-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathcloud_one_antimalware_test.py
53 lines (48 loc) · 2.2 KB
/
cloud_one_antimalware_test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
import requests
import codecs
from cloud_one_workload_security_demo_utils import sendheartbeat
# This is the anti-malware test
# It assumes that real-time antimalware is on the system
# It then attempts to download various versions of the eicar file
# If real-time anti-malware is on the system then these tests should trigger events
# The test will also perform a heartbeat to ensure the events get back to
# Cloud One Workload Security or Deep Security Manager
def antimalwaretest (operating_system):
# Set up the filenames to write the downloaded files to
tempfile = "eicar.com"
tempfile2 = "eicar.com.txt"
tempfile3 = "eicar_com.zip"
tempfile4 = "eicarcom2.zip"
# Attempt to download the various eicar test files
print("---Running Anti-Malware Test---")
print("Downloading eicar.com")
downloadfileutf8('https://secure.eicar.org/eicar.com', tempfile)
print("Downloading eicar.com.txt")
downloadfileutf8('https://secure.eicar.org/eicar.com.txt', tempfile2)
print("Downloading eicar_com.zip")
downloadfilebinary('https://secure.eicar.org/eicar_com.zip', tempfile3)
print("Downloading eicarcom2.zip")
downloadfilebinary('https://secure.eicar.org/eicarcom2.zip', tempfile4)
print("---Anti-Malware Test Complete---")
#Perform a heartbeat to get the events to Cloud One or Deep Security Manager
sendheartbeat(operating_system)
# This function will download a text file
# This works for eicar.com and eicar.com.txt
# Where the file contents are standard text
def downloadfileutf8(url, tempfile):
# Download the eicar file and save it to disk for AM to detect
x = requests.get(url)
f = codecs.open(tempfile, "a", encoding="utf8")
f.write(x.text)
f.close
# This function will download a binary file
# This works for eicar_com.zip and eicarcom2.zip
# Where the file contents are not standard text
# and are in binary format
def downloadfilebinary(url, tempfile):
# Download the eicar file and save it to disk for AM to detect
r = requests.get(url, stream=True)
with open(tempfile, 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
if chunk: # filter out keep-alive new chunks
f.write(chunk)