Author Topic: malware not shown in interface  (Read 11193 times)

0 Members and 1 Guest are viewing this topic.

March 10, 2017, 06:53:48 PM

xor

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
malware not shown in interface
« on: March 10, 2017, 06:53:48 PM »
Hi Dear author

I have a problems!

when i malware upload in database but not show in interface after upload some sample.

I tried a lot of ways but still can not solve it :-\

Is there any solution?

thanks!!

Reply #1March 13, 2017, 10:32:52 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: malware not shown in interface
« Reply #1 on: March 13, 2017, 10:32:52 AM »
Hello,

Quote
[Fri Mar 10 22:27:56.076337 2017] [:error] [pid 17593] [client 127.0.0.1:49380] PHP Fatal error:  Uncaught Error: Call to undefined function curl_init() in /var/www/html/mrf/src/cuckoo.php:170\nStack trace:\n#0 /var/www/html/mrf/src/cuckoo.php(42): CuckooAPI->_doCall('GET', 'cuckoo/status', Array)\n#1 /var/www/html/mrf/src/functions.php(390): CuckooAPI->getInfos()\n#2 /var/www/html/mrf/src/uploader.php(1480): OnGetCuckooStatus()\n#3 /var/www/html/mrf/api.php(114): UploadHandler->get_cuckoo_status()\n#4 /var/www/html/mrf/api.php(40): Rest_Api->getcuckoo()\n#5 /var/www/html/mrf/api.php(207): Rest_Api->processApi()\n#6 {main}\n  thrown in /var/www/html/mrf/src/cuckoo.php on line 170, referer: http://localhost/mrf/

Seems like you don't have Curl module enabled, or installed on your machine.
Can you tell me what machine it is?

Thanks,

Reply #2March 13, 2017, 10:55:06 AM

xor

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: malware not shown in interface
« Reply #2 on: March 13, 2017, 10:55:06 AM »
Yes! I installed the curl module has been working properly!(i use ubuntu 16.04)

Thank you for your answer :D

There is also a problem! How do I make VT_Scan only use hash query does not upload it?

Reply #3March 13, 2017, 11:18:35 AM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: malware not shown in interface
« Reply #3 on: March 13, 2017, 11:18:35 AM »
Hello,
Sorry I don't get all what you write :)
- You mean your curl issue is now solved?
- VT scan can do both query/upload, the internal workflow is as follow: Check hash. If exists, display score. If not, If config says autoupload then upload the file / else display "Unknown"

Reply #4March 13, 2017, 03:55:46 PM

xor

  • Newbie

  • Offline
  • *

  • 3
  • Reputation:
    0
    • View Profile
Re: malware not shown in interface
« Reply #4 on: March 13, 2017, 03:55:46 PM »
hi

After I study your code again, I want to clarify some questions:
There is a “virustotal automatic_upload” in the config file, if I set it as “False”, does that mean the system would not send the file to virus total automatically?
In the upload page, there is a checkbox of virustotal. What does it upload to virus total ? Hash value or original file?
Thank you for helping me. Sorry for bothering you.

by the way.......Yes my curl issues is solved!

Reply #5March 13, 2017, 04:30:27 PM

Tigzy

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 957
  • Reputation:
    91
  • Personal Text
    Owner, Adlice Software
    • View Profile
    • Adlice Software
Re: malware not shown in interface
« Reply #5 on: March 13, 2017, 04:30:27 PM »
Quote
There is a “virustotal automatic_upload” in the config file, if I set it as “False”, does that mean the system would not send the file to virus total automatically?

Yes, this is what I described in my last post:
Quote
- VT scan can do both query/upload, the internal workflow is as follow: Check hash. If exists, display score. If not, If config says autoupload then upload the file / else display "Unknown"
This is useful in case you want to keep your interesting samples for yourself and not share with the industry.

Quote
In the upload page, there is a checkbox of virustotal. What does it upload to virus total ? Hash value or original file?
That checkbox tells exactly that: Initial check on VirusTotal. Unlike the "VT Scan" button, which forces an upload if unknown, the checkbox will trigger the workflow I described.