CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity
PyCIRCLean/bin
History
Raphaël Vinot 079e8d30a3 Add support for ObjectStream in PDF 
ObjectStream isn't necessarely malicious, but can be. This patch could
be improved by unpacking the content of the stream, but it requires 3rd
party libraries we don't have for now.

Final fix for PCL-01-002
 		2017-06-19 11:24:47 +02:00
..
README.md Move non-filecheck.py binaries into examples directory 2017-01-19 15:25:08 -05:00
__init__.py Do not use subprocess. 2015-10-27 10:24:45 +01:00
filecheck.py Add support for ObjectStream in PDF 2017-06-19 11:24:47 +02:00

README.md

filecheck.py

This is the script used by the CIRCLean USB key sanitizer. It is designed to handle a range of file types, and will mark them as dangerous if they meet certain criteria.

Before installing the filecheck.py depenencies, make sure to install the PyCIRCLean dependencies:

    pip install .

Dependencies by type of document:

  • Microsoft office: oletools, olefile
  • OOXML: officedissector
  • PDF: pdfid
  • Archives: p7zip-full, p7zip-rar
  • Metadata: exifread
  • Images: pillow

Note: pdfid is a not installable with pip. It must be downloaded and installed manually in the directory where filecheck will be run.

    sudo apt-get install p7zip-full p7zip-rar libxml2-dev libxslt1-dev
    pip install lxml oletools olefile pillow exifread
    pip install git+https://github.com/Rafiot/officedissector.git
    # installing pdfid manually
    wget https://didierstevens.com/files/software/pdfid_v0_2_1.zip
    unzip pdfid_v0_2_1.zip