-
Notifications
You must be signed in to change notification settings - Fork 29
Submitting samples
The easiest way to submit samples for analysis to malzoo is by using the API. The API can be enabled and configured in the configuration file and is set by default on localhost and port 1338. Once malzoo is started and the API supplier is running, samples can be added.
To test if the API is working correctly, run curl -X GET http://localhost:1338/test in a shell, replacing the address and port with the configured values. If successful, this should return test successful!
To submit a sample to the analysis queue, run curl -X POST -F file=@/path/to/sample http://localhost:1338/file/add
If a sample needs a different tag then the one defined in the configuration file, run curl -X POST -F file=@/path/to/sample -F tag=yourtaghere http://localhost:1338/file/add
A sample is submitted successfully if the above commands return File submitted for analysis!
Another method of adding samples to the analysis queue is by monitoring a directory for new samples. New samples can be copied in the directory and will be picked up in a few seconds for analysis. The directory that needs to be monitored can be set in the configuration file.
The mailbox supplier focusses on two sample types: e-mail messages and attachments. Both will be analysed and the results stored. Multiple use-cases can be applied on this supplying method. One example is offering a mailbox for employees in a company that can send suspicious mails. Another one could be a sample collector with the samples in attachments.