Andy Smith's Blog

Getting Dionaea to scan previously collected Malware

  • Dionaea
  • Honeypots
  • Virustotal tags:
  • virustotal dionaea

Update: This is in old post and the scripts got lost when I moved hosts. There is a script here: http://carnivore.it/2010/10/07/virustotal_api under "processing backlog" that will do what I describe below.

I finally got around to signing up for a Virustotal API key and popping it in to my Dionaea configuration. This gave my logs a lot more information for the new malware that was collected. My problem was that all my previous files had no Virustotal scan information attached.

This would not do, so I wrote a Python script to populate the 'vtcache.sqlite' database with all the previous, unscanned pieces of malware. This will cause dionaea to scan all of the old malware with Virustotal and update the dionaea database with all that tasty data.

Most of the magic here is the work of dionaea, all my script does is copy some data from one table to another. You must have the old malware still and the script is written for a setup, like mine, where most of the logs and malware is just left at default.

The script is set up with dionaea defaults for directories, if yours are different you will need to change them by editing the file.

Once configured, simply run:

python vupdate.py

No output is good output. That's all! Any feedback is appreciated, this is definitely experimental so backup anything important before you run it.

Comments !