Class: Dorothy::Vtotal

Inherits:
VirusTotal::VirusTotal
  • Object
show all
Defined in:
lib/dorothy2/vtotal.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeVtotal

Returns a new instance of Vtotal.



20
21
22
 
# File 'lib/dorothy2/vtotal.rb', line 20

def initialize()
	@api_key = VTAPIKEY
end

Instance Attribute Details

#api_key=(value) ⇒ Object (writeonly)

Sets the attribute api_key

Parameters:

  • value

    the value to set the attribute api_key to.



8
9
10
 
# File 'lib/dorothy2/vtotal.rb', line 8

def api_key=(value)
  @api_key = value
end

#detectedObject (readonly)

Returns the value of attribute detected.



17
18
19
 
# File 'lib/dorothy2/vtotal.rb', line 17

def detected
  @detected
end

#familyObject (readonly)

Returns the value of attribute family.



12
13
14
 
# File 'lib/dorothy2/vtotal.rb', line 12

def family
  @family
end

#filehashObject (readonly)

Returns the value of attribute filehash.



10
11
12
 
# File 'lib/dorothy2/vtotal.rb', line 10

def filehash
  @filehash
end

#permalinkObject (readonly)

Returns the value of attribute permalink.



13
14
15
 
# File 'lib/dorothy2/vtotal.rb', line 13

def permalink
  @permalink
end

#rateObject (readonly)

Returns the value of attribute rate.



9
10
11
 
# File 'lib/dorothy2/vtotal.rb', line 9

def rate
  @rate
end

#scanidObject (readonly)

Returns the value of attribute scanid.



11
12
13
 
# File 'lib/dorothy2/vtotal.rb', line 11

def scanid
  @scanid
end

#updatedObject (readonly)

Returns the value of attribute updated.



14
15
16
 
# File 'lib/dorothy2/vtotal.rb', line 14

def updated
  @updated
end

#vendorObject (readonly)

Returns the value of attribute vendor.



16
17
18
 
# File 'lib/dorothy2/vtotal.rb', line 16

def vendor
  @vendor
end

#versionObject (readonly)

Returns the value of attribute version.



15
16
17
 
# File 'lib/dorothy2/vtotal.rb', line 15

def version
  @version
end

Instance Method Details

#analyze_file(file) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'lib/dorothy2/vtotal.rb', line 25

def analyze_file(file)
	f = File.open(file, 'r')
	begin
		results = RestClient.post 'https://www.virustotal.com/vtapi/v2/file/scan' , { :key => @api_key, :file => f}
		parsed = JSON.parse(results)
		LOGGER.info "VTOTAL]", " Ok, received with scan id " + parsed["scan_id"] if parsed["response_code"]
		#puts "[VTOTAL] ".yellow + parsed["verbose_msg"]
		@scanid = parsed["scan_id"] 
		rescue
		LOGGER.error "VTOTAL", "An error accurred while quering Virustotal"
		LOGGER.debug "DEBUG", "#{$!}"
	end
	return @scanid 
end

#get_report(id) ⇒ Object 



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/dorothy2/vtotal.rb', line 41

def get_report(id)
	begin
		report = RestClient.post 'https://www.virustotal.com/vtapi/v2/file/report' , { :resource => id.to_s, :key => @api_key }
		rescue
		LOGGER.error "VTOTAL", "An error accurred while quering Virustotal"
		LOGGER.debug "DEBUG", "#{$!}"
	end
	
	if !report.empty?
		
		parsed = JSON.parse(report)
		
		if (parsed["response_code"] == 1 )
			if (parsed["scans"]["McAfee"]["detected"] == true ) 
				@rate = parsed["positives"].to_s + "/" + parsed["total"].to_s
				@family = parsed["scans"]["McAfee"]["result"]
				@permalink = (parsed["permalink"] != "-" ? parsed["permalink"] : "null")
				@vendor = "McAfee" #TODO Move to config file!
				@updated = (parsed["scans"]["McAfee"]["update"] != "-" ? parsed["scans"]["McAfee"]["update"] : "null")
				@version = (parsed["scans"]["McAfee"]["version"] != "-" ? parsed["scans"]["McAfee"]["version"] : "null")
				@detected = true
				else #not detected by McAfee
				@rate = parsed["positives"].to_s + "/" + parsed["total"].to_s
				@family = "Unknown"
				@permalink = "null"
				@vendor = "McAfee" #TODO Move to config file!
				@updated = "null" 
				@version = "null"
				@detected = false
			end
			else
			LOGGER.error "VTOTAL", parsed["verbose_msg"]
			return false
		end
		else
		LOGGER.error "VTOTAL", "No data received "
		return false			
	end
	return parsed
end