add es basicauth

.circleci/config.yml

@@ -3,11 +3,11 @@ jobs:
   build:
     working_directory: /app
     docker:
-      - image: docker:17.07.0-ce-git
+      - image: docker:18.03.1-ce-git
     steps:
       - checkout
       - setup_remote_docker:
-          version: 17.07.0-ce
+          version: 18.03.1-ce
       - run:
           name: Install dependencies
           command: |
@@ -50,11 +50,25 @@ jobs:
             docker create -v /malware --name malvol alpine:3.8 /bin/true
             docker cp /tmp/sample malvol:/malware
       - run:
-          name: Run tests
+          name: Run test
           command: |
             set -x
             docker run --rm --volumes-from malvol app -V sample | jq .
             docker run --rm --volumes-from malvol app -t sample
+      # - run:
+      #     name: Download samples
+      #     command: |
+      #       docker create -v /malware --name malvol2 --entrypoint=sh malice/alpine /bin/true
+      #       docker run --rm -it --volumes-from malvol2 \
+      #        malice/get-mauled -V malware-samples
+      # - run:
+      #     name: Run tests
+      #     command: |
+      #       set -x
+      #       for file in $(docker run --volumes-from malvol2 alpine ls -1 /malware)
+      #       do
+      #         docker run --rm --volumes-from malvol2 app $file | jq .
+      #       done
       - run:
           name: Run update test
           command: |

Dockerfile

@@ -24,7 +24,7 @@ RUN apk --update add --no-cache -t .build-deps \
   && export GOPATH=/go \
   && go version \
   && go get \
-  && go build -ldflags "-s -w -X main.Version=$(cat VERSION) -X main.BuildTime=$(date -u +%Y%m%d)" -o /bin/avscan \
+  && go build -ldflags "-s -w -X main.Version=v$(cat VERSION) -X main.BuildTime=$(date -u +%Y%m%d)" -o /bin/avscan \
   && rm -rf /go /usr/local/go /usr/lib/go /tmp/* \
   && apk del --purge .build-deps
 

Gopkg.toml

@@ -39,7 +39,7 @@
 
 [[constraint]]
   branch = "master"
-  name = "github.com/malice-plugins/go-plugin-utils"
+  name = "github.com/malice-plugins/pkgs"
 
 [[constraint]]
   name = "github.com/parnurzeal/gorequest"

Makefile

@@ -51,7 +51,7 @@ ifeq ("$(shell docker inspect -f {{.State.Running}} elasticsearch)", "true")
 	@docker rm -f elasticsearch || true
 endif
 	@echo "===> Starting elasticsearch"
-	@docker run --init -d --name elasticsearch -p 9200:9200 malice/elasticsearch:6.3; sleep 15
+	@docker run --init -d --name elasticsearch -p 9200:9200 malice/elasticsearch:6.4; sleep 15
 
 .PHONY: malware
 malware:
@@ -73,29 +73,29 @@ test: malware
 .PHONY: test_elastic
 test_elastic: start_elasticsearch malware
 	@echo "===> ${NAME} test_elastic found"
-	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH=elasticsearch -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE)
-	# @echo "===> ${NAME} test_elastic NOT found"
-	# docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH=elasticsearch $(ORG)/$(NAME):$(VERSION) -V --api ${MALICE_VT_API} lookup $(MISSING_HASH)
+	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(MALWARE)
+	@echo "===> ${NAME} test_elastic NOT found"
+	docker run --rm --link elasticsearch -e MALICE_ELASTICSEARCH_URL=http://elasticsearch:9200 -v $(PWD):/malware $(ORG)/$(NAME):$(VERSION) -V $(NOT_MALWARE)
 	http localhost:9200/malice/_search | jq . > docs/elastic.json
 
 .PHONY: test_markdown
-test_markdown:
+test_markdown: test_elastic
 	@echo "===> ${NAME} test_markdown"
 	# http localhost:9200/malice/_search query:=@docs/query.json | jq . > docs/elastic.json
 	cat docs/elastic.json | jq -r '.hits.hits[] ._source.plugins.${CATEGORY}.${NAME}.markdown' > docs/SAMPLE.md
 
 .PHONY: test_web
 test_web: malware stop
-	@echo "===> ${NAME} web service"
-	@docker run --init -d --name $(NAME) -p 3993:3993 -v `pwd`/rules:/rules $(ORG)/$(NAME):$(VERSION) -V web
+	@echo "===> Starting web service"
+	@docker run -d --name $(NAME) -p 3993:3993 $(ORG)/$(NAME):$(VERSION) web
 	http -f localhost:3993/scan malware@$(MALWARE)
-	http -f localhost:3993/scan malware@$(NOT_MALWARE)
-	@docker container rm -f $(NAME)
+	@echo "===> Stopping web service"
+	@docker logs $(NAME)
+	@docker rm -f $(NAME)
 
 .PHONY: stop
-stop:
-	@echo "===> Stopping container ${NAME}"
-	@docker container rm -f $(NAME) || true
+stop: ## Kill running docker containers
+	@docker rm -f $(NAME) || true
 
 .PHONY: circle
 circle: ci-size

README.md

@@ -1,29 +1,31 @@
-# clamav
+# malice-clamav
 
 [![Circle CI](https://circleci.com/gh/malice-plugins/clamav.png?style=shield)](https://circleci.com/gh/malice-plugins/clamav)
 [![License](http://img.shields.io/:license-mit-blue.svg)](http://doge.mit-license.org)
 [![Docker Stars](https://img.shields.io/docker/stars/malice/clamav.svg)](https://hub.docker.com/r/malice/clamav/)
 [![Docker Pulls](https://img.shields.io/docker/pulls/malice/clamav.svg)](https://hub.docker.com/r/malice/clamav/)
-[![Docker Image](https://img.shields.io/badge/docker%20image-203MB-blue.svg)](https://hub.docker.com/r/malice/clamav/)
+[![Docker Image](https://img.shields.io/badge/docker%20image-205MB-blue.svg)](https://hub.docker.com/r/malice/clamav/)
 
-This repository contains a **Dockerfile** of [ClamAV](http://www.clamav.net/lang/en/) for [Docker](https://www.docker.io/)'s [trusted build](https://index.docker.io/u/malice/clamav/) published to the public [DockerHub](https://index.docker.io/).
+Malice ClamAV AntiVirus
+
+> This repository contains a **Dockerfile** of [ClamAV](http://www.clamav.net/lang/en/) for [Docker](https://www.docker.io/)'s [trusted build](https://index.docker.io/u/malice/clamav/) published to the public [DockerHub](https://index.docker.io/).
 
 ### Dependencies
 
 - [malice/alpine](https://hub.docker.com/r/malice/alpine/)
 
-### Installation
+## Installation
 
-1.  Install [Docker](https://www.docker.io/).
-2.  Download [trusted build](https://hub.docker.com/r/malice/clamav/) from public [DockerHub](https://hub.docker.com): `docker pull malice/clamav`
+1. Install [Docker](https://www.docker.io/).
+2. Download [trusted build](https://hub.docker.com/r/malice/clamav/) from public [DockerHub](https://hub.docker.com): `docker pull malice/clamav`
 
 ### Usage
 
 ```
 docker run --rm malice/clamav EICAR
 ```
 
-#### Or link your own malware folder:
+### Or link your own malware folder:
 
 ```bash
 $ docker run --rm -v /path/to/malware:/malware:ro malice/clamav FILE
@@ -32,25 +34,25 @@ Usage: clamav [OPTIONS] COMMAND [arg...]
 
 Malice ClamAV Plugin
 
-Version: v0.1.0, BuildTime: 20160214
+Version: v0.1.0, BuildTime: 20180903
 
 Author:
   blacktop - <https://github.com/blacktop>
 
 Options:
-  --verbose, -V         verbose output
-  --table, -t	       output as Markdown table
-  --callback, -c	    POST results to Malice webhook [$MALICE_ENDPOINT]
-  --proxy, -x	       proxy settings for Malice webhook endpoint [$MALICE_PROXY]
-  --timeout value       malice plugin timeout (in seconds) (default: 60) [$MALICE_TIMEOUT]
-  --elasitcsearch value elasitcsearch address for Malice to store results [$MALICE_ELASTICSEARCH]
-  --help, -h	        show help
-  --version, -v	     print the version
+  --verbose, -V          verbose output
+  --table, -t            output as Markdown table
+  --callback, -c         POST results to Malice webhook [$MALICE_ENDPOINT]
+  --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
+  --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
+  --timeout value        malice plugin timeout (in seconds) (default: 60) [$MALICE_TIMEOUT]
+  --help, -h             show help
+  --version, -v          print the version
 
 Commands:
-  update	Update virus definitions
-  web       Create a ClamAV scan web service
-  help		Shows a list of commands or help for one command
+  update  Update virus definitions
+  web     Create a ClamAV scan web service
+  help    Shows a list of commands or help for one command
 
 Run 'clamav COMMAND --help' for more information on a command.
 ```
@@ -91,20 +93,20 @@ Run 'clamav COMMAND --help' for more information on a command.
 - [To post results to a webhook](https://github.com/malice-plugins/clamav/blob/master/docs/callback.md)
 - [To update the AV definitions](https://github.com/malice-plugins/clamav/blob/master/docs/update.md)
 
-### Issues
+## Issues
 
 Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to [file an issue](https://github.com/malice-plugins/clamav/issues/new).
 
-### CHANGELOG
+## CHANGELOG
 
 See [`CHANGELOG.md`](https://github.com/malice-plugins/clamav/blob/master/CHANGELOG.md)
 
-### Contributing
+## Contributing
 
 [See all contributors on GitHub](https://github.com/malice-plugins/clamav/graphs/contributors).
 
 Please update the [CHANGELOG.md](https://github.com/malice-plugins/clamav/blob/master/CHANGELOG.md) and submit a [Pull Request on GitHub](https://help.github.com/articles/using-pull-requests/).
 
-### License
+## License
 
 MIT Copyright (c) 2016 **blacktop**

VERSION

@@ -1 +1 @@
-v0.1.0
+0.1.0

config.toml

@@ -0,0 +1,14 @@
+# malice/clamav plugin configuration.
+
+name = 'clamav'
+description = 'Malice ClamAV AntiVirus'
+category = 'av'
+version = '0.1.0'
+
+accepts = [ '*' ]
+
+[system]
+cpu = 0.5
+ram = 256 # MB
+
+[settings]

docs/SAMPLE.md

@@ -1,5 +1,11 @@
 #### ClamAV
-| Infected      | Result      | Engine      | Updated      |
-|:-------------:|:-----------:|:-----------:|:------------:|
-| true | Win.Trojan.Backspace-1 | 0.100.0 | 20180729 |
 
+| Infected |         Result         | Engine  | Updated  |
+| :------: | :--------------------: | :-----: | :------: |
+|   true   | Win.Trojan.Backspace-1 | 0.100.1 | 20180903 |
+
+#### ClamAV
+
+| Infected | Result | Engine  | Updated  |
+| :------: | :----: | :-----: | :------: |
+|  false   |        | 0.100.1 | 20180903 |