mostwanted002
commented
1 year ago On further investigation into the behavior, when I tried to build and run the malware_tools_analyzer docker standalone, the issue became more clear.
The error says:
Clamd was NOT notified: Can't connect to clamd through /var/run/clamav/clamd.ctl: Permission denied
This was fixed by changing the permissions of the folder from 750 to 777 in Dockerfile, which is just a quick and dirty workaround as it is an insecure way of making the clamd socket world writable.
When that issue was fixed, another issue was detected, this time a python dependency error.
[2022-12-22 02:32:10 +0000] [17] [INFO] Starting gunicorn 20.1.0
[2022-12-22 02:32:10 +0000] [17] [DEBUG] Arbiter booted
[2022-12-22 02:32:10 +0000] [17] [INFO] Listening at: http://0.0.0.0:4002/ (17)
[2022-12-22 02:32:10 +0000] [17] [INFO] Using worker: sync
[2022-12-22 02:32:10 +0000] [24] [INFO] Booting worker with pid: 24
[2022-12-22 02:32:10 +0000] [17] [DEBUG] 1 workers
[2022-12-22 02:32:10 +0000] [24] [ERROR] Exception in worker process
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/gunicorn/arbiter.py", line 589, in spawn_worker
worker.init_process()
File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 134, in init_process
self.load_wsgi()
File "/usr/local/lib/python3.8/site-packages/gunicorn/workers/base.py", line 146, in load_wsgi
self.wsgi = self.app.wsgi()
File "/usr/local/lib/python3.8/site-packages/gunicorn/app/base.py", line 67, in wsgi
self.callable = self.load()
File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 58, in load
return self.load_wsgiapp()
File "/usr/local/lib/python3.8/site-packages/gunicorn/app/wsgiapp.py", line 48, in load_wsgiapp
return util.import_app(self.app_uri)
File "/usr/local/lib/python3.8/site-packages/gunicorn/util.py", line 359, in import_app
mod = importlib.import_module(module)
File "/usr/local/lib/python3.8/importlib/__init__.py", line 127, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 1014, in _gcd_import
File "<frozen importlib._bootstrap>", line 991, in _find_and_load
File "<frozen importlib._bootstrap>", line 975, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 671, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 843, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/opt/deploy/malware_tools_analyzers-flask/app.py", line 13, in <module>
from flask import Flask, safe_join
ImportError: cannot import name 'safe_join' from 'flask' (/usr/local/lib/python3.8/site-packages/flask/__init__.py)
[2022-12-22 02:32:10 +0000] [24] [INFO] Worker exiting (pid: 24)
[2022-12-22 02:32:10 +0000] [17] [INFO] Shutting down: Master
[2022-12-22 02:32:10 +0000] [17] [INFO] Reason: Worker failed to boot.
mlodic
What happened
When starting up the malware analyzer docker using
python3 start.py --malware_tools_analyzer, thedocker-composelogs show that the container doesn't start successfully and exits withcode 3. This leads to failure in file analysis if any analyzers from malware tools are selected.Environment
What did you expect to happen
The expected behavior is for the container to start normally and stay up until stopped.
How to reproduce your issue
python3 start.py --malware_tools_analyzerError messages and logs