Adlice forum

Software feedback => MRF => Topic started by: xor on March 10, 2017, 06:53:48 pm

Title: malware not shown in interface
Post by: xor on March 10, 2017, 06:53:48 pm
Hi Dear author

I have a problems!

when i malware upload in database but not show in interface after upload some sample.

I tried a lot of ways but still can not solve it :-\

Is there any solution?

thanks!!
Title: Re: malware not shown in interface
Post by: Tigzy on March 13, 2017, 10:32:52 am
Hello,

Quote
[Fri Mar 10 22:27:56.076337 2017] [:error] [pid 17593] [client 127.0.0.1:49380] PHP Fatal error:  Uncaught Error: Call to undefined function curl_init() in /var/www/html/mrf/src/cuckoo.php:170\nStack trace:\n#0 /var/www/html/mrf/src/cuckoo.php(42): CuckooAPI->_doCall('GET', 'cuckoo/status', Array)\n#1 /var/www/html/mrf/src/functions.php(390): CuckooAPI->getInfos()\n#2 /var/www/html/mrf/src/uploader.php(1480): OnGetCuckooStatus()\n#3 /var/www/html/mrf/api.php(114): UploadHandler->get_cuckoo_status()\n#4 /var/www/html/mrf/api.php(40): Rest_Api->getcuckoo()\n#5 /var/www/html/mrf/api.php(207): Rest_Api->processApi()\n#6 {main}\n  thrown in /var/www/html/mrf/src/cuckoo.php on line 170, referer: http://localhost/mrf/

Seems like you don't have Curl module enabled, or installed on your machine.
Can you tell me what machine it is?

Thanks,
Title: Re: malware not shown in interface
Post by: xor on March 13, 2017, 10:55:06 am
Yes! I installed the curl module has been working properly!(i use ubuntu 16.04)

Thank you for your answer :D

There is also a problem! How do I make VT_Scan only use hash query does not upload it?
Title: Re: malware not shown in interface
Post by: Tigzy on March 13, 2017, 11:18:35 am
Hello,
Sorry I don't get all what you write :)
- You mean your curl issue is now solved?
- VT scan can do both query/upload, the internal workflow is as follow: Check hash. If exists, display score. If not, If config says autoupload then upload the file / else display "Unknown"
Title: Re: malware not shown in interface
Post by: xor on March 13, 2017, 03:55:46 pm
hi

After I study your code again, I want to clarify some questions:
There is a “virustotal automatic_upload” in the config file, if I set it as “False”, does that mean the system would not send the file to virus total automatically?
In the upload page, there is a checkbox of virustotal. What does it upload to virus total ? Hash value or original file?
Thank you for helping me. Sorry for bothering you.

by the way.......Yes my curl issues is solved!
Title: Re: malware not shown in interface
Post by: Tigzy on March 13, 2017, 04:30:27 pm
Quote
There is a “virustotal automatic_upload” in the config file, if I set it as “False”, does that mean the system would not send the file to virus total automatically?

Yes, this is what I described in my last post:
Quote
- VT scan can do both query/upload, the internal workflow is as follow: Check hash. If exists, display score. If not, If config says autoupload then upload the file / else display "Unknown"
This is useful in case you want to keep your interesting samples for yourself and not share with the industry.

Quote
In the upload page, there is a checkbox of virustotal. What does it upload to virus total ? Hash value or original file?
That checkbox tells exactly that: Initial check on VirusTotal. Unlike the "VT Scan" button, which forces an upload if unknown, the checkbox will trigger the workflow I described.