Software feedback > MRF

Need Advice on Cron Job

(1/3) > >>

RazorBurn:
Ive successfully deployed MRF on WSL in Windows 10 64 bit Fall Creators update..



Problem is with my huge collection around 1TB of malware. and with only public API key for Virustotal, Im limited to 4 queries per minute.. A lot of sample have no VT scan results and had to manualy click the VT scan button with missing VT scan results..

Is their a command to invoke VT scan query for missing results for some samples, or if possible, give me the steps for Cron job, the Docs about cron in the Documentation is not sufficient..

RazorBurn:
Sry, found a way to invoke cron using


--- Code: ---http://localhost/mrf/cron.php?token=edfe238e15c964e8a8218cf218e43dc1
--- End code ---

Problem is its only doing the Cuckoo Analysis



Would it be possible to skip the Cuckoo analysis as I dont have Cuckoo running yet..

Tigzy:
Hello,
Can you show me the config file sections for VirusTotal and Cuckoo (please redact your API key !)

Thanks,

RazorBurn:

--- Code: ---"cuckoo" => array(
"enabled" => True,
"class" => "Cuckoo",
"priority" => 10,
"api_base_url" => 'http://localhost:8090/',
"web_base_url" => 'http://localhost:8000/',
"scan" => array(
//"package" => "",    // uncomment to use
//"timeout" => "",    // uncomment to use
//"priority" => 3,    // 1 to 3, uncomment to use
//"options" => "",    // uncomment to use
//"machine" => "",    // uncomment to use
//"platform" => "",   // uncomment to use
//"tags" => "mrf",       // uncomment to use
//"custom" => "",     // uncomment to use
//"owner" => "",      // uncomment to use
//"memory" => False   // uncomment to use
),
"scan_optional" => array(
//"options" => [ "option1", "option2" ],    // uncomment to use
)
),
"virustotal" => array(
"enabled" => True,
"class" => "VirusTotal",
"priority" => 10,
"key" => 'My Secret Key',
"automatic_upload" => True,
"comment_uploaded" => array(
"enabled" => False, // If true, files uploaded (new analysis) will be commented upon completion
"comment" => "Some comment you want to put in VirusTotal"
),
"vendors_priority" => array( // List of vendors as seen in the VT API, the first one detecting will give its threat name to the sample
"Kaspersky",
"Microsoft",
"BitDefender",
"DrWeb ",
                "Symantec",
                "Ikarus",
"ESET-NOD32"
)
)
--- End code ---

A small suggestion, Can the binary storage be Segmented by the First 2 to 3 Chars of SHA1 of MD5 like Viper do? Having 200k to 300k files in one folder is bad for slow HDD.. Also, can you put the Vendor name used for the Threat Name?



Also can someone who studies malware as a hobby can have lower subcription? $50 a month is too much for me.. When all is well and MRF, Cuckoo, and Viper working well together, I'll be deploying this to a Linux 2U rack and Subscibe if the price is reasonable for me..

Tigzy:
Ok, if you want to disable Cuckoo:
"enabled" => False,

With that switched off, can you tell me if cron catches any VirusTotal update?


--- Quote ---A small suggestion, Can the binary storage be Segmented by the First 2 to 3 Chars of SHA1 of MD5 like Viper do? Having 200k to 300k files in one folder is bad for slow HDD..
--- End quote ---
Good idea.


--- Quote ---Also, can you put the Vendor name used for the Threat Name?
--- End quote ---
The AV product name? It's quite hard because the threat name can be edited, and thus we'll loose that information


--- Quote ---Also can someone who studies malware as a hobby can have lower subcription? $50 a month is too much for me.. When all is well and MRF, Cuckoo, and Viper working well together, I'll be deploying this to a Linux 2U rack and Subscibe if the price is reasonable for me..
--- End quote ---

A new major version will be released first quarter 2018, we planned to change that pricing a little bit to take in account such issues, thanks for asking.

Navigation

[0] Message Index

[#] Next page

Go to full version