From de03756134fc3ae72436d8f7a9d31d49635717fc Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Tue, 12 Feb 2019 22:06:12 +0900 Subject: [PATCH 01/10] Removed the files that was detected by F-Secure Anti-Virus. --- Rakefile | 6 ++++++ payload.txt | 11 +++++++++++ 2 files changed, 17 insertions(+) create mode 100644 payload.txt diff --git a/Rakefile b/Rakefile index ed55af9..b90dbbc 100644 --- a/Rakefile +++ b/Rakefile @@ -94,6 +94,12 @@ task :unpack do } } + File.open("payload.txt") do |f| + f.each_line do |i| + puts "remove: #{i}" + FileUtils.rm_rf "#{LATEST_DIR}/#{i}" + end + end end task :index => :index_codesearch diff --git a/payload.txt b/payload.txt new file mode 100644 index 0000000..21f119a --- /dev/null +++ b/payload.txt @@ -0,0 +1,11 @@ +EICAR-0.0.6/bin/eicar.com +clamd-1.0.1/spec/fixtures/virus +clamrb-0.0.3/test/files/eicar.txt +clamav-0.4.1/spec/clamav-testfiles/eicar.com +clamav-0.4.1/spec/clamav-testfiles/test.txt +metasploit-payloads-1.3.60/data/java/metasploit/RMILoader.class +meterpreter_bins-0.0.22/meterpreter/metsrv.x64.dll +meterpreter_bins-0.0.22/meterpreter/ext_server_priv.x86.dll +metasploit-payloads-1.3.60/data/java/metasploit/Payload.class +warp-clamav-0.3.1/spec/clamav-testfiles/eicar.com +warp-clamav-0.3.1/spec/clamav-testfiles/test.txt From 59b9f62251be9809151508cfc6f7bfe5b2759228 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Tue, 12 Feb 2019 22:14:04 +0900 Subject: [PATCH 02/10] Use File.exist? --- Rakefile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Rakefile b/Rakefile index b90dbbc..2cb9b89 100644 --- a/Rakefile +++ b/Rakefile @@ -96,8 +96,10 @@ task :unpack do File.open("payload.txt") do |f| f.each_line do |i| - puts "remove: #{i}" - FileUtils.rm_rf "#{LATEST_DIR}/#{i}" + if File.exist? f + puts "remove: #{i}" + File.unlink "#{LATEST_DIR}/#{i}" + end end end end From 6cdcbc390663f79e1a02d4bef3f0780984afba9a Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Tue, 19 Feb 2019 10:06:24 +0900 Subject: [PATCH 03/10] Cleanup files without Ruby code. --- Rakefile | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 2cb9b89..c3c0e38 100644 --- a/Rakefile +++ b/Rakefile @@ -1,6 +1,8 @@ require 'rbconfig' require 'fileutils' require 'find' +require 'open3' +require 'pathname' require 'pp' task :default => :help @@ -140,12 +142,20 @@ def fix_permission(dir) } end +EXT_NAMES = %w(.rb .ru .gemspec .rake .cmd .gemfile .thor) def clean_files(dir) return unless File.exist? dir Find.find(dir) {|fn| st = File.lstat(fn) if st.file? - if fn.end_with?('.ri') + if !(EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) + File.unlink fn + next + end + + _, _, _, wait_thr = *Open3.popen3("ruby -c #{fn}") + if wait_thr.value.exitstatus != 0 + puts "removed: #{fn}" File.unlink fn end end From 5a307d2923e01264998032e8cb652709e3a377b2 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Tue, 19 Feb 2019 11:17:03 +0900 Subject: [PATCH 04/10] Fixed wrong reference --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index c3c0e38..2cd0701 100644 --- a/Rakefile +++ b/Rakefile @@ -98,7 +98,7 @@ task :unpack do File.open("payload.txt") do |f| f.each_line do |i| - if File.exist? f + if File.exist? i puts "remove: #{i}" File.unlink "#{LATEST_DIR}/#{i}" end From 2c0762af6c5d78457e1f1503e0cfd105c49312e9 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 19:29:29 +0900 Subject: [PATCH 05/10] Added wacaw to ignored list for fsecure. --- payload.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/payload.txt b/payload.txt index 21f119a..2f98ba0 100644 --- a/payload.txt +++ b/payload.txt @@ -9,3 +9,4 @@ meterpreter_bins-0.0.22/meterpreter/ext_server_priv.x86.dll metasploit-payloads-1.3.60/data/java/metasploit/Payload.class warp-clamav-0.3.1/spec/clamav-testfiles/eicar.com warp-clamav-0.3.1/spec/clamav-testfiles/test.txt +video_to_ascii-0.0.3/bin/wacaw From 6e2f92c9a3e7a1876b1079a1dc17124cf80b0116 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 19:30:07 +0900 Subject: [PATCH 06/10] Also ignored C/C++ languages. --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 2cd0701..feaaf12 100644 --- a/Rakefile +++ b/Rakefile @@ -142,7 +142,7 @@ def fix_permission(dir) } end -EXT_NAMES = %w(.rb .ru .gemspec .rake .cmd .gemfile .thor) +EXT_NAMES = %w(.rb .ru .gemspec .rake .cmd .gemfile .thor .c .h .cpp .hpp) def clean_files(dir) return unless File.exist? dir Find.find(dir) {|fn| From 7f1cb34d70fd618942a6320795226a81612cf4f7 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 19:30:57 +0900 Subject: [PATCH 07/10] Added verbose message. --- Rakefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index feaaf12..c187f48 100644 --- a/Rakefile +++ b/Rakefile @@ -150,13 +150,14 @@ def clean_files(dir) if st.file? if !(EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) File.unlink fn + puts "removed: #{fn}" next end _, _, _, wait_thr = *Open3.popen3("ruby -c #{fn}") if wait_thr.value.exitstatus != 0 - puts "removed: #{fn}" File.unlink fn + puts "removed: #{fn}" end end } From 23c13dff31914395b5a5e619fdaed054e49e57f9 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 19:34:40 +0900 Subject: [PATCH 08/10] Tweak to remove payload feature. --- Rakefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index c187f48..69b3fa7 100644 --- a/Rakefile +++ b/Rakefile @@ -98,9 +98,10 @@ task :unpack do File.open("payload.txt") do |f| f.each_line do |i| + i.chomp! if File.exist? i - puts "remove: #{i}" File.unlink "#{LATEST_DIR}/#{i}" + puts "removed: #{i}" end end end From b4a3ed9cc89ccee5a54cf9de45e318f8e1b41a29 Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 20:08:11 +0900 Subject: [PATCH 09/10] Fixed condition for C languages. --- Rakefile | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/Rakefile b/Rakefile index 69b3fa7..5c7b6b9 100644 --- a/Rakefile +++ b/Rakefile @@ -143,22 +143,25 @@ def fix_permission(dir) } end -EXT_NAMES = %w(.rb .ru .gemspec .rake .cmd .gemfile .thor .c .h .cpp .hpp) +RB_EXT_NAMES = %w(.rb .ru .gemspec .rake .cmd .gemfile .thor) +C_EXT_NAMES = %w(.c .h .cpp .hpp) def clean_files(dir) return unless File.exist? dir Find.find(dir) {|fn| st = File.lstat(fn) if st.file? - if !(EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) - File.unlink fn - puts "removed: #{fn}" + if C_EXT_NAMES.any?{|ext| fn.end_with?(ext)} next - end - - _, _, _, wait_thr = *Open3.popen3("ruby -c #{fn}") - if wait_thr.value.exitstatus != 0 + elsif !(EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) File.unlink fn puts "removed: #{fn}" + next + else + _, _, _, wait_thr = *Open3.popen3("ruby -c #{fn}") + if wait_thr.value.exitstatus != 0 + File.unlink fn + puts "removed: #{fn}" + end end end } From 27de90f7d5abfe6953828ed692bec3d788ee5a9b Mon Sep 17 00:00:00 2001 From: SHIBATA Hiroshi Date: Mon, 25 Feb 2019 21:37:58 +0900 Subject: [PATCH 10/10] oops --- Rakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rakefile b/Rakefile index 5c7b6b9..babbf91 100644 --- a/Rakefile +++ b/Rakefile @@ -152,7 +152,7 @@ def clean_files(dir) if st.file? if C_EXT_NAMES.any?{|ext| fn.end_with?(ext)} next - elsif !(EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) + elsif !(RB_EXT_NAMES.any?{|ext| fn.end_with?(ext)} || Pathname(fn).extname.empty?) File.unlink fn puts "removed: #{fn}" next