joxeankoret / multiav Goto Github PK

MultiAV scanner with Python and JSON API. Disclaimer: I don't maintain it any more.

License: Other

CSS 0.40% HTML 1.61% Python 97.48% Makefile 0.51%

multiav's Introduction

ARCHIVED PROJECT: I do not support it anymore.

MultiAV Scanner Wrapper

MultiAV Python API. It can scan a file or directory with multiple AV engines simultaneously. It uses, with the only exception of ClamAV, the command line AV scanners and extracts the malware names from the output of the command line tools (for ClamAV it uses the https://code.google.com/p/pyclamd/ extension).

It supports a total of 18 AV engines. The list of currently supported engines is the following:

ClamAV (Ultra-fast, using the daemon)
F-Prot (Ultra-fast)
Comodo (Fast)
BitDefender (Medium)
ESET (Slow)
Avira (Slow)
Sophos (Medium)
Avast (Ultra-fast, using the daemon)
AVG (Ultra-fast, using the daemon)
DrWeb (Slow)
McAfee (Very slow, only enabled when running all the engines)
Ikarus (Medium, using Wine in Linux/Unix)
F-Secure (Fast)
Kaspersky (Fast, tested under MacOSX & Linux)
Zoner Antivirus (Ultra-fast)
MicroWorld-eScan (Fast)
Cyren (Ultra-fast)
QuickHeal (Fast)

This tool have been tested only under Linux. However, it should work equally in other Unix based operating systems as well as in Windows as long as the output from the AV command line utilities maintains the same format.

Example usages

MultiAV.py can be executed via the command line by simply giving to it a valid path:

$ python multiav.py malware/xpaj/

{'AVG': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'Win32/Xpaj',
         'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'Win32/Xpaj',
         'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'Win32/Xpaj',
         'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'Win32/Xpaj',
         'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'Win32/Xpaj'},
 'ClamAV': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'BC.W32.Xpaj',
            'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'BC.W32.Xpaj',
            'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'BC.W32.Xpaj',
            'malware/xpaj/c610e8b351f719c5dcf634b8ffe175abac5331b7': 'W32.Xpaj',
            'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'BC.W32.Xpaj',
            'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'BC.W32.Xpaj'},
 'Comodo': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'Malware',
            'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'Malware',
            'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'Malware',
            'malware/xpaj/bd5232259425c72e5ea1f4071e3075058cf70de2': 'Malware',
            'malware/xpaj/c610e8b351f719c5dcf634b8ffe175abac5331b7': 'Malware',
            'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'Malware',
            'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'Malware'},
 'ESET': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'Win32/Goblin.D.Gen virus',
          'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'Win32/Goblin.D.Gen virus',
          'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'Win32/Goblin.D.Gen virus',
          'malware/xpaj/c610e8b351f719c5dcf634b8ffe175abac5331b7': 'Win32/Goblin.A.Gen virus',
          'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'Win32/Goblin.D.Gen virus',
          'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'Win32/Goblin.D.Gen virus'},
 'F-Prot': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'W32/Xpaj.A!Generic',
            'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'W32/Xpaj.C',
            'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'W32/Xpaj.A',
            'malware/xpaj/bd5232259425c72e5ea1f4071e3075058cf70de2': 'W32/Xpaj.A!Generic (damaged)',
            'malware/xpaj/c610e8b351f719c5dcf634b8ffe175abac5331b7': 'W32/Xpaj.A.gen!Eldorado (generic, not disinfectable)',
            'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'W32/Xpaj.C',
            'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'W32/Xpaj.A!Generic'},
 'Sophos': {'malware/xpaj/00908235ee9e267fa2f4c83fb4304c63af976cbc': 'Mal/Xpaj-B',
            'malware/xpaj/43194f9abf525520639a8bcd434403287ffac63b': 'Mal/Xpaj-B',
            'malware/xpaj/4fd8b09fd238e5bab13cebed9232c18d505a1a16': 'Mal/Xpaj-B',
            'malware/xpaj/c610e8b351f719c5dcf634b8ffe175abac5331b7': 'Mal/Xpaj-A',
            'malware/xpaj/e0e8c24028775831c52705e42fc2547103bafbbc': 'Mal/Xpaj-B',
            'malware/xpaj/f144ecc2f480b757946449086fa01eb71694554f': 'Mal/Xpaj-B'}}

However, it's not designed to be executed as an independent tool but rather to be used as an API for other tools. The following is an example of how to use the MultiAV API In your own Python tools:

import pprint
import multiav

multi_av = multiav.CMultiAV()
ret = multi_av.scan(path, multiav.AV_SPEED_MEDIUM)
pprint.pprint(multi_av)

Here we're creating a CMultiAV object without specifying the configuration file (by default "config.cfg"). We can specify it by passing the path to the *.cfg file to the constructor of the Python object:

multi_av = multiav.CMultiAV("/path/to/cfg")

In the example Python code we're also specifying that we only want to run antivirus scanners considered of either fast or "medium" speed. We can also specify that we want to run all engines (both "fast", "medium", "slow" and "very slow" ones) by setting the second argument to object.scan() to AV_SPEED_ALL (or to AV_SPEED_SLOW if we want to omit the scanners that are really slow, namely, Avast and McAfee):

# For all engines
ret = multi_av.scan(path, multiav.AV_SPEED_ALL)
# For most of the engines with the only exception of Avast and McAfee
ret = multi_av.scan(path, multiav.AV_SPEED_SLOW)

AV_SPEED_ALL is default behaviour if one doesn't specifies the maximum allowed speed. One can also specify that only fast engines can be executed:

ret = multi_av.scan(path, multiav.AV_SPEED_FAST)

By default, MultiAV.py will try to run AV scanners at the same time, simultaneously, maintaning a total number of processes in memory equal to the number of CPUs reported by multiprocessing.cpu_count(), which takes into account also multiple cores in the same physical processor. If you don't want to run MultiAV.py in parallel mode you can use the method object.single_scan() which receives the same arguments as the method object.scan(), as in the following example:

ret = multi_av.scan_single(path, multiav.AV_SPEED_SLOW)

One can also scan a single buffer using the object.scan_buffer() API:

ret = multiav.scan_buffer(buf, multiav.AV_SPEED_SLOW)

Configuration file

When creating a CMultiAV object one can specify a configuration file like in the following example:

multi_av = multiav.CMultiAV("/path/to/cfg")

The format of the configuration file is rather easy. There are only 2 or 3 parameters that one needs in order to use and configure an AV engine scanner: PATH, ARGUMENTS and DISABLED (if the engine is not enabled). The only exception to the rule is ClamAV for which there are only 2 configuration directives: DISABLED and UNIX_SOCKET, which is the Unix socket where the daemon "clamd" is listening.

So, let's say that we want to disable Sophos scanner and configure a new path for McAfee scanner. We would need to modify our *.cfg file with a content similar to the following one:

[McAfee]
PATH=/new/path/to/uvscan
ARGUMENTS=-the -arguments -we -want

[Sophos]
PATH=whatever
ARGUMENTS=whatever
DISABLED=1

Example Web interface and JSON based web API

Since commit c3828b337b98a450a8b48c764aecbb04cc4d2324, MultiAV distributes a basic example web interface using web.py that offers a simple JSON based API. There is also an example client called "multiav-client.py" that uses the JSON API to scan a file with the multiple engines configured in the MultiAV server.

The current version of the basic JSON based web API exports 3 methods:

/api/upload
/api/upload_fast
/api/search

API /api/upload

This API uploads and analyses with all the configured engines, regardless of how fast or slow they are, the given sample file.

Example usage:

import os
import json
import pprint
import postfile

host = "multi-av-host-ip:8080"
selector = "/api/upload"
filename = "/path/to/eicar.com.txt"
file_buf = open(filename, "rb").read()
files = [("file_upload", os.path.basename(filename), file_buf)]
json_txt = postfile.post_multipart(host, selector, [], files)
pprint.pprint(json.loads(json_txt))

Example output:

{u'AVG': {u'/tmp/tmpt1WoID': u'EICAR_Test'},
 u'Avast': {u'/tmp/tmpt1WoID': u'EICAR Test-NOT virus!!!'},
 u'BitDefender': {u'/tmp/tmpt1WoID': u'EICAR-Test-File (not a virus)'},
 u'ClamAV': {u'/tmp/tmpt1WoID': u'Eicar-Test-Signature'},
 u'Comodo': {u'/tmp/tmpt1WoID': u'Malware'},
 u'ESET': {u'/tmp/tmpt1WoID': u'Eicar test file'},
 u'F-Prot': {u'/tmp/tmpt1WoID': u'EICAR_Test_File (exact)'},
 u'Ikarus': {u'/tmp/tmpt1WoID': u'EICAR-ANTIVIRUS-TESTFILE'},
 u'McAfee': {u'/tmp/tmpt1WoID': u'EICAR test file NOT'},
 u'Kaspersky': {u'/tmp/tmpt1WoID': u'EICAR-Test-File'},
 u'Sophos': {u'/tmp/tmpt1WoID': u'EICAR-AV-Test'},
 u'ZAV': {u'/tmp/tmpt1WoID': u'EICAR.Test.File-NoVirus'}}

API /api/upload_fast

This API uploads and analyses with only the fastest configured AV engines (Avast, AVG, ClamAV, F-Prot an Zoner Antivirus) the given sample file.

Example usage:

import os
import json
import pprint
import postfile

host = "multi-av-host-ip:8080"
selector = "/api/upload_fast"
filename = "/path/to/eicar.com.txt"
file_buf = open(filename, "rb").read()
files = [("file_upload", os.path.basename(filename), file_buf)]
json_txt = postfile.post_multipart(host, selector, [], files)
pprint.pprint(json.loads(json_txt))

Example output:

{u'AVG': {u'/tmp/tmpXveafr': u'EICAR_Test'},
 u'Avast': {u'/tmp/tmpXveafr': u'EICAR Test-NOT virus!!!'},
 u'ClamAV': {u'/tmp/tmpXveafr': u'Eicar-Test-Signature'},
 u'F-Prot': {u'/tmp/tmpXveafr': u'EICAR_Test_File (exact)'},
 u'ZAV': {u'/tmp/tmpXveafr': u'EICAR.Test.File-NoVirus'}}

API /api/search

Returns the previously generated report, if any, of the given MD5, SHA1 or SHA256 cryptographic hash.

Example usage:

import json
import pprint
import urllib2

report = urllib2.urlopen("http://multiav-ip:8080/api/search?file_hash=44d88612fea8a8f36de82e1278abb02f").read()
pprint.pprint(json.loads(report))

Example output:

{u'date': u'Mon May  4 19:50:22 2015',
 u'id': 6494,
 u'infected': 1,
 u'md5': u'44d88612fea8a8f36de82e1278abb02f',
 u'name': u'eicar.com.txt',
 u'report': u'{"F-Prot": {"/tmp/tmpUK1qEI": "EICAR_Test_File (exact)"}, "Avast": {"/tmp/tmpUK1qEI": "EICAR Test-NOT virus!!!"}, "ClamAV": {"/tmp/tmpUK1qEI": "Eicar-Test-Signature"}, "McAfee": {}, "ZAV": {"/tmp/tmpUK1qEI": "EICAR.Test.File-NoVirus"}, "AVG": {"/tmp/tmpUK1qEI": "EICAR_Test"}}',
 u'sha1': u'3395856ce81f2b7382dee72602f798b642f14140',
 u'sha256': u'275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f'}

multiav's People

Stargazers

Watchers

Forkers

distribute urwithajit9 s4n7h0 chubbymaggie codecrack3 apolkosnik-old kszarek feathur palaniyappanbala idkwim xkill nuncjo llazzaro miragshin icaas gitpythonkaka manouchehri morrowd shekkbuilder cephurs mrloverman5 m4rm0k gk1 ronaldsantos63 ohio813 devandrei lucabongiorni wflk juniorriau h4ng3r ati-account jhonthenripper ulicar modulexcite ajmartel redteamcaliber misterfxguy clicknull dfirgeek olivierh59500 ambient-innovation yashodhank hanul93 truckydev dowdyph0 blackuuz appcoreopc 22ca54d00f05391d6ffee4bc23a5ba60 ajgappmark haruka-ynu securitybear javiloncho jacr6 theizu weiyuchen jtarang galaxydata revcozmo solitud3 revotu heikipikker littlehann william-vu oleksandr-kuzmenko greatbahram ulrich29 orf53975 j0rget lukw00heck daverstephens kingsbig2001 light-bringer metril albertkelvinhu dlat ngatilio oxonline mmg1 janseliger ralex1975 najashark jampe relay7 homer-rivera doanhnhq-uit ancadeleuu the-oinkprotocol-labs reconbug peflo repson eodgooch misa3l osmboy felfelche pfevre muhyuddin raystyle kernweak nilanjpatel histeriks

multiav's Issues

Problems using package

Honestly can't get this to work in any form.

Steps so far

python setup.py install
configured cfg and made sure AV clients were install
Launch python interpreter and import multiav (succeeded)

Then when trying to do anything I'm basically getting Module object has no attribute

>>> multi_av = multiav.CMultiAV()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'CMultiAV'

I confirmed the packages were install against Pypi:
PIP:

pip install multiav
Requirement already satisfied (use --upgrade to upgrade): multiav in ./lib/python2.7/site-packages/multiav-0.1.0-py2.7.egg
Requirement already satisfied (use --upgrade to upgrade): web.py in ./lib/python2.7/site-packages/web.py-0.40.dev0-py2.7.egg (from multiav)
Requirement already satisfied (use --upgrade to upgrade): pyClamd in ./lib/python2.7/site-packages/pyClamd-0.3.17-py2.7.egg (from multiav)

EASY_Install

Searching for multiav
Best match: multiav 0.1.0
Processing multiav-0.1.0-py2.7.egg
multiav 0.1.0 is already the active version in easy-install.pth
Installing multiav-client.py script to /home/_/Desktop/multiav-master/pyav/bin
Installing runserver.py script to /home/__/Desktop/multiav-master/pyav/bin
Installing multiav-scan.py script to /home/_**/Desktop/multiav-master/pyav/bin

Using /home/******/Desktop/multiav-master/pyav/lib/python2.7/site-packages/multiav-0.1.0-py2.7.egg
Processing dependencies for multiav
Finished processing dependencies for multiav

I can't finde multiav.py

Where is multiav.py file ? i can't run it

multiav.py not found

Thankyou for writing an amazing tool, however I am unable to get it to work on kali 64bit, I keep getting and error multiav.py no such file or directory, I have tried reinstalling a few times now, is it possible you could briefly go over the installation, as the error makes me think I have made a mistake during installation. I have tried everything according to your book.
Thankyou

License change

I will be changing the license of this project to the GNU Affero GPL 3.0. While it means no change for 99,99% of users, I would like to know if you have a strong opinion against the change.

unable to execute multiav-scan.py

i am trying to run the multiav-scan.py as follows
chmod +x multiav-scan.py
./multiav-scan.py malwaresample.scr

it is giving me following error:
Process Process-1:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 508, in scan
cmd.append("-REPORT=%s" % fname)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-2:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 165, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-3:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 370, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-4:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-5:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 209, in scan
output = check_output(cmd, stderr=devnull)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-6:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-7:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 445, in scan
cmd = self.build_cmd(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 96, in build_cmd
scan_path = parser.get(self.name, "PATH")
File "/usr/lib/python2.7/ConfigParser.py", line 607, in get
raise NoSectionError(section)
NoSectionError: No section: 'Ikarus'
Process Process-8:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 390, in scan
ret = CAvScanner.scan(self, path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-9:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-10:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 415, in scan
cmd = self.build_cmd(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 96, in build_cmd
scan_path = parser.get(self.name, "PATH")
File "/usr/lib/python2.7/ConfigParser.py", line 607, in get
raise NoSectionError(section)
NoSectionError: No section: 'AVG'
Process Process-11:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 342, in scan
return CAvScanner.scan(self, path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-12:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 330, in scan
return CAvScanner.scan(self, path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-13:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 293, in scan
return CAvScanner.scan(self, path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-14:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 281, in scan
return CAvScanner.scan(self, path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-15:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 304, in scan
cmd = self.build_cmd(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 96, in build_cmd
scan_path = parser.get(self.name, "PATH")
File "/usr/lib/python2.7/ConfigParser.py", line 607, in get
raise NoSectionError(section)
NoSectionError: No section: 'ESET'
Process Process-16:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 113, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment
Process Process-17:
Traceback (most recent call last):
File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap
self.run()
File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run
self._target(_self._args, *_self._kwargs)
File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 601, in scan_one
av.scan(path)
pls help!!

help to install joxeankoret

hi joxeankoret

plz help me to install multiav
.i am problem to run multiav install to ubento .

You're not prepared to install video tutorial?

thanks joxeankoret

Facing issue Python and its module version

Hi Jox

Can you provide me compatible python and its module version details

I tried 2.6.6 , 2.7.9 and 3.4.3

Keep on throwing some errors

Traceback (most recent call last):
File "multiav.py", line 500, in
main(sys.argv[1])
File "multiav.py", line 487, in main
ret = multi_av.scan(path, AV_SPEED_ALL)
File "multiav.py", line 448, in scan
return self.single_scan(path, max_speed)
File "multiav.py", line 453, in single_scan
results = self.scan_one(av_engine, path, results, max_speed)
File "multiav.py", line 462, in scan_one
av.scan(path)
File "multiav.py", line 113, in scan
output = check_output(cmd)
File "/usr/local/lib/python2.7/subprocess.py", line 530, in check_output
process = Popen(stdout=PIPE, _popenargs, *_kwargs)
File "/usr/local/lib/python2.7/subprocess.py", line 672, in init
errread, errwrite)
File "/usr/local/lib/python2.7/subprocess.py", line 1201, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory

Running the server on a different port

Hello, I've been having problems running the multiav server. There doesn't seem to be documentation on how to do it. I tried using runserver.py, but it always fails with an error about the path from where is being run (even if I run it from the path it asks to be run from). Also, I can't find any place where the port number of the server could be changed

No template named index

How can I solve this problem?

can all the antivirus scan Windows PE ?

I think the C / S structure is relatively good, the client runs on Windows so that anti-virus software can scan the sample.
Is there any intention to develop it ?

Installer?

Do you by chance have an installer of some kind to put some/all of these on automatically?

(preferably CentOS, Ubuntu or Debian, but I'm not too picky)

missing requirements.txt

Can you please provide requirements.txt and which python version should I use?

Instalation Guild

Hello Sir
i`m newbie in Linux OS an py language
but i need to install your amazing Multi-AV
would you please help me how can I install it ? or how can i scan my file with all 18 antivirus
please help me is you can
thanks in advance

AttributeError: 'module' object has no attribute 'CMultiAV'

this code :
import pprint
import multiav

multi_av = multiav.CMultiAV()
ret = multi_av.scan(path, multiav.AV_SPEED_MEDIUM)
pprint.pprint(multi_av)

show this error:
Traceback (most recent call last): File "test.py", line 4, in <module> multi_av = multiav.CMultiAV() AttributeError: 'module' object has no attribute 'CMultiAV'

core.py line# 108 not being execute and causing error-> local variable 'cmd' referenced before assignment*

Line# 108 not being execute -> cmd = self.build_cmd(path)
And therefore Error coming while executing Line# 113 -> output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment**

The complete error is shown below:

multiav-scan.py eicer.com

Traceback (most recent call last):
File "/bin/multiav-scan.py", line 25, in
main(sys.argv[1])
File "/bin/multiav-scan.py", line 11, in main
ret = multi_av.scan(path, AV_SPEED_ALL)
File "/usr/lib/python2.7/site-packages/multiav/core.py", line 593, in scan
return self.single_scan(path, max_speed)
File "/usr/lib/python2.7/site-packages/multiav/core.py", line 598, in single_scan
results = self.scan_one(av_engine, path, results, max_speed)
File "/usr/lib/python2.7/site-packages/multiav/core.py", line 607, in scan_one
av.scan(path)
File "/usr/lib/python2.7/site-packages/multiav/core.py", line 118, in scan
output = check_output(cmd)
UnboundLocalError: local variable 'cmd' referenced before assignment

How-to Speed Up McAfee Antivirus Scanning

Issue: McAfee antivirus scanning is very slow
Fix/Solution: Use the uvscan --decompress command line option on new signature updates before scanning - applies to McAfee VirusScan Command Line versions below 6.0.5

McAfee antivirus scanning is listed as "(Very slow, only enabled when running all the engines)"; however, there is a way to significantly improve the McAfee scan performance. Unfortunately McAfee has not documented this feature in the uvscan man page or in the uvscan -h help option AFAIK. McAfee has documented this in their Virus Scan for UNIX product documentation. This feature applies to versions below 6.0.5

On page 34

After an update, run the following command once to decompress the newly downloaded DATs and accelerate the time for subsequent initializations.

uvscan --decompress

Example:

uvscan --decompress /usr/local/uvscan/

See results below for an example of before and after running uvscan --decompress

Some of the extra white space has been removed for brevity.

Before uvscan --decompress

d@ubuntu:~/Downloads$ time uvscan --ASCII --ANALYZE --MANALYZE --MACRO-HEURISTICS --RECURSIVE --UNZIP Cover-Letter.pdf
McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564
Copyright (C) 2013 McAfee, Inc.

AV Engine version: 5600.1067 for Linux64.
Dat set version: 8036 created Jan 6 2016
Scanning for 670676 viruses, trojans and variants.

Time: 00:00.00

real 0m21.249s
user 0m20.277s
sys 0m0.341s

d@ubuntu:~/Downloads$ time uvscan --ASCII --ANALYZE --MANALYZE --MACRO-HEURISTICS --RECURSIVE --UNZIP Resume.pdf
McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564
Copyright (C) 2013 McAfee, Inc.

AV Engine version: 5600.1067 for Linux64.
Dat set version: 8036 created Jan 6 2016
Scanning for 670676 viruses, trojans and variants.

Time: 00:00.00

real 0m16.388s
user 0m15.362s
sys 0m0.306s

After uvscan --decompress /usr/local/uvscan/

AV Engine version: 5600.1067 for Linux64.
Dat set version: 8036 created Jan 6 2016
Scanning for 670676 viruses, trojans and variants.

Time: 00:00.00

real 0m2.834s
user 0m2.677s
sys 0m0.156s

AV Engine version: 5600.1067 for Linux64.
Dat set version: 8036 created Jan 6 2016
Scanning for 670676 viruses, trojans and variants.

Time: 00:00.00

real 0m2.846s
user 0m2.683s
sys 0m0.147s

McAfee says:

From version 6.0.5 the DECOMPRESS switch is automatically applied. So the first time after each DAT update it will automatically replace the local copy of the compressed DAT with the decompressed equivalent for future use. It is no longer necessary to use the DECOMPRESS switch with the VSCL 6.0.5 and later releases." Documented here - https://kc.mcafee.com/corporate/index?page=content&id=KB68023

Additional Antivirus

Hii Jo ,

       If i want to add more antivirus ,.. ?  Where i have to update in code i think updating in cfg file not enough .

runing test script - problem

hello , and thank you for your work about multiav.
i setup this tool on ubuntu
python setup.py install

then for test i run the expamle code here
https://github.com/joxeankoret/multiav/blob/master/multiav/scripts/multiav-scan.py
and set the multiav.CMultiAV() to my config file in the example code below, i enable just E-sacn in config file ( all other have flag Disable=1) , but when i run the test code i get this errors :

Process Process-1: Traceback (most recent call last): File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in _bootstrap self.run() File "/usr/lib/python2.7/multiprocessing/process.py", line 114, in run self._target(*self._args, **self._kwargs) File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 638, in scan_one av.scan(path) File "/usr/local/lib/python2.7/dist-packages/multiav/core.py", line 153, in scan call(cmd) File "/usr/lib/python2.7/subprocess.py", line 523, in call return Popen(*popenargs, **kwargs).wait() File "/usr/lib/python2.7/subprocess.py", line 711, in __init__ errread, errwrite) File "/usr/lib/python2.7/subprocess.py", line 1340, in _execute_child raise child_exception **OSError: [Errno 2] No such file or directory** {}
please help me :)
best regards

joxeankoret / multiav Goto Github PK

multiav's Introduction

ARCHIVED PROJECT: I do not support it anymore.

MultiAV Scanner Wrapper

Example usages

Configuration file

Example Web interface and JSON based web API

API /api/upload

API /api/upload_fast

API /api/search

multiav's People

Stargazers

Watchers

Forkers

multiav's Issues

multiav-scan.py eicer.com

Before uvscan --decompress

After uvscan --decompress /usr/local/uvscan/

Recommend Projects

Recommend Topics

Recommend Org