-
Notifications
You must be signed in to change notification settings - Fork 1
/
service_manifest.yml
executable file
·72 lines (64 loc) · 1.81 KB
/
service_manifest.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
name: AntiVirus
version: $SERVICE_TAG
description: This service facilitates the dispatching and result-parsing to multiple antivirus products.
accepts: .*
rejects: empty|metadata/iccprofile
stage: CORE
category: Antivirus
file_required: true
timeout: 120
disable_cache: false
enabled: false
is_external: false
licence_count: 0
privileged: true
config:
av_config:
products:
- product: "Product1"
heuristic_analysis_keys:
- "HEUR:"
hosts:
- ip: "localhost"
port: 1344
method: "icap"
update_period: 240 # in minutes
- product: "Product2"
heuristic_analysis_keys:
- "HEUR/"
hosts:
- ip: "localhost"
port: 8000
scan_details:
version_endpoint: "version"
scan_endpoint: "scan"
method: "http"
update_period: 240 # in minutes
# Specific keywords found in a signature name
kw_score_revision_map:
adware: 0
# Signature names are not valid YAML keys according to the Assemblyline
# ODM so we cannot use them in the heuristic signature_score_map. Hence why we're putting this here.
sig_score_revision_map:
blahblahblah: 0
sleep_time: 60 # in seconds
connection_timeout: 10 # in seconds
number_of_retries: 3
mercy_limit: 5
sleep_on_version_error: true
heuristics:
- heur_id: 1
name: File is infected
score: 1000
filetype: '*'
description: Antivirus hit.
- heur_id: 2
name: File is suspicious
score: 500
filetype: '*'
description: Heuristic Analysis hit.
docker_config:
image: ${REGISTRY}cccs/assemblyline-service-antivirus:$SERVICE_TAG
cpu_cores: 0.25
ram_mb: 2048
allow_internet_access: true