search

eliasgranderubio / dagda

a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities
Apache License 2.0
1.16k stars 163 forks source link

Dagda fails during analysis #44

Closed JesperStromblad closed 5 years ago

JesperStromblad commented 5 years ago

Configuration

Short description

I am trying to setup dagda for study purpose. I did all the steps in the README until the point of analyzing "jboss/wildfly", on which it fails.

Looking at the trace, I am getting the following error:

Backtrace

# python3 dagda.py start
Serving on http://localhost:5000
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/local/lib/python3.5/dist-packages/docker/api/client.py", line 246, in _raise_for_status
    response.raise_for_status()
  File "/usr/local/lib/python3.5/dist-packages/requests/models.py", line 940, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 404 Client Error: Not Found for url: http+docker://localhost/v1.39/images/create?fromImage=geekduck%2Fclamav&tag=latest

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.5/threading.py", line 862, in run
    self._target(*self._args, **self._kwargs)
  File "/home/ubuntu/cva/dagda/analysis/analyzer.py", line 229, in _threaded_malware
    temp_dir=temp_dir))
  File "/home/ubuntu/cva/dagda/analysis/static/av/malware_extractor.py", line 23, in get_malware_included_in_docker_image
    raw_output = _clamav_run(docker_driver=docker_driver, temp_dir=temp_dir)
  File "/home/ubuntu/cva/dagda/analysis/static/av/malware_extractor.py", line 33, in _clamav_run
    docker_driver.docker_pull('geekduck/clamav')
  File "/home/ubuntu/cva/dagda/driver/docker_driver.py", line 94, in docker_pull
    return self.cli.pull(image_name, tag=tag)
  File "/usr/local/lib/python3.5/dist-packages/docker/api/image.py", line 400, in pull
    self._raise_for_status(response)
  File "/usr/local/lib/python3.5/dist-packages/docker/api/client.py", line 248, in _raise_for_status
    raise create_api_error_from_http_exception(e)
  File "/usr/local/lib/python3.5/dist-packages/docker/errors.py", line 31, in create_api_error_from_http_exception
    raise cls(e, response=response, explanation=explanation)
docker.errors.ImageNotFound: 404 Client Error: Not Found ("pull access denied for geekduck/clamav, repository does not exist or may require 'docker login'")

Concern

It seems like "geekduck/clamav" does not exists on dockerhub anymore. This dependency is breaking the code. It can be observed if I execute the following:

$ docker pull geekduck/clamav 
Using default tag: latest
Error response from daemon: pull access denied for geekduck/clamav, repository does not exist or may require 'docker login'
eliasgranderubio commented 5 years ago

You have right!! Thank you so much!! :-)