From 6ecee305b90a86393226c0f7a8403d183928d611 Mon Sep 17 00:00:00 2001 From: r00t0vi4 Date: Tue, 29 Jan 2019 19:04:54 +0300 Subject: [PATCH] Update antivirus_irma.py Some IRMA probes in 'report.json' may contain filed "status" with value equal to "-1". Json chunk containing "status":-1 does not contain "resuts" field (other chunks with different status value contains "result" field) This leads to the following error: ``` Failed to run 'on_complete' of the antivirus_irma signature Traceback (most recent call last): File "/opt/cuckoo/venv/local/lib/python2.7/site-packages/cuckoo/core/plugins.py", line 414, in call_signature if not signature.matched and handler(*args, **kwargs): File "/opt/cuckoo/data/signatures/windows/antivirus_irma.py", line 33, in on_complete verdict = result["results"] KeyError: 'results' ``` Some kind of check or exception handling is required here --- modules/signatures/windows/antivirus_irma.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/signatures/windows/antivirus_irma.py b/modules/signatures/windows/antivirus_irma.py index 0a0480da3..4d4a8e2b4 100644 --- a/modules/signatures/windows/antivirus_irma.py +++ b/modules/signatures/windows/antivirus_irma.py @@ -30,8 +30,9 @@ def on_complete(self): results = results.get("probe_results") for result in results: engine = result["name"] - verdict = result["results"] - if verdict: - self.mark_ioc(engine, verdict) + if result.get("results"): + verdict = result["results"] + if verdict: + self.mark_ioc(engine, verdict) return self.has_marks()