Skip to content

Latest commit

 

History

History
313 lines (231 loc) · 13.7 KB

log.md

File metadata and controls

313 lines (231 loc) · 13.7 KB

Unreleased

Version 0.0.17

30 December 2024

28 December 2024

  • Improved tracing support for parsers.
  • Removed some .unwrap()s from the PDF parser.

22 December 2024

  • Updated vt-client, which fixed a file submission bug.

30 November 2024

  • Fixed creation of Debian package for the server.

Version 0.0.16

30 November 2024

27 November 2024

  • Add default config to Debian package for the server.
  • Changed server config path from /etc/mdb_server/mdb_config.toml to /etc/mdb/mdb_config.toml (/usr/local prefix for FreeBSD).

Version 0.0.15

31 October 2024

27 October 2024

  • Enable TLS connection to Postgres using Rustls.

19 October 2024

  • Optional server TLS support using Rustls. Server certificate file may be just the cert, or cert + CA cert in one file.

07 October 2024

  • Optional TLS support in the client. Client configuration may specify a custom CA certificate path.

Version 0.0.14

30 September 2024

15 September 2024

  • Http compression support. Client requests Gzip, server supports Brotli, Gzip, Zstd.

Version 0.0.13

31 August 2024

28 August 2024

  • Vt-client updated to support Gzip compression with Virus Total.

10 August 2024

  • Better VT key checks.

Version 0.0.12

28 July 2024

21 July 2024

  • Much more inline documentation, should make docs.rs for MalwareDB more informative.

07 July 2024

  • Removed all references to SDHash. It likely won't come back unless progress is made on the Rust crate which implements SDHash.

Version 0.0.11

27 June 2024

23 June 2024

  • Client binary may generate autocompletion scripts.

19 June 2024

  • Client may view, create, unpack CaRT files.

09 June 2024

  • Better bounds checking when parsing PE32.
  • Store section, architecture for executable files in the database.
  • Sources can be labeled malicious. No impact yet but might automatically mark samples from that source as malicious.

05 June 2024

  • Better bounds checking when parsing ELFs.

04 June 2024

  • Client may submit samples and refer to source by name or ID.
  • Client binary shows uploaded information if user presses Ctrl-C.

02 June 2024

  • On server first run, some admin commands are suggested if compiled with admin feature.
  • Server can create empty config file.
  • Admin command may toggle ability to send unknown files to VirusTotal.

01 June 2024

  • Admin command can try to find config file.
  • Admin command may toggle compression anytime (was first-run only).

Version 0.0.10

30 May 2024

27 May 2024

  • Fix broken MDB client login.
  • Implement getting list of sources for a user, this was in malwaredb-api but not implemented in the server or client.

12 May 2024

  • Extract timestamps from MS Office "docfile" documents.

Version 0.0.9

29 April 2024

22 April 2024

  • VirusTotal reports generated by malwaredb-virustotal may be used to load AV reports into MalwareDB.

07-8 April 2024

  • Client crate is now also a library so it may be tested in unit tests, and may be integrated with other applications.

06 April 2024

  • Breaking change: HTTP API uses a Header instead of a Post struct for providing the API token to the server.

Version 0.0.8

21 March 2024

17 March 2024

  • Add total AVs available when storing VirusTotal results.
  • Postgres uses a transaction when inserting records to help preserve data integrity.

Version 0.0.7

28 February 2024

11 February 2024

  • Support for encrypting the samples on the server side, with options being XOR, RC4, or AES-128.
  • Files are encrypted with the latest key type, but files encrypted with an older key are still retrievable.

06 February 2024

  • Admin GUI can update label information, and display a label's parent.

03 February 2024

  • Server can decode CaRT submissions only if the default CR4 key is used.
    • While working with unit tests, it was observed that before encoding, an ELF was 5k, which became 2.8k after encoding, thanks to CaRT's use of zlib.
  • The server binary can be used to encode, decode, and display information about a CaRT file. See mdb_server cart --help for details.

Version 0.0.6

29 January 2024

22 January 2024

  • Added a URL endpoint to download a sample as a CaRT file, which allows for safe handling of malware by ensuring the sample can't be accidentally run or trigger an anti-virus application. This uses the default RC4 key, which is Pi twice.

Version 0.0.5

Version 0.0.4 skipped due to botched release. 30 December 2023

30 December 2023

  • Upload sample to VT if permitted.

10 December 2023

  • New VirusTotal client, which parses out scan/report details into a big struct for ease of use. Later (12/20) moved to its own repository, malwaredb/vt-client.

05 December 2023

  • Decompression of gzipped files when adding to MalwareDB with the client or admin.

03 December 2023

  • Server optionally may store the samples compressed with gzip.

26 November 2023

  • Display of label information in admin GUI.

12 November 2023

  • Admin GUI may edit group information.

Version 0.0.3

28 October 2023

26 October 2023

  • MalwareDB can generate the configuration file to run as a service on Linux (systemd), macOS, and FreeBSD.

22 October 2023

  • Sources viewable in admin GUI.

17 October 2023

  • Preliminary identification of MS Office files (Office95/Docfile).

13 October 2023

  • Start of label support. Admin CLI and client can see labels, admin CLI can create labels, but they aren't applied yet to samples or sources.

09 October 2023

  • Add support for RTF files, more to be done on identifying useful information.
  • CI checks for unused dependencies.

02 October 2023

  • Show group information in the admin GUI.

01 October 2023

  • Use libmagic to get a description of the file type. This is often useful, but MalwareDB doesn't use it for decisions.

Version 0.0.2

27 September 2023

17 September 2023

  • Added macOS and Windows to the build CI, test fails for Windows because the test deletes the SQLite DB file, but Windows won't allow that claiming the file is still in use.
  • Removed the ssdeep crate in favour of the fuzzyhash crate, since ssdeep wasn't building on Windows and fuzzyhash has no dependencies.
  • Published latest changes to malwaredb-lzjd which uses newer dependencies, making the Cargo.lock smaller.
  • Updated readme docs which will appear in on Crates.io for the sub-crates when next published.

10 September 2023

  • Replaced fltk-rs with slint. The UI is easier to work with.
  • Additional admin SQL functions and data in the admin:User struct to be shown in the GUI.
  • Update CI so the GUI components are included when ensuring the project builds and is tested with Clippy.

09 September 2023

  • Trying to use Postgres in CI, but running into an issue where psql can't connect, but the output from Docker shows Postgres listening on 0.0.0.0:5432. Further work needed.
  • Created the data repository, which will hold some SQL files for some data, starting with VirusShare zip file sources.

07 September 2023

  • Initial work to report back to the client if a submitted file was actually processed or not.

04 September 2023

  • Additional admin data: show number of files associated with Groups and Sources, number of Groups associated with a Source.

26 August 2023

  • Submit files into MalwareDB from a zip file from the server admin CLI and the client application.

Version 0.0.1

21 August 2023

21 August 2023

  • MalwareDB is now on crates.io!
    • Install the client: cargo install malwaredb-client
    • Install the server: cargo install malwaredb --features=admin,sqlite,admin-gui (remove any undesired features from the command).

19 August 2023

  • Started work on admin GUI, installed with the admin-gui feature on the server.
  • Uses fltk-rs & fltk since it's cross-platform and has the desired GUI widgets.
  • Just shows some data, no CRUD (create, rename, update, delete) yet.

17 August 2023

  • Read from Zip files, including password-protected Zips.

16 July 2023

12 July 2023

  • Client can walk one or more directories, including symbolic links.
  • Added an option for maximum file size.

25 June 2023

  • Similarity search using some similarity metrics implemented.
  • DB info reports if the extensions are installed (currently required for Postgres).

16 June 2023

  • Server now saves samples, if configured to do so.
  • Files may now also be retrieved.

01 June 2023

  • Rust 1.70 adds OnceLock, which allowed for the removal of the unsafe static variable for the global config! -- Removed, no longer needed. No more global variables.
  • Still need some unsafe code to efficiently parse PE32 files in the types crate, unless I switch to the goblin crate.

30 May 2023

  • Files can be inserted into the database! Still working out how to handle the trait for executable file types, and how to have that data inserted cleanly.
  • Added a trait for .entropy() for a vector of bytes.
  • Some better PDF parsing to see if there's Javascript, forms; get author, title, and number of pages.

16 May 2023

  • Started work on figuring out how to handle file type detection where the parsers and types in the types sub-crate may not be the supported files in the filetype database table.
  • This so far is well decoupled, so the types sub-crate doesn't know about databases, HTTP, etc.
  • The new types::KnownType enum will expose the format-specific data to the server crate so the extracted data can be saved to the database.
  • Still need to figure out the similarity hashing situation, so that LZJD, SSDeep, SDHash, TLSH, and possibly others can easily be used by Rust.

14 May 2023

  • Server finds it's config file in this order for all OSes:
    • ~/.mdb_server/mdb_config.toml for instances where the config is desired to be in the service account's home directory
    • /etc/mdb_server/mdb_config.toml intended for Linux
    • /usr/local/etc/mdb_server/mdb_config.toml intended for FreeBSD
    • Run ./mdb_server run load <PATH_TO_FILE> to provide the config file path
    • Run ./mdb_server run config [-p <PORT>] [--ip <IP_ADDR>] [--dir <PATH_TO_FILES_DIR>] -db <DB_CONFIG_STRING>
      • Default IP is 127.0.0.1
      • No storage directory means MalwareDB won't save the samples it receives
      • The database config string format: "postgres user=usernamehere password=passwordhere dbname=thedatabasename host=localhost
    • The config files are in a custom directory since we'll probably need to store SSL cert and key as well, possibly other information.
  • Admin features so far (when compiled with cargo build --features=admin):
    • Create & list users
    • Create & list groups
    • Create & list sources
    • List supported data types
    • Missing: adding, removing user accounts to groups; adding, removing access to sources to various groups.
  • Client features so far:
    • Login (get API key, save API key and server URL in a config file at ~/.mdb_client.toml)
    • Show information about self: user ID, user name, group memberships, usable sources
    • Show some server information (total number of files, memory/disk used, component versions, uptime)
    • Show supported data types
  • Some initial work is in place to handle files once received, but that's not implemented yet.

23 April 2023

  • Users can login, get the API key to the local MDB client config.
  • Trait HashPath for easy creation of a relative path based on a SHA-256 hash.
  • Moved LZJD, Murmur hashes from rjzak account to MalwareDB org.

16 April 2023

  • Get, display server stats.
  • Finding global config for MDB server.
  • Database pool for Postgres connection.
  • Figured out how to return JSON with Axum.
  • Figured out how to handle DB connections with Axum, but had to get rid of DatabaseConnection trait due to complexities of having a trait with async functions, and that the async-trait crate adds weirdness to data returned by the async functions.

11 April 2023

  • Looking at using the clap_complete crate to generate shell autocompletion scripts. Didn't work when tested, but will investigate.

09 April 2023

  • Postgres and SQLite are able to create users, login (get API key), reset all API keys, change passwords.
  • mdb_server may have admin capabilities if compiled with --features=admin. SQLite support is also gated behind a feature flag, --features=sqlite.
  • Unit tests are focused on SQLite for ease, but also exist for Postgres. Run with cargo test -- --ignored. Requires a database with username, password, and db name: "malwaredbtesting" on localhost.
  • All crates have pub const MDB_VERSION: &str = env!("CARGO_PKG_VERSION"); at the root level for future API use, to help ensure the client, server, and any future use can make sure the versions are the same before trying to make or interpret requests.

18 March 2023

  • Refactored the code to prepare for client/server development. The api sub-crate will hold the common data structures used for communication.
  • There will be only one types crate for all supported data formats, instead of the original plan of sub-crate per class of formats.

16 March 2023

  • Trying to parse ELF imports is proving to be rather difficult!
  • Goblin seems to be a well-supported and feature-rich crate, but I haven't figured out how to match the imported function to the library, so I asked.

19 Feb 2023

  • Initial commit.