Comments (6)
Jack28
commented on June 3, 2024
Hi Michael,
no worries. Issues help others too who run into problems.
Please check whether amavis has filesystem permissions to access the socket file.
Since you don't use Ubuntu I can't really help. Please check if you've followed/replicated the steps performed by the installer and report back.
E.g.: line 230 + 231
gpasswd -a amavis peekaboo
gpasswd -a peekaboo amavis
from peekabooav.
MigliS
commented on June 3, 2024
Amavis should have permissions to access the *.sock-file.
I'm going to try this at home. After that, maybe I'm able to compare the two installations.
from peekabooav.
MigliS
commented on June 3, 2024
Hi Felix,
Would it help if I could send you my log?
As far as I can see, the attachment cannot be uploaded to cuckoo.
from peekabooav.
Jack28
commented on June 3, 2024
If you could attach the mail log and peekaboo log most of the relevant information should be in there.
For debugging purpose I suggest the following:
Become amavis user sudo su -s /bin/bash amavis and try to connect to the socket using socat STDIN UNIX-CONNECT:/var/run/peekaboo/peekaboo.sock. You should then see the greeting message Hallo das ist Peekaboo. At this point you could already give a local path to files that will then be scanned recursively if readable by the peekaboo user.
Make sure /etc/amavis/conf.d/15-av_scanners contains the correct entry to use Peekaboo and find the socket.
In addition to that you could submit a file to cuckoo manually. Become the peekaboo user and run cuckoo submit /path/to/file. This should give you the job id which you can follow at the cuckoo web ui.
Let me know how far you got.
from peekabooav.
MigliS
commented on June 3, 2024
Hi Felix,
Yesterday, I was able to start peekaboo in the right way with the service.
It was absolutely my fault.
I wasn't sure, if the patch of amavisd was going to ruin the whole configuration. But I tried and could restart amavisd successfully.
After that I only had trouble, that amavis didn't upload the attachment.
Also this problem was very easy to solve. I didn't know I need to change the path in the amavisd.conf to the same path, like in the peekaboo.conf.
Only a few minutes later, incoming mails did go trough cuckoo.
So it's working now!!! :D
But there's still stuff i couldn't figure out. For example, where I can add files, to send to cuckoo, or where I can change the peekaboo signatures.
from peekabooav.
Jack28
commented on June 3, 2024
Rule definitions can be found in peekaboo/ruleset/rules.py and can be used in peekaboo/rules/processor.py.
Remeber to run setup.py install and restart peekaboo to apply changes.
Have fun
Felix
from peekabooav.
Related Issues (20)
- Server hits recv limit HOT 1
- Operational error 'Deadlock found' from SQLAlchemy with mysql when trying in-flight lock under load HOT 4
- Check file extension extraction for consistency / usefulness in conjunction with cuckoo being sensitive to spaces in filenames HOT 1
- Extract IOC out of Cuckoo report
- Another peepdf traceback in cuckoo HOT 1
- Consider raising minimum version of dependency on python magic to 0.4.17
- Reconsider database transaction locking
- Reconsider aggressive database connection pool recycling
- Validation error with dummy filereport and expression referencing type_as_text
- Add retries for additional database connectivity scenarios
- Handle URI-parameters-like notation in declared filenames
- Security vulnerability: Regex matching in ruleset HOT 3
- python3.10 incompatibility of colorclass affecting us via oletools HOT 4
- expressions cannot express empty set
- Support TLS on REST API
- PID file can contain our own pid and confuse us
- pyparsing 3 compatibility HOT 3
- urllib3.util.retry.Retry DeprecationWarning for 'method_whitelist'
- Early shutdown not working due to switch to asyncio signal handler HOT 1
- Dynamically learn available Cortex analysers and their versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from peekabooav.