After reboot of physical server (probe) all modules can't find input files.

[dionis20]

After reboot of physical server (probe) all modules can't find input files.

[ch0k0bn]

Could you share a log file ?

[dionis20]

Desktop.docx Probe logs rename to .zip

[dionis20]

this is ZIP archive, i can't attach ZIP or TXT.

[dionis20]

frontend.docx rename to .zip Here are frontend logs.

[dionis20]

[dionis20]

some samples scanned perfect, some samples triggered errors: no such file... in tmp dir VT report of errored sample

[dionis20]

reboot of servers was COLD.

[dionis20]

in one scan:

2fdb28e8dec3396f986d8027bcd62e13:

32720bffefeaef6cb40090bc3590d6b4:

[ch0k0bn]

Could be linked to an AV not properly configured that delete virus file on access. Could you attach probe log file for one of the file that have no results ?

[dionis20]

yes, please: probe.docx

[ch0k0bn]

could you manually try to copy a malware (EICAR file for example) on the probe machine to see if it is automatically detected and erased by one of the installed AV ?

[dionis20]

Yes, this is it. Some AV deleting samples. And how can i turn off irma plugins?

[ch0k0bn]

It would be better to disable Real time scanner, could you check on the probe machine which AV has a service running and try to stop it ?

[dionis20]

i will try this. How can i disable some plugins? When i was installing yara, it was generate some errors and probe_app was stop starting. When i will write my own modules, how can i on/off it and some problem-plugins?

[ch0k0bn]

its a missing feature at the moment. As a temporary workaround, you could force the plugin to fail at load time by adding the same line as the one in the skeleton example https://github.com/quarkslab/irma-probe/blob/master/modules/custom/skeleton/plugin.py#L53 for each module you want to disable.

[dionis20]

Thanks! U've done big work! U're the best!