fixes #5

malice-plugins · Mar 21, 2020 · 29ee587 · 29ee587
1 parent a04f603
commit 29ee587
Show file tree

Hide file tree

Showing 7 changed files with 45 additions and 26 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 ####################################################
 # GOLANG BUILDER
 ####################################################
-FROM golang:1.11 as go_builder
+FROM golang:1 as go_builder
 
 COPY . /go/src/github.com/malice-plugins/windows-defender
 WORKDIR /go/src/github.com/malice-plugins/windows-defender
@@ -36,15 +36,14 @@ RUN buildDeps='libreadline-dev:i386 \
   mercurial \
   git-core \
   unzip \
-  wget' \
+  curl' \
   && set -x \
   && dpkg --add-architecture i386 && apt-get update -qq \
   && apt-get install -y $buildDeps libc6-i386 --no-install-recommends \
   && echo "===> Install taviso/loadlibrary..." \
   && git clone https://github.com/taviso/loadlibrary.git /loadlibrary \
   && echo "===> Download 32-bit antimalware update file.." \
-  && wget --progress=bar:force "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" -O \
-  /loadlibrary/engine/mpam-fe.exe \
+  && curl -L --output /loadlibrary/engine/mpam-fe.exe "https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86" \
   && cd /loadlibrary/engine \
   && cabextract mpam-fe.exe \
   && rm mpam-fe.exe \
@@ -63,9 +62,6 @@ RUN apt-get update -qq && apt-get install -yq --no-install-recommends ca-certifi
 RUN apt-get update -qq && apt-get install -yq --no-install-recommends exiftool \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# Add EICAR Test Virus File to malware folder
-ADD http://www.eicar.org/download/eicar.com.txt /malware/EICAR
-
 RUN  mkdir -p /opt/malice
 COPY update.sh /opt/malice/update
 

diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org)
 [![Docker Stars](https://img.shields.io/docker/stars/malice/windows-defender.svg)](https://store.docker.com/community/images/malice/windows-defender)
 [![Docker Pulls](https://img.shields.io/docker/pulls/malice/windows-defender.svg)](https://store.docker.com/community/images/malice/windows-defender)
-[![Docker Image](https://img.shields.io/badge/docker%20image-312MB-blue.svg)](https://store.docker.com/community/images/malice/windows-defender)
+[![Docker Image](https://img.shields.io/badge/docker%20image-291MB-blue.svg)](https://store.docker.com/community/images/malice/windows-defender)
 
 Malice Windows Defender AntiVirus Plugin
 

diff --git a/docs/SAMPLE.md b/docs/SAMPLE.md
@@ -1,10 +1,10 @@
 #### Windows Defender
 | Infected      | Result      | Engine      | Updated      |
 |:-------------:|:-----------:|:-----------:|:------------:|
-| true | Backdoor:Win32/Lecna!dha | v0.1.0 | 20180906 |
+| true | Backdoor:Win32/Lecna!dha | 1.1.16800.2 | 20200321 |
 
 #### Windows Defender
 | Infected      | Result      | Engine      | Updated      |
 |:-------------:|:-----------:|:-----------:|:------------:|
-| false |  | v0.1.0 | 20180906 |
+| false |  | 1.1.16800.2 | 20200321 |
 
diff --git a/docs/elastic.json b/docs/elastic.json
@@ -1,5 +1,5 @@
 {
-  "took": 45,
+  "took": 74,
   "timed_out": false,
   "_shards": {
     "total": 1,
@@ -14,41 +14,41 @@
       {
         "_index": "malice",
         "_type": "samples",
-        "_id": "b-l3rGUB9sZX1XuzPoPE",
+        "_id": "bZjm_XABrFp7lT-HoAiM",
         "_score": 1,
         "_source": {
           "plugins": {
             "av": {
               "windows_defender": {
-                "engine": "v0.1.0",
+                "engine": "1.1.16800.2",
                 "infected": true,
-                "markdown": "#### Windows Defender\n| Infected      | Result      | Engine      | Updated      |\n|:-------------:|:-----------:|:-----------:|:------------:|\n| true | Backdoor:Win32/Lecna!dha | v0.1.0 | 20180906 |\n",
+                "markdown": "#### Windows Defender\n| Infected      | Result      | Engine      | Updated      |\n|:-------------:|:-----------:|:-----------:|:------------:|\n| true | Backdoor:Win32/Lecna!dha | 1.1.16800.2 | 20200321 |\n",
                 "result": "Backdoor:Win32/Lecna!dha",
-                "updated": "20180906"
+                "updated": "20200321"
               }
             }
           },
-          "scan_date": "2018-09-06T01:20:20.668671767Z"
+          "scan_date": "2020-03-21T16:21:54.9429506Z"
         }
       },
       {
         "_index": "malice",
         "_type": "samples",
-        "_id": "cOl3rGUB9sZX1XuzV4NC",
+        "_id": "bpjm_XABrFp7lT-HsQi7",
         "_score": 1,
         "_source": {
           "plugins": {
             "av": {
               "windows_defender": {
-                "engine": "v0.1.0",
+                "engine": "1.1.16800.2",
                 "infected": false,
-                "markdown": "#### Windows Defender\n| Infected      | Result      | Engine      | Updated      |\n|:-------------:|:-----------:|:-----------:|:------------:|\n| false |  | v0.1.0 | 20180906 |\n",
+                "markdown": "#### Windows Defender\n| Infected      | Result      | Engine      | Updated      |\n|:-------------:|:-----------:|:-----------:|:------------:|\n| false |  | 1.1.16800.2 | 20200321 |\n",
                 "result": "",
-                "updated": "20180906"
+                "updated": "20200321"
               }
             }
           },
-          "scan_date": "2018-09-06T01:20:26.94504399Z"
+          "scan_date": "2020-03-21T16:21:59.3543564Z"
         }
       }
     ]

diff --git a/docs/results.json b/docs/results.json
@@ -2,7 +2,7 @@
   "windows_defender": {
     "infected": true,
     "result": "Backdoor:Win32/Lecna!dha",
-    "engine": "v0.1.0",
-    "updated": "20181201"
+    "engine": "1.1.16800.2",
+    "updated": "20200321"
   }
 }
diff --git a/go.mod b/go.mod
@@ -0,0 +1,23 @@
+module github.com/malice-plugins/windows-defender
+
+go 1.14
+
+require (
+	github.com/Sirupsen/logrus v1.3.0
+	github.com/fatih/structs v1.1.0
+	github.com/gorilla/context v1.1.1
+	github.com/gorilla/mux v1.6.2
+	github.com/konsorten/go-windows-terminal-sequences v1.0.1
+	github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329
+	github.com/malice-plugins/pkgs v0.0.0-20190107161315-79532f02e4f0
+	github.com/mattn/go-runewidth v0.0.4
+	github.com/moul/http2curl v1.0.0
+	github.com/olivere/elastic v6.2.15+incompatible
+	github.com/parnurzeal/gorequest v0.2.15
+	github.com/pkg/errors v0.8.1
+	github.com/urfave/cli v1.20.0
+	golang.org/x/crypto v0.0.0-20190103213133-ff983b9c42bc
+	golang.org/x/net v0.0.0-20190107155100-1a61f4433d85
+	golang.org/x/sys v0.0.0-20190107070147-cb59ee366067
+	golang.org/x/text v0.3.0
+)
diff --git a/update.sh b/update.sh
@@ -1,14 +1,14 @@
 #!/bin/bash
 
 echo "===> Installing deps..."
-apt-get update -qq && apt-get install -yq wget cabextract
+apt-get update -qq && apt-get install -yq curl cabextract
 
 echo "===> Download 32-bit antimalware update file.."
-wget --progress=bar:force "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" -O /loadlibrary/engine/mpam-fe.exe
+curl -L --output /loadlibrary/engine/mpam-fe.exe "https://www.microsoft.com/security/encyclopedia/adlpackages.aspx?arch=x86"
 cd /loadlibrary/engine
 cabextract mpam-fe.exe
 
 echo "===> Clean up unnecessary files..."
-apt-get purge -y --auto-remove wget cabextract "$(apt-mark showauto)"
+apt-get purge -y --auto-remove curl cabextract "$(apt-mark showauto)"
 apt-get clean \
 rm -rf /var/lib/apt/lists/* /var/cache/apt/archives /tmp/* /var/tmp/* mpam-fe.exe