Messages

1

Diag / Re: Spyware?

« on: August 04, 2018, 07:14:31 pm »

Hello,
Please remember this is beta version, everything is currently being setup. It takes time.

I can answer your question: it doesn't fall under GDPR as data is anonyme, there's no personal data.
The software only sends Operating system version, software version, software name, and this is all. All we need is usage count and it's stored as number per days in database.
We own the database as well.

I hope this answers the question.
Thanks,

2

RogueKiller / Re: "Update" Button Not Working

« on: May 16, 2018, 07:51:54 am »

Hey,
that is a strange story...
Yes, RogueKiller updater is called updater.exe, but is located into its own RogueKiller directory, so there's no confusion.
Looks like H&S do some hooking / monitoring and intercepts RogueKiller update attempts.

By any chance, was RogueKiller portable placed into the same directory as H&S ?

3

RogueKiller / Re: "Update" Button Not Working

« on: May 15, 2018, 05:13:54 pm »

Hey, thanks for letting us know
Could you post a screenshot of the error message "H&S" ? That will help us to identify the issue;

Thanks,

4

UCheck / Re: Détection des logiciels portables

« on: May 15, 2018, 05:12:27 pm »

Bonjour,
Nous avons déjà commencé à ajouter les logiciels portables (en beta).
Pour le moment seuls quelques soft (comme AdwCleaner) sont compatible, et dans certains dossiers seulement (Mes Téléchargements)
Nous avons prévu de pouvoir faire quelque chose de plus large dans la prochaine version

Merci pour le bug

5

MRF / Re: RFE

« on: April 09, 2018, 12:09:20 pm »

Hey, let me answer anyway

- When pulling a VT report, I would like to tag (or otherwise correlate) the sample with at least all of the detections rather than one.  It would also be great to pull things such as the data from the behavior tab (when available).
=> This goes against the VirusTotal terms of service, so we can't. As for the behavior data, I don't think it's available in the public API (I may be wrong)

- Yara Scanning is planned, and currently in development.

6

UCheck / Re: Inaccurate results for two PuTTY-related programs

« on: March 19, 2018, 08:39:59 am »

Hey, thanks for letting us know
This should be fixed, any chance you can confirm me?

Thanks,

7

MRF / Re: Need Advice on Cron Job

« on: January 18, 2018, 09:45:02 am »

Hey, I guess something like this should work (untested)

Code: [Select]

import json
import os
import requests
 
# Parameters, don't forget to modify
apikey      = "your_token"
host        = "mrf.yourserver.com"
urlserver   = "http://mrf.yourserver.com/api.php?action=virustotalscan"
md5         = "the_md5_of_the_file_already_uploaded"
 
def post_multipart(host, selector, fields):
    headers = {'user-agent': 'Dionaea honeypot'}
    r = requests.post(selector, headers=headers, data=fields)
   
def ScanFile():                 
    parameters = {"hash": md5}
    post_multipart(host, urlserver, parameters)


8

MRF / Re: Need Advice on Cron Job

« on: January 16, 2018, 02:10:28 pm »

Yes but it wasn't tested yet. We know some people got error with it, so it's not surprising.
It's scheduled though, will be in next version. We'll also consider publishing a Docker image

9

MRF / Re: Need Advice on Cron Job

« on: January 15, 2018, 03:59:28 pm »

Hey, are you running PHP7?
Just checking because it's not supported yet.

10

MRF / Re: Need Advice on Cron Job

« on: January 12, 2018, 02:33:25 pm »

Hey,
Do you have apache errors when doing so?

11

MRF / Re: Need Advice on Cron Job

« on: January 09, 2018, 06:09:20 pm »

Ok, if you want to disable Cuckoo:
"enabled" => False,

With that switched off, can you tell me if cron catches any VirusTotal update?

A small suggestion, Can the binary storage be Segmented by the First 2 to 3 Chars of SHA1 of MD5 like Viper do? Having 200k to 300k files in one folder is bad for slow HDD..

Good idea.

Also, can you put the Vendor name used for the Threat Name?

The AV product name? It's quite hard because the threat name can be edited, and thus we'll loose that information

Also can someone who studies malware as a hobby can have lower subcription? $50 a month is too much for me.. When all is well and MRF, Cuckoo, and Viper working well together, I'll be deploying this to a Linux 2U rack and Subscibe if the price is reasonable for me..

A new major version will be released first quarter 2018, we planned to change that pricing a little bit to take in account such issues, thanks for asking.

12

MRF / Re: Need Advice on Cron Job

« on: January 09, 2018, 08:05:01 am »

Hello,
Can you show me the config file sections for VirusTotal and Cuckoo (please redact your API key !)

Thanks,

13

MRF / Re: Problem with user access

« on: December 07, 2017, 04:28:31 pm »

Hey,
Our modules are in PHP / Python, not full python.
However we planned to add more sandboxes and online services to new version

14

MRF / Re: Problem with user access

« on: December 06, 2017, 04:08:06 pm »

Hey,
Just trying to understand, are you trying to access the website from outside the machine?
If yes, then localhost won't work. You need to put either the private IP of the machine (if accessed from domestic network), or a domain or public IP (with proper ports redirections through your firewall).

15

MRF / Re: Problem with user access

« on: December 04, 2017, 08:09:22 am »

Hey, could you show me your config file? (or part of, redacted if needed)