malware
+	@echo "===> ${NAME} --help"
+	docker run --init --rm $(ORG)/$(NAME):$(VERSION) --help
+	docker run --init --rm -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE) | jq . > docs/results.json
 	cat docs/results.json | jq .
+
+.PHONY: test_elastic
+test_elastic: start_elasticsearch malware
+	@echo "===> ${NAME} test_elastic found"
+	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE)
+	@echo "===> ${NAME} test_elastic NOT found"
+	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(NOT_MALWARE)
 	http localhost:9200/malice/_search | jq . > docs/elastic.json
-	cat docs/elastic.json | jq -r '.hits.hits[] ._source.plugins.av.${NAME}.markdown' > docs/SAMPLE.md
-	docker rm -f elasticsearch
 
+.PHONY: test_markdown
+test_markdown: test_elastic
+	@echo "===> ${NAME} test_markdown"
+	# http localhost:9200/malice/_search query:=@docs/query.json | jq . > docs/elastic.json
+	cat docs/elastic.json | jq -r '.hits.hits[] ._source.plugins.${CATEGORY}.${NAME}.markdown' > docs/SAMPLE.md
+
+.PHONY: test_web
+test_web: malware stop
+	@echo "===> Starting web service"
+	@docker run -d --name $(NAME) -p 3993:3993 $(ORG)/$(NAME):$(VERSION) web
+	http -f localhost:3993/scan malware@$(MALWARE)
+	@echo "===> Stopping web service"
+	@docker logs $(NAME)
+	@docker rm -f $(NAME)
+
+.PHONY: stop
+stop: ## Kill running docker containers
+	@docker rm -f $(NAME) || true
+
+.PHONY: circle
 circle: ci-size
-	@sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/SIZE)-blue/' README.md
-	@echo "===> Image size is: $(shell cat .circleci/SIZE)"
+	@sed -i.bu 's/docker%20image-.*-blue/docker%20image-$(shell cat .circleci/size)-blue/' README.md
+	@echo "===> Image size is: $(shell cat .circleci/size)"
 
 ci-build:
 	@echo "===> Getting CircleCI build number"
 	@http https://circleci.com/api/v1.1/project/github/${REPO} | jq '.[0].build_num' > .circleci/build_num
 
 ci-size: ci-build
-	@echo "===> Getting image build size from CircleCI"
-	@http "$(shell http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts${CIRCLE_TOKEN} | jq '.[].url')" > .circleci/SIZE
+	@echo "===> Getting artifact sizes from CircleCI"
+	@cd .circleci; rm size nsrl bloom || true
+	@http https://circleci.com/api/v1.1/project/github/${REPO}/$(shell cat .circleci/build_num)/artifacts${CIRCLE_TOKEN} | jq -r ".[] | .url" | xargs wget -q -P .circleci
 
 clean:
 	docker-clean stop
-	docker rmi $(ORG)/$(NAME):$(VERSION)
-	docker rmi $(ORG)/$(NAME):base
+	docker image rm $(ORG)/$(NAME):$(VERSION)  || true
+	docker image rm $(ORG)/$(NAME):latest || true
+	rm $(MALWARE)  || true
+	rm $(NOT_MALWARE)  || true
+
+# Absolutely awesome: http://marmelab.com/blog/2016/02/29/auto-documented-makefile.html
+help:
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.DEFAULT_GOAL := all
 
-.PHONY: build dev size tags test gotest clean circle
diff --git a/README.md b/README.md
@@ -1,20 +1,82 @@
-kaspersky
-=========
+# malice-kaspersky
+
+[![Circle CI](https://circleci.com/gh/malice-plugins/kaspersky.png?style=shield)](https://circleci.com/gh/malice-plugins/kaspersky) [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org) [![Docker Stars](https://img.shields.io/docker/stars/malice/kaspersky.svg)](https://store.docker.com/community/images/malice/kaspersky) [![Docker Pulls](https://img.shields.io/docker/pulls/malice/kaspersky.svg)](https://store.docker.com/community/images/malice/kaspersky) [![Docker Image](https://img.shields.io/badge/docker%20image-971MB-blue.svg)](https://store.docker.com/community/images/malice/kaspersky)
 
 Malice Kaspersky Antivirus Plugin
 
-To get a trial activation code go [here](https://usa.kaspersky.com/small-to-medium-business-security/downloads/file-server-free-trial?utm_content=downloads)
+> This repository contains a **Dockerfile** of [kaspersky](https://www.kaspersky.com/).
+
+---
+
+## :warning: STATUS :warning:
+
+Not working in docker, but is working in Vagrant, probably due to a syscall being blacklisted?
+
+### Dependencies
+
+- [ubuntu:xenial (_79.2 MB_\)](https://hub.docker.com/_/debian/)
+
+## Installation
+
+1. Install [Docker](https://www.docker.com/).
+2. Download [trusted build](https://store.docker.com/community/images/malice/kaspersky) from public [docker store](https://store.docker.com): `docker pull malice/kaspersky`
+
+## Usage
+
+```
+docker run --rm malice/kaspersky EICAR
+```
+
+### Or link your own malware folder:
+
+```bash
+
+```
+
+## Sample Output
+
+### [JSON](https://github.com/malice-plugins/kaspersky/blob/master/docs/results.json)
+
+```json
+{
+  "kaspersky": {}
+}
+```
+
+### [Markdown](https://github.com/malice-plugins/kaspersky/blob/master/docs/SAMPLE.md)
+
+---
+
+#### Kaspersky
+
+---
+
+## Documentation
+
+- [To write results to ElasticSearch](https://github.com/malice-plugins/kaspersky/blob/master/docs/elasticsearch.md)
+- [To create a Kaspersky scan micro-service](https://github.com/malice-plugins/kaspersky/blob/master/docs/web.md)
+- [To post results to a webhook](https://github.com/malice-plugins/kaspersky/blob/master/docs/callback.md)
+- [To update the AV definitions](https://github.com/malice-plugins/kaspersky/blob/master/docs/update.md)
+
+## Issues
+
+Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to [file an issue](https://github.com/malice-plugins/kaspersky/issues/new).
+
+## TODO
+
+- [ ] add licence expiration detection
+- [ ] expose WEB ui
+
+## CHANGELOG
 
-To convert your activation code to a license.key go here: https://activation.kaspersky.com/en/
+See [`CHANGELOG.md`](https://github.com/malice-plugins/kaspersky/blob/master/CHANGELOG.md)
 
-https://my.kaspersky.com/MyLicenses#allx
+## Contributing
 
-Stargazers over time
---------------------
+[See all contributors on GitHub](https://github.com/malice-plugins/kaspersky/graphs/contributors).
 
-[![Stargazers over time](https://starcharts.herokuapp.com/maliceio/malice.svg)](https://starcharts.herokuapp.com/maliceio/malice)
+Please update the [CHANGELOG.md](https://github.com/malice-plugins/kaspersky/blob/master/CHANGELOG.md) and submit a [Pull Request on GitHub](https://help.github.com/articles/using-pull-requests/).
 
-NOTE
-----
+## License
 
-- https://bitbucket.org/cse-assemblyline/alsvc_kaspersky/src
+MIT Copyright (c) 2016 **blacktop**
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-v0.1.0
+0.1.0
diff --git a/config.toml b/config.toml
@@ -0,0 +1,14 @@
+# malice/kaspersky plugin configuration.
+
+name = 'kaspersky'
+description = 'Malice Kaspersky AntiVirus'
+category = 'av'
+version = '0.1.0'
+
+accepts = [ '*' ]
+
+[system]
+cpu = 0.5
+ram = 256 # MB
+
+[settings]