-
Notifications
You must be signed in to change notification settings - Fork 50
Virus Total Scanner
g3tsyst3m edited this page Jun 15, 2023
·
11 revisions
With the newly added Virus Total File extraction scanner, you have the capability of scanning .exe, .zip, and .php files to check if any malicious filetypes were downloaded on your LAN.
While Suricata pulls in packets it simultaneously looks for files within those packets and extracts them for you. These get placed here: /var/log/suricata/files/
This MUST be configured in the suricata.yaml file prior to using the new Virus Total Scan Feature. Here's how to enable it:
sudo nano /opt/suricata/etc/suricata/suricata.yaml
find this section in the config:
- file-store:
enabled: yes # set to yes to enable
log-dir: files # directory to store the files
force-magic: no # force logging magic on all stored files
force-md5: no # force logging of md5 checksums
force-filestore: yes # force storing of all files
#waldo: file.waldo # waldo file to store the file_id across runs
make yours look like my config above