Test: Add test for alerting on images extracted from XLS

Using a fuzzy hash test for the clamav daemon JPEG attached to the XLS
document.  Not yet testing PNG, because the fuzzy hash implementation
isn't properly hashing that file, yet.

This test is for a regression where malware detection wasn't properly
being tracked for OLE2 (XLS) image extraction / scanning.
pull/570/head
Micah Snyder 3 years ago committed by Micah Snyder
parent 907af3ab14
commit d86811ad47
  1. 37
      unit_tests/clamscan_test.py

@ -326,7 +326,7 @@ class TC(testcase.TestCase):
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_11_image_fuzzy_hash_sigs(self):
def test_clamscan_12_image_fuzzy_hash_sigs(self):
self.step_name('Test that each type of hash sig is detected in all-match mode')
os.mkdir(str(TC.path_db / 'image-fuzzy-hash-test-sigs'))
@ -432,7 +432,7 @@ class TC(testcase.TestCase):
self.verify_output(output.err, expected=expected_stderr)
self.verify_output(output.out, unexpected=unexpected_stdout)
def test_clamscan_12_yara_regex(self):
def test_clamscan_13_yara_regex(self):
self.step_name('Test yara signature - detect TAR file magic in a range')
db = TC.path_tmp / 'regex.yara'
@ -467,3 +467,36 @@ rule regex
'Infected files: 1',
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_14_xls_jpeg_detection(self):
self.step_name('Test that clamav can successfully alert on jpeg image extracted from XLS documents')
# Note: we aren't testing PNG because the attached PNG is not properly fuzzy-hashed by clamav, yet.
os.mkdir(str(TC.path_db / 'xls-jpeg-detection-sigs'))
(TC.path_db / 'image-fuzzy-hash-test-sigs' / 'good.ldb').write_text(
"logo.png.good;Engine:150-255,Target:0;0;fuzzy_img#ea0f85d0de719887#0\n"
)
testfiles = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'has_png_and_jpeg.xls'
command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --gen-json --debug --allmatch'.format(
valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan,
path_db=TC.path_db / 'image-fuzzy-hash-test-sigs' / 'good.ldb',
testfiles=testfiles,
)
output = self.execute_command(command)
assert output.ec == 1 # no virus, no failures
expected_stderr = [
'Recognized PNG file',
'Recognized JPEG file',
'"FileMD5":"41e64a9ddb49690f0b6fbbd71362b1b3"',
'"FileMD5":"5341e0efde53a50c416b2352263e7693"',
]
self.verify_output(output.err, expected=expected_stderr)
expected_stdout = [
'has_png_and_jpeg.xls: logo.png.good.UNOFFICIAL FOUND',
]
self.verify_output(output.out, expected=expected_stdout)

Loading…
Cancel
Save