-
Notifications
You must be signed in to change notification settings - Fork 715
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Notify user that ole2 files are encrypted
Add keys to the metadata.json file that informs the user that a scanned ole2 file is encrypted. Information about the type of encryption is provided when the information is available.
- Loading branch information
Showing
16 changed files
with
621 additions
and
16 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,286 @@ | ||
| # Copyright (C) 2020-2024 Cisco Systems, Inc. and/or its affiliates. All rights reserved. | ||
|
|
||
| """ | ||
| Run clamscan tests. | ||
| """ | ||
|
|
||
| import sys | ||
|
|
||
| sys.path.append('../unit_tests') | ||
| import testcase | ||
|
|
||
|
|
||
| class TC(testcase.TestCase): | ||
| @classmethod | ||
| def setUpClass(cls): | ||
| super(TC, cls).setUpClass() | ||
|
|
||
| @classmethod | ||
| def tearDownClass(cls): | ||
| super(TC, cls).tearDownClass() | ||
|
|
||
| def setUp(self): | ||
| super(TC, self).setUp() | ||
|
|
||
| def tearDown(self): | ||
| super(TC, self).tearDown() | ||
| self.verify_valgrind_log() | ||
|
|
||
| def test_FAT_doc(self): | ||
| self.step_name('Test FAT doc') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.doc' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_doc(self): | ||
| self.step_name('Test ministream doc') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.doc' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
|
|
||
| def test_FAT_docx(self): | ||
| self.step_name('Test FAT docx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.docx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_docx(self): | ||
| self.step_name('Test ministream docx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.docx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
|
|
||
| def test_FAT_dot(self): | ||
| self.step_name('Test FAT dot') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.dot' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_dot(self): | ||
| self.step_name('Test ministream dot') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.dot' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_FAT_ppsx(self): | ||
| self.step_name('Test FAT ppsx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.ppsx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_ppsx(self): | ||
| self.step_name('Test ministream ppsx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.ppsx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_FAT_pptx(self): | ||
| self.step_name('Test FAT pptx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.pptx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_pptx(self): | ||
| self.step_name('Test ministream pptx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.pptx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_FAT_xls(self): | ||
| self.step_name('Test FAT xls') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.xls' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_xls(self): | ||
| self.step_name('Test ministream xls') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.xls' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_FAT_xlsx(self): | ||
| self.step_name('Test FAT xlsx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.fat.xlsx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
| def test_ministream_xlsx(self): | ||
| self.step_name('Test ministream xlsx') | ||
|
|
||
| testfile = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'ole2_encryption' / 'password.ministream.xlsx' | ||
| command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} --heuristic-alerts --alert-encrypted-doc {testfile}'.format( | ||
| valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, | ||
| path_db=TC.path_source / 'unit_tests' / 'input' / 'other_sigs' / 'Clamav-Unit-Test-Signature.ndb', | ||
| testfile=testfile, | ||
| ) | ||
| output = self.execute_command(command) | ||
|
|
||
| assert output.ec == 1 # virus | ||
|
|
||
| expected_results = [ | ||
| 'Heuristics.Encrypted.OLE2 FOUND', | ||
| ] | ||
| self.verify_output(output.out, expected=expected_results) | ||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file added
BIN
+9 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.doc
Binary file not shown.
Binary file added
BIN
+7.5 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.docx
Binary file not shown.
Binary file added
BIN
+9 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.dot
Binary file not shown.
Binary file added
BIN
+41.5 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.ppsx
Binary file not shown.
Binary file added
BIN
+41 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.pptx
Binary file not shown.
Binary file added
BIN
+5.5 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xls
Binary file not shown.
Binary file added
BIN
+8 KB
unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xlsx
Binary file not shown.