8.2.3. Procedure for analysing a file in the `New analysis` screen

8.2.3.1. Introduction

The `New analysis` screen enables an operator to:

  • submit one or more files via the GCenter web interface for analysis

  • view the analysis report
    The engine used corresponds to the one defined in the `Template` field.
    For a compressed file protected by a password, the `Archive password` field enables entering the password in order to analyse the content.
    The `Forcing` selector enables ignoring any existing results for this file with this template.

    Note

    Please note that the maximum file size must not exceed 50MB by default.
    There is no limit to the number of file scans.

The graphical interface is described in the `New analysis` screen of the Web UI.

8.2.3.1.1. Supported file types

  • .jpg

  • .bmp

  • .mp3

  • .avi

  • .java

  • .js

  • .sql

  • .html

  • .css

  • .class

  • .c

  • .bat

  • .pdf

  • .txt

  • .csv

  • .rules

  • .xls

  • .png

  • .key

  • .pem

  • .wav

  • .azw3

  • .mp4

  • .exe

  • .pcap

  • .xlsx

  • .docx

  • .pptx

  • .odt (managed as an archive)

  • .tar

8.2.3.1.2. Unsupported file types

  • Bourne-Again

  • POSIX shell script

  • ELF

  • Python

8.2.3.1.3. Compressed files

The characteristics of the compressed files to be analysed are described in Archive management.
Concerning the compressed files analysed by Malcore:

  • The number of files contained in an archive is limited and can be modified. 50 is the default value.

  • The number of times the file is compressed is limited (max recursion level) and is modifiable. 5 is the default value.

  • If the files are protected by a password, this must be declared in the global settings.

settings are only accessible to members of the administrator group.

8.2.3.2. Prerequisites

  • User: member of Operators Group

8.2.3.3. Preliminary operations

8.2.3.4. Procedure

../../_images/GBOX-OP06.PNG

  • If necessary, select the engine to be used (1) in the `Template` field.

  • For compressed files protected by a password, enter the password (2) in the `Archive password` field.

  • If necessary, use the `Forcing` selector (3) to cause the file to be reanalysed if it has already been scanned with the same template selected.

  • Depending on the situation:

    • drop the desired file in zone (4) `DRAG and DROP`
      Or

    • click on the `UPLOAD` button (5) then select the file to load from the user's computer and finally confirm the selection.

      Note

      Selecting a file and choosing a template is compulsory. However, using the `Forcing` selector (3) is optional.
      The size of the file to be analysed must not exceed 50MB.
    The analysis is automatically initiated and the result is automatically displayed.
    If the file has been analysed, the report will look like this:
    ../../_images/GBOX-OP08.PNG

    The displayed report shows:

    • The name of the analysed file (1)

    • The result of the analysis (tick = ok) and the name of the engine used (here the grip engine)

  • Click on the report (2):

    • opens the detailed version

    • removes the report from the window

    • saves the report in the report window

  • Analysing reports.
    For this, please refer to the Procedure to analyse the contents of a report

8.2.3.5. Error messages

In the event of an error, a report is displayed: for example, the following case...

../../_images/GBOX-OP07.PNG

The displayed report shows:

  • The name of the analysed file (1)

  • The occurrence of an error (3)

  • The type of error (2): here the maximum number of files included in a compressed file has been reached (10 max)

Note

If the file is too large, the message is: `File is larger than 50.00MB`.