ClamAV-CortexAnalyzer times out #2
Description
Running the ClamAV-CortexAnalyzer on Ubuntu 18.04 with Python 3.9 seems to time out.
The file is an .xlsx with a malicious VBA (Dridex). The input .json file (not sure why it is identified as "macbinary") is:
{"file":"attachment1109701707712704081","filename":"1067-117088.bin","dataType":"file","tlp":2,"message":"81932448","contentType":"application/macbinary","parameters":{},"config":{"proxy_https":null,"cacerts":null,"max_pap":2,"jo
bTimeout":30,"check_tlp":true,"proxy_http":null,"max_tlp":2,"auto_extract_artifacts":true,"jobCache":10,"check_pap":true},"pap":2}
When I run it manually, it stops at the following:
# /usr/lib/python3.9/__pycache__/socket.cpython-39.pyc matches /usr/lib/python3.9/socket.py
# code object from '/usr/lib/python3.9/__pycache__/socket.cpython-39.pyc'
import '_socket' # <class '_frozen_importlib.BuiltinImporter'>
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/selectors.cpython-39-x86_64-linux-gnu.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/selectors.abi3.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/selectors.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/selectors.py
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/selectors.pyc
# trying /usr/lib/python3.9/selectors.cpython-39-x86_64-linux-gnu.so
# trying /usr/lib/python3.9/selectors.abi3.so
# trying /usr/lib/python3.9/selectors.so
# trying /usr/lib/python3.9/selectors.py
# /usr/lib/python3.9/__pycache__/selectors.cpython-39.pyc matches /usr/lib/python3.9/selectors.py
# code object from '/usr/lib/python3.9/__pycache__/selectors.cpython-39.pyc'
import 'selectors' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900da74310>
import 'array' # <class '_frozen_importlib.BuiltinImporter'>
import 'socket' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900da60520>
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/struct.cpython-39-x86_64-linux-gnu.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/struct.abi3.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/struct.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/struct.py
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/struct.pyc
# trying /usr/lib/python3.9/struct.cpython-39-x86_64-linux-gnu.so
# trying /usr/lib/python3.9/struct.abi3.so
# trying /usr/lib/python3.9/struct.so
# trying /usr/lib/python3.9/struct.py
# /usr/lib/python3.9/__pycache__/struct.cpython-39.pyc matches /usr/lib/python3.9/struct.py
# code object from '/usr/lib/python3.9/__pycache__/struct.cpython-39.pyc'
import '_struct' # <class '_frozen_importlib.BuiltinImporter'>
import 'struct' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900da60b80>
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/base64.cpython-39-x86_64-linux-gnu.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/base64.abi3.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/base64.so
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/base64.py
# trying /apps/usr/local/src/Cortex-Analyzers/analyzers/ClamAV/base64.pyc
# trying /usr/lib/python3.9/base64.cpython-39-x86_64-linux-gnu.so
# trying /usr/lib/python3.9/base64.abi3.so
# trying /usr/lib/python3.9/base64.so
# trying /usr/lib/python3.9/base64.py
# /usr/lib/python3.9/__pycache__/base64.cpython-39.pyc matches /usr/lib/python3.9/base64.py
# code object from '/usr/lib/python3.9/__pycache__/base64.cpython-39.pyc'
import 'binascii' # <class '_frozen_importlib.BuiltinImporter'>
import 'base64' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900da609d0>
import 'pyclamd.pyclamd' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900da4dc40>
import 'pyclamd' # <_frozen_importlib_external.SourceFileLoader object at 0x7f900e58b280>