Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PoC Event-based malware check #7198

Closed
woodruffw opened this issue Jan 7, 2020 · 4 comments
Closed

PoC Event-based malware check #7198

woodruffw opened this issue Jan 7, 2020 · 4 comments
Assignees
@woodruffw
Labels
malware-detection Issues related to automated malware detection.
Milestone
Package signing &...

Comments

@woodruffw
Copy link
Member

Once #7196 has settled, we'll need an initial (non-stub) malware check for proofing the event-based check system.

The current proposal: our PoC check will be based on YARA, and will include patterns for detecting unusual/malicious patterns in setup.py files. Examples of unusual and malicious patterns:

  • Attempting to spawn or invoke processes: os.system, os.exec*, os.posix_spawn*, etc.
  • Attempting to perform network requests
  • Attempting to call deserialization routines frequently used for ACE and/or obfuscation

See #7096.
@woodruffw woodruffw added the malware-detection Issues related to automated malware detection. label Jan 7, 2020
@woodruffw woodruffw self-assigned this Jan 7, 2020
This was referenced Jan 7, 2020
Closed
Closed
@ewjoachim
Copy link
Contributor

(Just to save someone a google search: YARA probably refers to https://github.com/VirusTotal/yara )

@woodruffw
Copy link
Member Author

(Just to save someone a google search: YARA probably refers to https://github.com/VirusTotal/yara )

Yep, that's the one.

@woodruffw woodruffw mentioned this issue Jan 16, 2020
Merged
@woodruffw
Copy link
Member Author

Began work on this in #7249.

@woodruffw
Copy link
Member Author

Merged; will close when this hits master.

@xmunoz xmunoz closed this as completed Feb 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@woodruffw woodruffw

Labels
malware-detection Issues related to automated malware detection.
Projects
None yet
Milestone
Package signing & detection/verification
Development

No branches or pull requests
3 participants
@xmunoz @ewjoachim @woodruffw