[lib.cuckoo.core.plugins] WARNING: The reporting module "Malheur" returned the following error: Failed to perform Malheur classification: [Errno 2] No such file or directory

[neex01]

I am getting this error for all samples. Nonetheless, for each analysis, a Malheur report gets saved to storage\malheur\reports.

[spender-sandbox]

Are you running the latest version of Malheur from https://github.com/rieck/malheur ? We changed to using their new config format, so it will fail if you're using an older version.

-Brad

[neex01]

Yes, version 0.5.4. However, I am running from OS X--not sure if this might be the issue..?

[spender-sandbox]

Possibly -- I can't test on there. Can you run the malheur command present in the reporting module manually and see what error it's giving?

-Brad

[neex01]

Sure.. it doesn't seem to like the -c command-line option to reference the config file..

[neex01]

resolved: edited malheur.py with following changes..

line 148: cfgpath = os.path.join(CUCKOO_ROOT, "cons") line 167: cmdline = ["malheur", "-m", cfgpath, "-o", outputfile, "cluster", reportsdir]

[spender-sandbox]

You're not running the latest version (via git HEAD, not version number -- the changes I mentioned above were after the bump to 0.5.4)? There is no -m option in the latest version, and the -c option was added via this commit: https://github.com/rieck/malheur/commit/28e03686da7360bb5717aacf1d55327f07c7004d

-Brad

[neex01]

right you are! working now with latest and greatest version of Malheur. many thanks.

[neex01]

After analyzing 178 samples, I'm getting this same error again. While restarting Cuckoo does not help, a total clean of jobs/samples/data/etc. does resolve the issue... for a while, then it consistently prints this error after 178 samples.

[spender-sandbox]

That could be a different issue (there are a couple bugs in Malheur that I had fixed upstream, this is also why we require the current git HEAD). Can you re-run the commandline and see what the problem is?

-Brad

[neex01]

Ran the command-line, and Malheur completed with no problems against the (>178) reports I generated with Cuckoo.

Note that, even when it prints the error after 178 samples, the individual report files are being generated in storage/malheur/reports, but everything after sample 178 is not being saved to storage/malheur/malheur.txt.

As a next step, I am going to run it against a different batch of samples..

[neex01]

The other batch got well past 178. I then threw sample 178 from the original batch into another batch and, as bizarre as it sounds, that same sample is what killed the Malheur reporting (this time as sample 33).

[garanews]

I'm having same issue too, after some time when malheur was working correctly, now I'm receiving that error: WARNING: The reporting module "Malheur" returned the following error: Failed to perform Malheur classification: [Errno 2] No such file or directory I'm using latest version etc...

[garanews]

But for other analysis, exmaple the file 11323.txt under /storage/malheur/reports is generated..