10/23/2020 How To Program A Virus In Python The Body
A virus is a specific class of malware where you run the program and it spreads itself. If you are able to run a Python script then by definition you already have a Python interpreter on your computer. A virus is a specific class of malware where you run the program and it spreads itself. If you are able to run a Python script then by definition you already have a Python interpreter on your computer.
MultiAV Python API. It can scan a file or directory with multiple AVengines simultaneously. It uses, with the only exception of ClamAV, thecommand line AV scanners and extracts the malware names from the outputof the command line tools (for ClamAV it uses the https://code.google.com/p/pyclamd/ extension).
It supports a total of 18 AV engines. The list of currently supportedengines is the following:
This tool have been tested only under Linux. However, it should work equallyin other Unix based operating systems as well as in Windows as long as theoutput from the AV command line utilities maintains the same format.
Example usages
MultiAV.py can be executed via the command line by simply giving to it avalid path:
However, it's not designed to be executed as an independent tool butrather to be used as an API for other tools. The following is an exampleof how to use the MultiAV API In your own Python tools:
![]()
Here we're creating a CMultiAV object without specifying theconfiguration file (by default 'config.cfg'). We can specify it bypassing the path to the *.cfg file to the constructor of the Pythonobject:
In the example Python code we're also specifying that we only want torun antivirus scanners considered of either fast or 'medium' speed. Wecan also specify that we want to run all engines (both 'fast', 'medium','slow' and 'very slow' ones) by setting the second argument toobject.scan() to AV_SPEED_ALL (or to AV_SPEED_SLOW if we want to omitthe scanners that are really slow, namely, Avast and McAfee):
AV_SPEED_ALL is default behaviour if one doesn't specifies the maximumallowed speed. One can also specify that only fast engines can beexecuted:
By default, MultiAV.py will try to run AV scanners at the same time,simultaneously, maintaning a total number of processes in memory equalto the number of CPUs reported by multiprocessing.cpu_count(), whichtakes into account also multiple cores in the same physical processor.If you don't want to run MultiAV.py in parallel mode you can use themethod object.single_scan() which receives the same arguments as themethod object.scan(), as in the following example:
One can also scan a single buffer using the object.scan_buffer() API:
Configuration file
When creating a CMultiAV object one can specify a configuration filelike in the following example:
The format of the configuration file is rather easy. There are only 2 or3 parameters that one needs in order to use and configure an AV enginescanner: PATH, ARGUMENTS and DISABLED (if the engine is not enabled).The only exception to the rule is ClamAV for which there are only 2configuration directives: DISABLED and UNIX_SOCKET, which is the Unixsocket where the daemon 'clamd' is listening.
So, let's say that we want to disable Sophos scanner and configure a newpath for McAfee scanner. We would need to modify our *.cfg file with acontent similar to the following one:
![]()
Since commit c3828b337b98a450a8b48c764aecbb04cc4d2324, MultiAV distributes a basic example web interface using web.py that offers a simple JSON based API. There is also an example client called 'multiav-client.py' that uses the JSON API to scan a file with the multiple engines configured in the MultiAV server.
The current version of the basic JSON based web API exports 3 methods:
API /api/upload
This API uploads and analyses with all the configured engines, regardless of how fast or slow they are, the given sample file.
Example usage:
Example output:
How To Program A Virus In Python The BodyAPI /api/upload_fast
This API uploads and analyses with only the fastest configured AV engines (Avast, AVG, ClamAV, F-Prot an Zoner Antivirus) the given sample file.
Example usage:
Example output:
API /api/search
Returns the previously generated report, if any, of the given MD5, SHA1 or SHA256 cryptographic hash.
How To Program A Virus In Python The Body Found
Example usage:
Example output:
How To Program A Virus
Copyright (c) 2014-2016 Joxean Koret
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |