'Download Sample from VirusTotal' was broken;
(1) The command VtDownloadView runs was wrong.
virustotal -d {hash} doesn't work. virustotal --search {hash} -d does work.
And also I modified VtDownloadView to allow user to omit tags.
(2) The way VirusTotal module treats --verbose option was not correct in our case.
When we use the module to download a file by using -d option, args.verbose is passed as open_session arg of the download method.
(3) The VirusTotal module tries to write malware binary as text file (open(filename, 'w'))
In most cases malware binary cannot be treated as a text file, so the code shown below throws a runtime error in most cases.
with open(filename, 'w') as f:
f.write(response)
This case, mode should be 'wb'
(4) module_cmdline (defined in views.py) cannot capture cmd.output
.output is not defined in Commands, so it always returns None, and so VtDownloadView.post always fails.
botherder
commented
5 years ago
'Download Sample from VirusTotal' was broken; (1) The command VtDownloadView runs was wrong.
virustotal -d {hash}doesn't work.virustotal --search {hash} -ddoes work. And also I modified VtDownloadView to allow user to omit tags.(2) The way VirusTotal module treats --verbose option was not correct in our case. When we use the module to download a file by using -d option, args.verbose is passed as
open_sessionarg of thedownloadmethod.(3) The VirusTotal module tries to write malware binary as
text file(open(filename, 'w')) In most cases malware binary cannot be treated as a text file, so the code shown below throws a runtime error in most cases.This case, mode should be 'wb'
(4) module_cmdline (defined in views.py) cannot capture cmd.output .output is not defined in Commands, so it always returns None, and so VtDownloadView.post always fails.
This PR fixes these bugs.