Open githule opened 5 years ago
As a temporary workaround I added this error handling :
Import error type :
from xml.parsers.expat import ExpatError
Modify function get_files
try:
unpacked = sflock.unpack(
filepath=filepath, password=password,
duplicates=duplicates
)
if astree:
unpacked = unpacked.astree(sanitize=True)
files.append(unpacked)
except ExpatError as e :
"""ExpatError Handling : Submit the file as it is"""
files.append({
"filename": filename,
"filepath": filepath,
"relapath": "",
"selected": True,
"size": 0,
"type": "file",
"package": "generic",
"extrpath": [],
"duplicate": False,
"children": [],
"mime": "unknown",
"finger": {
"magic_human": "unknown",
"magic": "unknown"
}
})
My issue is:
I have an error on the presubmit request with the Web interface. It seems the the preload module tries to parse the sample. It says that the file is malformed. It possible as it's a malware delivered via encrypted file. Event if cuckoo cannot parse the file, that error must not be blocking. Maybe that can be easily solved by a try except clause.
My Cuckoo version and operating system are:
Debian 9 Cuckoo 2.0.6 Webinterface is run via uwsgi and nginx It uses python venv
This can be reproduced by:
Running some Office Ole files with the web interface. The annomaly can not be reproduced on submit mode for ex via submit command or via the api and then the file opens well with Office inside the sandbox.
The log, error, files etc can be found at: