Determine whenever file is supported by Trend Micro Sandbox solution
This utility by no means detects whenever particular file is dangerous or not, but provides ability to prefilter files before more sofisticated inspection like sandbox analysis or multiscanners.
Program is based on list of supported file formats by Trend Micro Deep Discovery Analyzer.
Build makefile and scripts are adopted for macOS, Linux, and Windows:
Note: To build Periculosum for Windows, Cygwin should be installed with following packages: base, make, autoreconf, libtool, autoconf, automake, gcc-g++, zip, xxd.
Note: To build Periculosum on macOS, follwing packages should be installed: Xcode Command Line Tools, and (using homebrew) libtool, automake
git clone https://github.com/mpkondrashin/periculosum.git
cd periculosum
make
This will generate periculosum, checker programs.
To run tests:
make test
periculosum filename
Exit code will indicate result of check:
- 0 — file is harmless
- 1 — file of this type can be malicious
- 2 — command line error
- 100 — other errors
Command line options:
- -h - show help and exit
- -l — log to stderr check operations
- -m filename — provide alternate magic.mgc file (default is the one in same directory as periculosum executable)
./checker
Input file path from command line and cheker will output 1 or 0 indication whenever this file should or should not be submitted for testing to Sandbox.
Command line options:
- -h - show help and exit
- -l — log to stderr check operations
- -m filename — provide alternate magic.mgc file (default is the one in same directory as periculosum executable)
goperic folder contains "glue" code to use checker in Go projects.