diff --git a/Makefile b/Makefile index e674086..76b003d 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ export IMAGE_REPOSITORY?=quay.io/deepfenceio -export DF_IMG_TAG?=2.5.0 +export DF_IMG_TAG?=2.5.2 all: yarahunter diff --git a/README.md b/README.md index 06382f3..56a2d53 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Images may be compromised with the installation of a cryptominer such as XMRig. Pull the official **yarahunter** image: ``` -docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 +docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 ``` or Build it from source clone this repo and run below command @@ -68,7 +68,7 @@ docker run -i --rm --name=deepfence-yarahunter \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name metal3d/xmrig:latest \ --output=json > xmrig-scan.json ``` @@ -83,7 +83,7 @@ docker run -i --rm --name=deepfence-yarahunter \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output \ -v /tmp/rules:/tmp/rules \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name metal3d/xmrig:latest \ --output=json \ --rules-path=/tmp/rules > xmrig-scan.json diff --git a/docs/docs/yarahunter/configure/cli.md b/docs/docs/yarahunter/configure/cli.md index 6fb1f6c..21ef035 100644 --- a/docs/docs/yarahunter/configure/cli.md +++ b/docs/docs/yarahunter/configure/cli.md @@ -7,7 +7,7 @@ title: Command-Line Options Display the command line options: ```bash -$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --help +$ docker run -it --rm quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --help ``` Note that all files and directories used in YaraHunter configuration are local to the container, not the host filesystem. The examples given illustrate how to map host directories to the container when needed. diff --git a/docs/docs/yarahunter/configure/output.md b/docs/docs/yarahunter/configure/output.md index b630b94..c116741 100644 --- a/docs/docs/yarahunter/configure/output.md +++ b/docs/docs/yarahunter/configure/output.md @@ -12,7 +12,7 @@ docker run -i --rm --name=yara-hunter \ -e DEEPFENCE_PRODUCT= \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name node:latest \ # highlight-next-line --output=json > xmrig-scan.json diff --git a/docs/docs/yarahunter/configure/rules.md b/docs/docs/yarahunter/configure/rules.md index efef844..fc5859f 100644 --- a/docs/docs/yarahunter/configure/rules.md +++ b/docs/docs/yarahunter/configure/rules.md @@ -20,7 +20,7 @@ docker run -it --rm --name=yara-hunter \ -v /var/run/docker.sock:/var/run/docker.sock \ # highlight-next-line -v $(pwd)/my-rules:/tmp/my-rules \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 --image-name node:latest \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --image-name node:latest \ # highlight-next-line --rules-path /tmp/my-rules ``` diff --git a/docs/docs/yarahunter/img/yarahunter.svg b/docs/docs/yarahunter/img/yarahunter.svg index abbb26a..8fc6e62 100644 --- a/docs/docs/yarahunter/img/yarahunter.svg +++ b/docs/docs/yarahunter/img/yarahunter.svg @@ -362,7 +362,7 @@ Deepfence YaraHunter - user@host:~$ d user@host:~$ do user@host:~$ doc user@host:~$ dock user@host:~$ docke user@host:~$ docker user@host:~$ docker user@host:~$ docker p user@host:~$ docker pu user@host:~$ docker pul user@host:~$ docker pull user@host:~$ docker pull user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 latest: Pulling from deepfenceio/yara-hunterDigest: sha256:b82f0143f2a1530720c40ee780f78ab138d04f95b65af7a32a31678a712abe01Status: Image is up to date for quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0docker.io/quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0user@host:~$ user@host:~$ docker pull metal3d/xmrig user@host:~$ docker pull metal3d/xmrig user@host:~$ docker pull metal3d/xmrig Using default tag: latestlatest: Pulling from metal3d/xmriDigest: sha256:c3c27a8b2f6beede6d9c0a7e5b79bb7a7b0002cca40565e7bfd2e447f3a2a628Status: Image is up to date for metal3d/xmrig:latestdocker.io/metal3d/xmrig:latestuser@host:~$ docker run user@host:~$ docker run -it user@host:~$ docker run -it --rm user@host:~$ docker run -it --rm --name=yara-hunter user@host:~$ docker run -it --rm --name=yara-hunter \ -v -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output -v /tmp:/home/deepfence/output \ quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ --image-name --image-name metal3d/xmrig:latest --image-name metal3d/xmrig:latest \ --json-filename=xmrig-scan.json --json-filename=xmrig-scan.json connected successfully using endpoint: unix:///var/run/docker.sock container runtime detected: docker{ "Timestamp": "2022-08-18 13:58:41.543309237 +00:00", "Image Name": "metal3d/xmrig:latest", "Image ID": "a01f1ffa6691423ef43bfaee2a9c9f30fe08ee6df8d9d6586ae9692d90789c5a", "Malware match detected are": [ { "Image Layer ID": "bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789", "Matched Rule Name": "XMRIG_Miner", "Strings to match are": [ "stratum+tcp" ], "Category": [], "File Name": "/tmp/Deepfence/YaRadare/df_metal3dxmriglatest/ExtractedFiles/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/usr/local/bin/xmrig", "ref":"https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e ", "Summary": "The matched rule file's ref is https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e ." } {/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/build/CMakeFiles/xmrig.dir/src/base/net/stratum/Url.cpp.o", "Matched Rule Name": "Cerberus", "cerberus" "Category": ["RAT","memory"],/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/src/3rdparty/fmt/README.rst", "description":"Cerberus ", "author":"Jean-Philippe Teissier / @Jipe_ ", "date":"2013-01-12 ", "filetype":"memory ", "version":"1.0 ", "Summary": "The file /tmp/Deepfence/YaRadare/df_metal3dxmriglatest/ExtractedFiles/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/src/3rdparty/fmt/README.rst has a memory match.The file has a rule match that Cerberus .The matched rule file's author is Jean-Philippe Teissier / @Jipe_ .The matched rule file's date is 2013-01-12 .The matched rule file's filetype is memory .The matched rule file's version is 1.0 ."rc/base/net/stratum/Url.cpp", ] ]}user@host:~$ c user@host:~$ ca user@host:~$ cat user@host:~$ cat user@host:~$ cat / user@host:~$ cat /t user@host:~$ cat /tm user@host:~$ cat /tmp user@host:~$ cat /tmp/ user@host:~$ cat /tmp/x user@host:~$ cat /tmp/xm user@host:~$ cat /tmp/xmr user@host:~$ cat /tmp/xmri user@host:~$ cat /tmp/xmrig user@host:~$ cat /tmp/xmrig- user@host:~$ cat /tmp/xmrig-s user@host:~$ cat /tmp/xmrig-sc user@host:~$ cat /tmp/xmrig-sca user@host:~$ cat /tmp/xmrig-scan user@host:~$ cat /tmp/xmrig-scan. user@host:~$ cat /tmp/xmrig-scan.j user@host:~$ cat /tmp/xmrig-scan.js user@host:~$ cat /tmp/xmrig-scan.jso user@host:~$ cat /tmp/xmrig-scan.json user@host:~$ cat /tmp/xmrig-scan.json user@host:~$ cat /tmp/xmrig-scan.json | user@host:~$ cat /tmp/xmrig-scan.json | user@host:~$ cat /tmp/xmrig-scan.json | j user@host:~$ cat /tmp/xmrig-scan.json | jq user@host:~$ cat /tmp/xmrig-scan.json | jq user@host:~$ cat /tmp/xmrig-scan.json | jq ' user@host:~$ cat /tmp/xmrig-scan.json | jq '. user@host:~$ cat /tmp/xmrig-scan.json | jq '.I user@host:~$ cat /tmp/xmrig-scan.json | jq '.IO user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[ user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | . user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ." user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."M user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Ma user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Mat user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matc user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Match user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matche user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched R user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Ru user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rul user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule N user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Na user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Nam user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name" user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"' user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"'user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"'"XMRIG_Miner""Cerberus" + user@host:~$ d user@host:~$ do user@host:~$ doc user@host:~$ dock user@host:~$ docke user@host:~$ docker user@host:~$ docker user@host:~$ docker p user@host:~$ docker pu user@host:~$ docker pul user@host:~$ docker pull user@host:~$ docker pull user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 user@host:~$ docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 latest: Pulling from deepfenceio/yara-hunterDigest: sha256:b82f0143f2a1530720c40ee780f78ab138d04f95b65af7a32a31678a712abe01Status: Image is up to date for quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2docker.io/quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2user@host:~$ user@host:~$ docker pull metal3d/xmrig user@host:~$ docker pull metal3d/xmrig user@host:~$ docker pull metal3d/xmrig Using default tag: latestlatest: Pulling from metal3d/xmriDigest: sha256:c3c27a8b2f6beede6d9c0a7e5b79bb7a7b0002cca40565e7bfd2e447f3a2a628Status: Image is up to date for metal3d/xmrig:latestdocker.io/metal3d/xmrig:latestuser@host:~$ docker run user@host:~$ docker run -it user@host:~$ docker run -it --rm user@host:~$ docker run -it --rm --name=yara-hunter user@host:~$ docker run -it --rm --name=yara-hunter \ -v -v /var/run/docker.sock:/var/run/docker.sock -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output -v /tmp:/home/deepfence/output \ quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name --image-name metal3d/xmrig:latest --image-name metal3d/xmrig:latest \ --json-filename=xmrig-scan.json --json-filename=xmrig-scan.json connected successfully using endpoint: unix:///var/run/docker.sock container runtime detected: docker{ "Timestamp": "2022-08-18 13:58:41.543309237 +00:00", "Image Name": "metal3d/xmrig:latest", "Image ID": "a01f1ffa6691423ef43bfaee2a9c9f30fe08ee6df8d9d6586ae9692d90789c5a", "Malware match detected are": [ { "Image Layer ID": "bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789", "Matched Rule Name": "XMRIG_Miner", "Strings to match are": [ "stratum+tcp" ], "Category": [], "File Name": "/tmp/Deepfence/YaRadare/df_metal3dxmriglatest/ExtractedFiles/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/usr/local/bin/xmrig", "ref":"https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e ", "Summary": "The matched rule file's ref is https://gist.github.com/GelosSnake/c2d4d6ef6f93ccb7d3afb5b1e26c7b4e ." } {/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/build/CMakeFiles/xmrig.dir/src/base/net/stratum/Url.cpp.o", "Matched Rule Name": "Cerberus", "cerberus" "Category": ["RAT","memory"],/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/src/3rdparty/fmt/README.rst", "description":"Cerberus ", "author":"Jean-Philippe Teissier / @Jipe_ ", "date":"2013-01-12 ", "filetype":"memory ", "version":"1.0 ", "Summary": "The file /tmp/Deepfence/YaRadare/df_metal3dxmriglatest/ExtractedFiles/bad74b706fcd3e01f4af74337744cbcc84ab60da82c40dd588469c6360258789/xmrig-6.18.0/src/3rdparty/fmt/README.rst has a memory match.The file has a rule match that Cerberus .The matched rule file's author is Jean-Philippe Teissier / @Jipe_ .The matched rule file's date is 2013-01-12 .The matched rule file's filetype is memory .The matched rule file's version is 1.0 ."rc/base/net/stratum/Url.cpp", ] ]}user@host:~$ c user@host:~$ ca user@host:~$ cat user@host:~$ cat user@host:~$ cat / user@host:~$ cat /t user@host:~$ cat /tm user@host:~$ cat /tmp user@host:~$ cat /tmp/ user@host:~$ cat /tmp/x user@host:~$ cat /tmp/xm user@host:~$ cat /tmp/xmr user@host:~$ cat /tmp/xmri user@host:~$ cat /tmp/xmrig user@host:~$ cat /tmp/xmrig- user@host:~$ cat /tmp/xmrig-s user@host:~$ cat /tmp/xmrig-sc user@host:~$ cat /tmp/xmrig-sca user@host:~$ cat /tmp/xmrig-scan user@host:~$ cat /tmp/xmrig-scan. user@host:~$ cat /tmp/xmrig-scan.j user@host:~$ cat /tmp/xmrig-scan.js user@host:~$ cat /tmp/xmrig-scan.jso user@host:~$ cat /tmp/xmrig-scan.json user@host:~$ cat /tmp/xmrig-scan.json user@host:~$ cat /tmp/xmrig-scan.json | user@host:~$ cat /tmp/xmrig-scan.json | user@host:~$ cat /tmp/xmrig-scan.json | j user@host:~$ cat /tmp/xmrig-scan.json | jq user@host:~$ cat /tmp/xmrig-scan.json | jq user@host:~$ cat /tmp/xmrig-scan.json | jq ' user@host:~$ cat /tmp/xmrig-scan.json | jq '. user@host:~$ cat /tmp/xmrig-scan.json | jq '.I user@host:~$ cat /tmp/xmrig-scan.json | jq '.IO user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[ user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | . user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ." user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."M user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Ma user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Mat user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matc user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Match user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matche user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched R user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Ru user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rul user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule N user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Na user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Nam user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name" user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"' user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"'user@host:~$ cat /tmp/xmrig-scan.json | jq '.IOC[] | ."Matched Rule Name"'"XMRIG_Miner""Cerberus" diff --git a/docs/docs/yarahunter/index.md b/docs/docs/yarahunter/index.md index f091df4..8c3c381 100644 --- a/docs/docs/yarahunter/index.md +++ b/docs/docs/yarahunter/index.md @@ -37,7 +37,7 @@ docker run -i --rm --name=deepfence-yarahunter \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name metal3d/xmrig:latest \ --output=json > xmrig-scan.json ``` @@ -59,7 +59,7 @@ docker run -i --rm --name=deepfence-yarahunter \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output \ -v /tmp/rules:/tmp/rules \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name metal3d/xmrig:latest \ --output=json \ --rules-path=/tmp/rules > xmrig-scan.json diff --git a/docs/docs/yarahunter/quickstart.md b/docs/docs/yarahunter/quickstart.md index 09511ea..d503c1f 100644 --- a/docs/docs/yarahunter/quickstart.md +++ b/docs/docs/yarahunter/quickstart.md @@ -9,7 +9,7 @@ Pull the latest YaraHunter image, and use it to scan a `node:latest` container. ## Pull the latest YaraHunter image ```bash -docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 +docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 ``` ## Generate License Key @@ -30,7 +30,7 @@ docker run -i --rm --name=yara-hunter \ -e DEEPFENCE_PRODUCT= \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name node:latest docker rmi node:latest @@ -46,7 +46,7 @@ docker run -i --rm --name=yara-hunter \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp:/home/deepfence/output \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ --image-name node:latest \ --output=json > node-latest.json diff --git a/docs/docs/yarahunter/using/build.md b/docs/docs/yarahunter/using/build.md index b42da00..7723d78 100644 --- a/docs/docs/yarahunter/using/build.md +++ b/docs/docs/yarahunter/using/build.md @@ -7,11 +7,11 @@ title: Build YaraHunter YaraHunter is a self-contained docker-based tool. Clone the [YaraHunter repository](https://github.com/deepfence/YaraHunter), then build: ```bash -docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 -f Dockerfile . +docker build --rm=true --tag=quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 -f Dockerfile . ``` -Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0`. +Alternatively, you can pull the official deepfence image at `quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2`. ```bash -docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 +docker pull quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 ``` diff --git a/docs/docs/yarahunter/using/grpc.md b/docs/docs/yarahunter/using/grpc.md index 4a35827..57a7a42 100644 --- a/docs/docs/yarahunter/using/grpc.md +++ b/docs/docs/yarahunter/using/grpc.md @@ -27,7 +27,7 @@ docker run -it --rm --name=deepfence-malwarescanner \ -v $(pwd):/home/deepfence/output \ -v /var/run/docker.sock:/var/run/docker.sock \ -v /tmp/sock:/tmp/sock \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ -socket-path /tmp/sock/s.sock ``` diff --git a/docs/docs/yarahunter/using/scan.md b/docs/docs/yarahunter/using/scan.md index 6a82b89..27f8cdd 100644 --- a/docs/docs/yarahunter/using/scan.md +++ b/docs/docs/yarahunter/using/scan.md @@ -18,7 +18,7 @@ docker run -it --rm --name=yara-hunter \ -e DEEPFENCE_PRODUCT= \ -e DEEPFENCE_LICENSE= \ -v /var/run/docker.sock:/var/run/docker.sock \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ # highlight-next-line --image-name node:latest @@ -36,7 +36,7 @@ docker run -it --rm --name=yara-hunter \ -v /var/run/docker.sock:/var/run/docker.sock \ # highlight-next-line -v /:/deepfence/mnt \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ # highlight-next-line --host-mount-path /deepfence/mnt --container-id 69221b948a73 ``` @@ -51,7 +51,7 @@ docker run -it --rm --name=yara-hunter \ -e DEEPFENCE_LICENSE= \ # highlight-next-line -v ~/src/YARA-RULES:/tmp/YARA-RULES \ - quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.0 \ + quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 \ # highlight-next-line --local /tmp/YARA-RULES --host-mount-path /tmp/YARA-RULES ``` diff --git a/go.mod b/go.mod index 3612ecb..fd2edd6 100644 --- a/go.mod +++ b/go.mod @@ -7,14 +7,14 @@ replace github.com/deepfence/agent-plugins-grpc => ./agent-plugins-grpc require ( github.com/VirusTotal/gyp v0.9.0 github.com/deepfence/agent-plugins-grpc v0.0.0-00010101000000-000000000000 - github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f - github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f + github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769 + github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769 github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c github.com/gabriel-vasile/mimetype v1.4.6 github.com/hillu/go-yara/v4 v4.3.3 github.com/olekukonko/tablewriter v0.0.5 github.com/sirupsen/logrus v1.9.3 - google.golang.org/grpc v1.67.1 + google.golang.org/grpc v1.69.2 gopkg.in/yaml.v3 v3.0.1 ) @@ -40,7 +40,7 @@ require ( github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect github.com/docker/go-units v0.5.0 // indirect github.com/felixge/httpsnoop v1.0.3 // indirect - github.com/go-logr/logr v1.3.0 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -66,14 +66,14 @@ require ( github.com/pkg/errors v0.9.1 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect - go.opentelemetry.io/otel v1.21.0 // indirect - go.opentelemetry.io/otel/metric v1.21.0 // indirect - go.opentelemetry.io/otel/trace v1.21.0 // indirect + go.opentelemetry.io/otel v1.31.0 // indirect + go.opentelemetry.io/otel/metric v1.31.0 // indirect + go.opentelemetry.io/otel/trace v1.31.0 // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.26.0 // indirect golang.org/x/text v0.19.0 // indirect google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect google.golang.org/protobuf v1.35.1 // indirect ) diff --git a/go.sum b/go.sum index 7251e4d..005d1e8 100644 --- a/go.sum +++ b/go.sum @@ -40,10 +40,10 @@ github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3H github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f h1:XI49+zaunyxw7tlUzS8DHzf9PTvDp+/CQDF/xcyaxVU= -github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o= -github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f h1:819FVayVu5J10JSXfIxl75kiQDF73/aTxkOrImtviNU= -github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241112090544-f42aabb5dc7f/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U= +github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769 h1:c55yJVYimo2iGiJcVH/cqpqXUdKgQ5PMGGcKZHqLkLA= +github.com/deepfence/golang_deepfence_sdk/client v0.0.0-20241220101350-67a37a759769/go.mod h1:UkHg/qLuPVnTqx4fPwmc2DhlNp5isdYwIxQ63B9JB4o= +github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769 h1:p5l4xp6CcZE4XqiRATyx8C+X44Ij7jVRxGaDq8UhVM4= +github.com/deepfence/golang_deepfence_sdk/utils v0.0.0-20241220101350-67a37a759769/go.mod h1:QdyXNUGNYGPMj8ls9R4N1y/IzmM7LrBQSBC/QuYCX+U= github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c h1:0nXgsUJAvP3tgENagcuKlzb92AZFbBAONSE1QmEJzYc= github.com/deepfence/match-scanner v0.0.0-20241104190155-00799508ab6c/go.mod h1:mrnCFKtEOzLlNUkagkwQeWWdPtrVIZLc7nbEX/7PbaU= github.com/deepfence/vessel v0.13.0 h1:QRtjtuvSXdjrFt4Nb0SE8FO4n7aUtblFY6am/c9oeIQ= @@ -69,8 +69,8 @@ github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSw github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc= github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= -github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= @@ -177,26 +177,28 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= -go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc= -go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo= +go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= +go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 h1:Mne5On7VWdx7omSrSSZvM4Kw7cS7NQkOOmLcgscI51U= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0/go.mod h1:IPtUMKL4O3tH5y+iXVyAXqpAwMuzC1IrxVS81rummfE= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU= -go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4= -go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM= -go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8= -go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E= -go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc= -go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ= +go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= +go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= +go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= +go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= +go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -261,17 +263,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg= google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3/go.mod h1:5RBcpGRxr25RbDzY5w+dmaqpSEvl8Gwl1x2CICf60ic= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53 h1:fVoAXEKA4+yufmbdVYv+SE73+cPZbbbe8paLsHfkK+U= +google.golang.org/genproto/googleapis/api v0.0.0-20241015192408-796eee8c2d53/go.mod h1:riSXTwQ4+nqmPGtobMFyW5FqVAmIs0St6VPp4Ug7CE4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 h1:X58yt85/IXCx0Y3ZwN6sEIKZzQtDEYaBWrDvErdXrRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/pkg/output/output.go b/pkg/output/output.go index afd6dec..5663cab 100644 --- a/pkg/output/output.go +++ b/pkg/output/output.go @@ -3,7 +3,11 @@ package output import ( "encoding/json" "fmt" + "os" "path/filepath" + "strings" + "time" + "unicode/utf8" "github.com/deepfence/YaraHunter/utils" pb "github.com/deepfence/agent-plugins-grpc/srcgo" @@ -11,11 +15,6 @@ import ( // "github.com/fatih/color" - "os" - "strings" - "time" - "unicode/utf8" - tw "github.com/olekukonko/tablewriter" ) diff --git a/pkg/scan/process_image.go b/pkg/scan/process_image.go index 28084c1..8ff8db3 100644 --- a/pkg/scan/process_image.go +++ b/pkg/scan/process_image.go @@ -3,6 +3,7 @@ package scan import ( "bytes" "errors" + "fmt" "io" "math" "os/exec" @@ -11,8 +12,6 @@ import ( "syscall" "unsafe" - "fmt" - "github.com/gabriel-vasile/mimetype" "github.com/deepfence/YaraHunter/pkg/output" @@ -34,13 +33,6 @@ type manifestItem struct { LayerIds []string `json:",omitempty"` } -type fileMatches struct { - fileName string - iocs []output.IOCFound - updatedScore float64 - updatedSeverity string -} - func calculateSeverity(lenMatch int, severity string, severityScore float64) (string, float64) { updatedSeverity := "low" @@ -214,12 +206,11 @@ func ScanFile(s *Scanner, fileName string, f io.ReadSeeker, fsize int, iocs *[]o Matches: matches, }) } - var fileMat fileMatches - fileMat.fileName = fileName - fileMat.iocs = iocsFound updatedSeverity, updatedScore := calculateSeverity(totalMatches, "low", 0) - fileMat.updatedSeverity = updatedSeverity - fileMat.updatedScore = updatedScore + if updatedSeverity == "low" { + // Ignore low severity malwares + return nil + } if len(matches) > 0 { for _, m := range iocsFound { m.FileSeverity = updatedSeverity