Comments (7)
Jack28
commented on June 14, 2024
Hi Michael,
this is a know bug in our internal bug tracker. We're working on it.
Under circumstances the data structure we dump from amavis (with the patch) holds an array rather than a single value for the data field we extract the file extension from.
This passed to Cuckoo and run inside the VM makes Windows open the dialog for which application you want to open this file with which queries for the hostname which then is detected by Cuckoo, reported, and interpreted as malicious by Peekaboo for some file types.
Like I said I'm currently working on it and testing the improved amavis patch. We might be able to update the repository this week no promise though ;-)
Best
Felix
from peekabooav.
MigliS
commented on June 14, 2024
That relieves me! I just saw right now there might also be a Problem with *.gif files. But i'm not sure..
I'm really looking forward to the update :)
from peekabooav.
MigliS
commented on June 14, 2024
Hi Felix,
With your newest amavis-patch, .ARRAY-files aren't displayed in the cuckoo web-interface anymore.
Only thing is, postfix can't handle incoming mails. See following error:
(host 127.0.0.1[127.0.0.1] said: 451 4.5.0 Error in processing, id=16872-01, parts_decode_ext FAILED: Insecure dependency in printf while running with -T switch at (eval 118) line 309. (in reply to end of DATA command))
Amavis then creates a file in /tmp/ARRAY_0x52884c0. This file then cannot be uploaded to cuckoo.
Best
Michael
from peekabooav.
SebastianDeiss
commented on June 14, 2024
Hi Michael,
just a quick update on our amavis patch. We recently published our patched version of amavis in a separate repository on GitHub to avoid further issues with multiple non-working patches.
https://github.com/scVENUS/PeekabooAV-amavisd
We are integrating our own amavis into the PeekabooAV installer soon.
Cheers,
Sebastian
from peekabooav.
SebastianDeiss
commented on June 14, 2024
The file /tmp/ARRAY_0x52884c0 is debug output and only created if the filename contains a blank space. It is not meant to be analyzed by Cuckoo.
However, it has been removed, since it wasn't meant to be part of the productive patch.
from peekabooav.
MigliS
commented on June 14, 2024
Hi Sebastian
thank you for your information. I'm going test the patched version in a few days and will inform you.
Best,
Michael
from peekabooav.
MigliS
commented on June 14, 2024
New Patch is working perfectly.
from peekabooav.
Related Issues (20)
- Server hits recv limit HOT 1
- Operational error 'Deadlock found' from SQLAlchemy with mysql when trying in-flight lock under load HOT 4
- Check file extension extraction for consistency / usefulness in conjunction with cuckoo being sensitive to spaces in filenames HOT 1
- Extract IOC out of Cuckoo report
- Another peepdf traceback in cuckoo HOT 1
- Consider raising minimum version of dependency on python magic to 0.4.17
- Reconsider database transaction locking
- Reconsider aggressive database connection pool recycling
- Validation error with dummy filereport and expression referencing type_as_text
- Add retries for additional database connectivity scenarios
- Handle URI-parameters-like notation in declared filenames
- Security vulnerability: Regex matching in ruleset HOT 3
- python3.10 incompatibility of colorclass affecting us via oletools HOT 4
- expressions cannot express empty set
- Support TLS on REST API
- PID file can contain our own pid and confuse us
- pyparsing 3 compatibility HOT 3
- urllib3.util.retry.Retry DeprecationWarning for 'method_whitelist'
- Early shutdown not working due to switch to asyncio signal handler HOT 1
- Dynamically learn available Cortex analysers and their versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from peekabooav.