could not find execution path to "xxx" (cancelled)

certsocietegenerale / fame

FAME Automates Malware Evaluation

https://certsocietegenerale.github.io/fame/

GNU General Public License v3.0

847 stars 168 forks source link

could not find execution path to "xxx" (cancelled) #89

Closed xme closed 4 years ago

xme commented 4 years ago

Description

I'm developing a new module. It's installed and configured, I can test it with single-module.py but I can't use it from the web interface.

Steps to Reproduce

Installed from git repo, restarted web & workers, configured, added types

Expected behavior

Working :)

Actual behavior

Here is the error returned in the web interface logs:

warning: could not find execution path to "xxx" (cancelled)

Debug

Module is reported correctly:

xxx Processing Enabled Configured

gaelmuller commented 4 years ago

Hello,

It is probably because the type of the file (which is listed in the file description at the top of the analysis) is not listed in the acts_on property of your module.

You have two options:

Improve file type detection if it was not detected properly (by creating a Type module or updating the Type configuration)
Update the acts_on property of your module. This could be done in the code or on the Configuration page

xme commented 4 years ago

Strange... Types are defined. Here is an example received this morning:

Name(s)  dhl-shipment-doc.ace
MD5      7a6b015dd72b182ec6cdd5260f0e7dcc
SHA1.    b66f202577c4008e70d0cc60410d6ae6668073ab
SHA256   c578dbcd89732a22af6b96d37f20ef9d04d6c328e0d89949ba8125d3c67d11cb
Size     28380 bytes
Type     ace 
Mime     application/octet-stream
Detailed TypeACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid

The log says:

2020-05-27 09:15: debug: Trying to run ace
2020-05-27 09:15: error: ace: module has been removed or disabled.

But everything is enabled for this plugin.

gaelmuller commented 4 years ago

What if you click on the "Reload all modules" on the Configuration page and wait a few seconds for the worker to restart ?

xme commented 4 years ago

Done but same issue:

2020-05-27 09:54: debug: Trying to queue module 'ace'
2020-05-27 09:54: debug: Trying to run ace
2020-05-27 09:54: error: ace: module has been removed or disabled.

xme commented 4 years ago

Ok, problem "solved"... I don't know why but I removed my personal repo, reinstalled everything and it runs fine now! Sorry for the noise...