CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity

fix: Encrypted is an indicator

pull/26/head
Raphaël Vinot 2019-08-29 11:16:05 +02:00
parent 4234c183c8
commit 546a19caab
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
filecheck/filecheck.py
View File

@ -404,9 +404,6 @@ class File(FileBase):
self.make_dangerous('WinOffice file containing a macro') self.make_dangerous('WinOffice file containing a macro')
else: else:
indicators = oid.check() indicators = oid.check()
# Encrypted can be set by multiple checks on the script
if oid.encrypted.value:
self.make_dangerous('Encrypted WinOffice file')
if oid.macros.value or oid.ole.exists('macros/vba') or oid.ole.exists('Macros') \ if oid.macros.value or oid.ole.exists('macros/vba') or oid.ole.exists('Macros') \
or oid.ole.exists('_VBA_PROJECT_CUR') or oid.ole.exists('VBA'): or oid.ole.exists('_VBA_PROJECT_CUR') or oid.ole.exists('VBA'):
self.make_dangerous('WinOffice file containing a macro') self.make_dangerous('WinOffice file containing a macro')
@ -415,6 +412,9 @@ class File(FileBase):
self.make_dangerous('WinOffice file containing an object pool') self.make_dangerous('WinOffice file containing an object pool')
elif i.id == 'flash' and i.value: elif i.id == 'flash' and i.value:
self.make_dangerous('WinOffice file with embedded flash') self.make_dangerous('WinOffice file with embedded flash')
elif i.id == 'encrypted' and i.value:
self.make_dangerous('Encrypted WinOffice file')
self.add_description('WinOffice file') self.add_description('WinOffice file')
def _ooxml(self): def _ooxml(self):