Allow for sample-download with encrypted zip

[mehgrmlhmpf]

Evade local AV interference by downloading samples as optional zip-archive with password "infected".

Since python cannot handle encrypted zips invoke a subprocess for the archiving process.

[doomedraven]

sorry if im confused, but if you use download, you can say zip and in options specify passwd

password - When using the zip or rar package, set the password to use for extraction

[mehgrmlhmpf]

Scenario:
Step 1: Uploaded sample for analysis via webfrontend - at that time AV on local client does not detect the file yet.
Step 2: Need to fetch the sample for sharing with others some time later from the cuckoo - original file on local client has been purged by AV and fetching the file directly from cuckoo also triggers the AV preventing the download

This is for downloading a sample when it is already in the repositiory. Usually clicking the download button in the overview/file page results in a .bin file being sent.

[KillerInstinct]

I'm a fan, allows me to analyze a quarantine file, and it'll download the 'decoded' wuarantine as a password protected zip. Easy dequarantine :)

[seanthegeek]

I like it too. Maybe change the text to "Download as encrypted ZIP" to make what it does a little clearer?

[spender-sandbox]

Too big -- I would almost just rather see a config option for this with the password used being an option too. Then all downloads that could be caught by AV would be handled by this (because this really needs to be done for dropped files, suricata files, etc), and setups where people are simply able to use local AV exclusions don't have a cluttered interface. I think there's also an issue in that the created zips won't ever be deleted.

-Brad

[KillerInstinct]

I would recommend adding a tick box next to the download button for "Encrypted Zip" -- Tick it to get password zip. Could be repurposed for all other downloads, not much clutter this way as well. Only problem is we'd need to refactor the file downloads as currently the button is a GET request, and I'm not aware of an easy way to add tick-box like functionality to GET based downloads. :)

EDIT: also may be hard to accomplish backwards compatibility

[mehgrmlhmpf]

I like the idea of adding a configurable conf line like:

encrypted_zip_downloads = true
password = "infected"

Then having a function for the download as zip, which is only invoked, when it is enabled in the config.

No changes in the UI would be necessary. All download buttons may stay as they are. I guess the encrypted zip download for people who need it is standard and an additional checkbox is not necessary then.

Changing the request for checkboxes and refactoring would break quite a few things and i would not want to add checkboxes to all download buttons.

Deletion of the file may occur after the file is delivered to the user. That would remove the clutter in the binaries folder - good point.

I'll try to have a look into this later if this is an agreed way forward.

[mehgrmlhmpf]

closed as per new PR #210