From 672cc0dc7c5a2eda630ecd181c54f6aff05fcb3e Mon Sep 17 00:00:00 2001
From: Michel Oosterhof <michel@oosterhof.net>
Date: Tue, 5 Jan 2016 04:15:14 +0000
Subject: [PATCH] improve VT support

---
 cowrie/output/virustotal.py | 65 ++++++++++++++++++-------------------
 1 file changed, 32 insertions(+), 33 deletions(-)

diff --git a/cowrie/output/virustotal.py b/cowrie/output/virustotal.py
index 24d2e08..085dcc2 100644
--- a/cowrie/output/virustotal.py
+++ b/cowrie/output/virustotal.py
@@ -93,29 +93,29 @@ class Output(cowrie.core.output.Output):
                 self.postcomment(entry["url"])
 
 
-    def postfile(self, artifact, fileName):
-        """
-        Send a file to VirusTotal
-        """
-        vtUrl = "https://www.virustotal.com/vtapi/v2/file/scan"
-        fields = [("apikey", self.apiKey)]
-        files = {'file': (fileName, open(artifact, 'rb'))}
-
-        agent = agent.request('POST', vtUrl, None, None)
-
-        def cbResponse(ignored):
-            print 'Response received'
-            d.addCallback(cbResponse)
-
-        r = requests.post(vtUrl, files=files, data=fields)
-        # if r.status_code != 200 # error
-        j = r.json()
-        log.msg( "Sent file to VT: %s" % (j,) )
-        return j["response_code"]
-
-        #contentType = "multipart/form-data; boundary={}".format(boundary)
-        #headers.setRawHeaders("Content-Type", [contentType])
-        #headers.setRawHeaders("Content-Length", [len(body)])
+#    def postfile(self, artifact, fileName):
+#        """
+#        Send a file to VirusTotal
+#        """
+#        vtUrl = "https://www.virustotal.com/vtapi/v2/file/scan"
+#        fields = [("apikey", self.apiKey)]
+#        files = {'file': (fileName, open(artifact, 'rb'))}
+#
+#        agent = agent.request('POST', vtUrl, None, None)
+#
+#        def cbResponse(ignored):
+#            print 'Response received'
+#            d.addCallback(cbResponse)
+#
+#        r = requests.post(vtUrl, files=files, data=fields)
+#        # if r.status_code != 200 # error
+#        j = r.json()
+#        log.msg( "Sent file to VT: %s" % (j,) )
+#        return j["response_code"]
+#
+#        #contentType = "multipart/form-data; boundary={}".format(boundary)
+#        #headers.setRawHeaders("Content-Type", [contentType])
+#        #headers.setRawHeaders("Content-Length", [len(body)])
 
 
     def posturl(self, scanUrl):
@@ -137,16 +137,6 @@ class Output(cowrie.core.output.Output):
         agent = client.Agent(reactor, contextFactory)
         d = agent.request('POST', vtUrl, headers, body)
 
-
-        def cbResponse(response):
-            # print 'Response code:', response.code
-            # FIXME: Check for 200
-            d = readBody(response)
-            d.addCallback(cbBody)
-            d.addErrback(cbPartial)
-            return d
-
-
         def cbBody(body):
             return logResult(body)
 
@@ -158,6 +148,15 @@ class Output(cowrie.core.output.Output):
             return logResult(failure.value.response)
 
 
+        def cbResponse(response):
+            # print 'Response code:', response.code
+            # FIXME: Check for 200
+            d = readBody(response)
+            d.addCallback(cbBody)
+            d.addErrback(cbPartial)
+            return d
+
+
         def cbError(failure):
             failure.printTraceback()