Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
file-monitor-1 | ----------------------------------------
file-monitor-1 | Exception occurred during processing of request from ('192.168.208.20', 55772)
file-monitor-1 | TypeError: stat: path should be string, bytes, os.PathLike or integer, not tuple
file-monitor-1 | ----------------------------------------
nginx-proxy-1 | 192.168.208.1 - - [26/Feb/2024:16:35:15 +0000] "GET /extracted-files/quarantine/HTTP-F2W7i52RdjnOAghHWe-CeVfOI3Dx6XXbQuPa9-20240226001149.exe HTTP/1.1" 502 157 "https://training.malcolm.fyi/extracted-files/quarantine/" "Mozilla/5.0 (X11; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0"
nginx-proxy-1 | 2024/02/26 16:35:15 [error] 94#94: *650 upstream prematurely closed connection while reading response header from upstream, client: 192.168.208.1, server: , request: "GET /extracted-files/quarantine/HTTP-F2W7i52RdjnOAghHWe-CeVfOI3Dx6XXbQuPa9-20240226001149.exe HTTP/1.1", upstream: "http://192.168.208.9:8440/quarantine/HTTP-F2W7i52RdjnOAghHWe-CeVfOI3Dx6XXbQuPa9-20240226001149.exe", host: "training.malcolm.fyi", referrer: "https://training.malcolm.fyi/extracted-files/quarantine/"
Zipped, encrypted, etc. seem to work fine. Honestly let's just handle it here like we've handled the other ones rather than just passing it up to the parent do_GET.
in extracted_files_http_server.py this is returning:
Zipped, encrypted, etc. seem to work fine. Honestly let's just handle it here like we've handled the other ones rather than just passing it up to the parent
do_GET.