Not working with normal malice scan

[rufftruffles]

Heya,

After installing, I ran:

malice scan file.txt

It was tested against all other avs but not Kaspersky, it has yet to be added to plug-ins?

[rufftruffles]

Secondly, after installing elk, every time I run a scan it asks:
"All enabled plug-ins not installed would you like to install them now?"

[blacktop]

Can you update malice and try again? I had a bug where it was trying to use the previous version of the config data.

[rufftruffles]

Can you update malice and try again? I had a bug where it was trying to use the previous version of the config data.

Updated and still, the same issue, keeps asking if I want to update:

malice@malice:~$ wget https://github.com/maliceio/malice/releases/download/v0.3.28/malice_0.3.28_linux_amd64.deb
malice@malice:~$ sudo dpkg -i malice_0.3.28_linux_amd64.deb
malice@malice:~$ malice --version
malice version 0.3.28, commit d0a832b99aed88cef5bccbd642e8c4db3f43b557, built at 2018-12-02T04:32:24Z
malice@malice:~$ malice plugin update --all
latest: Pulling from library/busybox
Digest: sha256:2a03a6059f21e150ae84b0973863609494aad70f0a80eaeb64bddd8d92465812
Status: Image is up to date for busybox:latest
6.5: Pulling from malice/elasticsearch
Digest: sha256:0fdbffc5b93cb612bf4d64c93b8627a6438d293a3b0394e0f4054545f99500b8
Status: Image is up to date for malice/elasticsearch:6.5
[Updating Plugin] ===>  nsrl
sha1: Pulling from malice/nsrl
Digest: sha256:d045931233b38487fdc8115fa62f6c2be3713f4c3e471b23771cf2208c6a3e4c
Status: Image is up to date for malice/nsrl:sha1
[Updating Plugin] ===>  virustotal
latest: Pulling from malice/virustotal
Digest: sha256:7231fb70ac2ea15652a3b0e0382518c000d17113fef95436c60c02088e49a15a
Status: Image is up to date for malice/virustotal:latest
[Updating Plugin] ===>  shadow-server
latest: Pulling from malice/shadow-server
Digest: sha256:75548d007199181997f47d43c7d2cac847244a232aa19cfd718440963f2dd6c0
Status: Image is up to date for malice/shadow-server:latest
[Updating Plugin] ===>  fileinfo
latest: Pulling from malice/fileinfo
Digest: sha256:d9dcc2107525809bb67448f96725115b5d611123d414a3c475c5c542c6585f1e
Status: Image is up to date for malice/fileinfo:latest
[Updating Plugin] ===>  yara
neo23x0: Pulling from malice/yara
Digest: sha256:5574d19440876fdcb263aec68e3d874cbb195cfd15b2d7df489089f5be1e8b12
Status: Image is up to date for malice/yara:neo23x0
[Updating Plugin] ===>  avast
latest: Pulling from malice/avast
Digest: sha256:deb977bfdc541e6c46dc592cbc5a0436198a7d852c38273e191111c926592f89
Status: Image is up to date for malice/avast:latest
[Updating Plugin] ===>  avg
latest: Pulling from malice/avg
Digest: sha256:b81a36495070bb7394a7dbef9343c92e454537a0718fe58d5933496fb78c3a5a
Status: Image is up to date for malice/avg:latest
[Updating Plugin] ===>  bitdefender
latest: Pulling from malice/bitdefender
Digest: sha256:754e939735c79696ab5bf4c839ecad5f523195a56e388c36d9b021c0fcbc0294
Status: Image is up to date for malice/bitdefender:latest
[Updating Plugin] ===>  clamav
latest: Pulling from malice/clamav
Digest: sha256:efc66ad16f2b5a1d2ed7266f5256134de6a0fd7c335ccf6a4d9bfc228c11099f
Status: Image is up to date for malice/clamav:latest
[Updating Plugin] ===>  comodo
latest: Pulling from malice/comodo
Digest: sha256:3f7febd1c1224800a99188ad1b31e903a54995ecfab29a66ba83a7c4395c6203
Status: Image is up to date for malice/comodo:latest
[Updating Plugin] ===>  drweb
latest: Pulling from blacktop/drweb
57936531d1ee: Already exists
fcebe94d468c: Already exists
dbc207dd9a1b: Already exists
4dd6fde95465: Already exists
e3fbc79e40ed: Already exists
512ec44a9ba1: Already exists
137ff29d2f56: Already exists
5b53c852eca9: Already exists
Digest: sha256:b6edaebc04b45876dd11f614c6dbef6b09e0a4be1951c15ee7341e7b868535c7
Status: Image is up to date for quay.io/blacktop/drweb:latest
[Updating Plugin] ===>  escan
latest: Pulling from malice/escan
Digest: sha256:c63d7e26f527474d69a08a4357042714b01deb33d7ebb27433158fbc0bef9dbf
Status: Image is up to date for malice/escan:latest
[Updating Plugin] ===>  fprot
latest: Pulling from malice/fprot
Digest: sha256:2ef01db8c067cd948c5d1e0f40621ecd80620bd3f48f5c8113fa7159660219ad
Status: Image is up to date for malice/fprot:latest
[Updating Plugin] ===>  fsecure
latest: Pulling from malice/fsecure
Digest: sha256:8f363e41c45e7b8561cb2a733de8f858f8e0a29eeda0bb1cd21e0b066bb8eb35
Status: Image is up to date for malice/fsecure:latest
[Updating Plugin] ===>  mcafee
latest: Pulling from malice/mcafee
Digest: sha256:da6d5bd90eb83591af3753b0a82f5c77f0c8f2f8ff07284f69f82bcd32ea4727
Status: Image is up to date for malice/mcafee:latest
[Updating Plugin] ===>  sophos
latest: Pulling from malice/sophos
Digest: sha256:84c20a586e63eadd308157a7a8083225eb0b2c87c209971113fa6e0832470111
Status: Image is up to date for malice/sophos:latest
[Updating Plugin] ===>  windows-defender
latest: Pulling from malice/windows-defender
Digest: sha256:14184a5b0cdc0bc54b33056418dcdcdea9137f1d6b00288b8115ad4a81f70798
Status: Image is up to date for malice/windows-defender:latest
[Updating Plugin] ===>  zoner
latest: Pulling from malice/zoner
Digest: sha256:4d690f9f83ab3eccc94631ccbce9c4fe24fbb97021118c300696d1e794704eaa
Status: Image is up to date for malice/zoner:latest
[Updating Plugin] ===>  pescan
latest: Pulling from malice/pescan
Digest: sha256:6100ca84bcb4cdb0a0cfae6f8fd369ef58abb930a4951f54ba57ec0304f83ce9
Status: Image is up to date for malice/pescan:latest
[Updating Plugin] ===>  floss
latest: Pulling from malice/floss
Digest: sha256:f40eee8f69e039eb279d428e5b56404b8f953c28918125db2ce1204f5477c6f9
Status: Image is up to date for malice/floss:latest
[Updating Plugin] ===>  pdf
latest: Pulling from malice/pdf
Digest: sha256:41d968c5ae3ceb3c3ef303eaa76fda59c34e86f70b6784d269c353e95392f1d9
Status: Image is up to date for malice/pdf:latest
[Updating Plugin] ===>  kaspersky
Pulling repository docker.io/blacktop/test
malice@malice:~malice@malice:~$ malice scan malice_0.3.28_linux_amd64.deb
All enabled plugins not installed would you like to install them now? (yes/no)
[Warning] This can take a while if it is the first time you have ran Malice.

[blacktop]

whoa? why is it trying to pull Pulling repository docker.io/blacktop/test can you tell me what you have in ~/.malice/plugin/plugin.toml for kaspersky?

[rufftruffles]

Updated to latest Version: 0.3.28
Updated all plugins:

root@malice:~# malice plugin update --all

latest: Pulling from library/busybox
57c14dd66db0: Pull complete
Digest: sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0
Status: Downloaded newer image for busybox:latest
....etc

Same issue while scanning:

root@malice:~# malice scan eicar-standard-antivirus-test-file-adobe-acrobat-attachment.pdf
ERRO[0000] database is NOT running, starting now...
INFO[0000] elasticsearch container started               assigned_ip=172.17.0.2 docker_ip=localhost name=/malice-elastic port="[9200]" runtime_env=development
All enabled plugins not installed would you like to install them now? (yes/no)
[Warning] This can take a while if it is the first time you have ran Malice.
yes
latest: Pulling from library/busybox
Digest: sha256:7964ad52e396a6e045c39b5a44438424ac52e12e4d5a25d94895f2058cb863a0
Status: Image is up to date for busybox:latest
6.5: Pulling from malice/elasticsearch
Digest: sha256:0fdbffc5b93cb612bf4d64c93b8627a6438d293a3b0394e0f4054545f99500b8
Status: Image is up to date for malice/elasticsearch:6.5
[Updating Plugin] ===>  nsrl
sha1: Pulling from malice/nsrl

p.s installing malice plugins still doesn't pull kaspersky.

[rufftruffles]

root@malice:~# malice scan eicar-standard-antivirus-test-file-adobe-acrobat-attachment.pdf
All enabled plugins not installed would you like to install them now? (yes/no)
[Warning] This can take a while if it is the first time you have ran Malice.
no
#### File
| Field  | Value                                                            |
| ------ | ---------------------------------------------------------------- |
| Name   | eicar-standard-antivirus-test-file-adobe-acrobat-attachment.pdf  |
| Path   | eicar-standard-antivirus-test-file-adobe-acrobat-attachment.pdf  |
| Size   | 6.455kB                                                          |
| MD5    | 13486b57cc3ad49227174f86fd4df606                                 |
| SHA1   | 6e42b5372e017f45e6afbeee02bd55dd856c3f21                         |
| SHA256 | 851d1e02b134b222d0e4012c2bbb61828f1219c66ec5ed9ca291c406cb83461f |
FATA[0002] scan cmd failed to store file info: failed to index file info: elastic: Error 400 (Bad Request): failed to parse [type=mapper_parsing_exception]

[blacktop]

Did you rm -rf ~/.malice ?

[blacktop]

Also maybe the deb package is somehow messed up? What if you just try with the binary:
https://github.com/maliceio/malice/releases/download/v0.3.28/malice_0.3.28_linux_amd64.tar.gz