Closed speeDy167 closed 1 month ago
You're using the wrong tool, DependencyCheck is not scanning for malware.
DependencyCheck is scanning for known vulnerabilities in genuine libraries.
Exactly how AssemblyAnalyzer breaks is on your scan is hard to tell from the log you quote.
But the typical most likely cause is you did not install dotnet runtime version 6.x (not '6 or higher'). There is a hard dependency on major version of dotnet (which is currently version 6.x and is scheduled to migrated to dotnet 8.x with ODC version 10)
Hello aikebah! I'have installed the dotnet runtime version 6
Yes I know this tool is not for scanning malware, but basically this malware is written using C# and have Vulnerable dependency so I tested if OWASP can detect it.
Thank you!!!
I currently try to figure out can OWSAP DC can scan and detect malware on a .zip file that contain an trojan.exe. in the logs i found this:
WARN - An error occurred with the .NET AssemblyAnalyzer, please see the log for more details. 2024-06-07 00:20:55,016 org.owasp.dependencycheck.analyzer.AssemblyAnalyzer:370 DEBUG - GrokAssembly.dll is not working properly
I have try all these fix: https://github.com/jeremylong/DependencyCheck/issues/2103 including install mono, dotnet but none work Any suggestions? Thanks in advance