Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/RamadhanAmizudin/python-icap-yara

An ICAP Server with yara scanner for URL and content.
https://github.com/RamadhanAmizudin/python-icap-yara

icap icap-server malware-analysis python squid-proxy yara

Last synced: 6 months ago
JSON representation

An ICAP Server with yara scanner for URL and content.

Awesome Lists containing this project

README 

          
Yara Python ICAP Server 

=====================

An ICAP Server with yara scanner for URL and content.



## Requirement

* Squid Proxy 3.5

* Python 3



## Squid Configuration

```

icap_enable on

icap_preview_enable off

icap_send_client_ip on

icap_send_client_username on

icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/yara

adaptation_access service_resp allow all

```



## Running

```

$ git clone https://github.com/RamadhanAmizudin/python-icap-yara

$ pip install -r requirements.txt

$ python server.py

```



## Config File

```

[config]

content_rules = 

url_rules = 

content_dir = 

```



## Log Content

```

{

    "content": "",

    "request_header": {

        "accept": [

            "*/*"

        ],

        "host": [

            "blog.honeynet.org.my"

        ],

        "user-agent": [

            "curl/7.47.0"

        ]

    },

    "response_header": {

        "content-type": [

            "text/html; charset=UTF-8"

        ],

        "date": [

            "Mon, 06 Feb 2017 15:55:31 GMT"

        ],

        "link": [

            "; rel=\"https://api.w.org/\"",

            "; rel=shortlink"

        ],

        "server": [

            "Apache/2.2.22 (Ubuntu)"

        ],

        "vary": [

            "Accept-Encoding"

        ]

    },

    "rules": [

        "list of rules triggered"

    ]

}

```



Questions & Comments

=====================

If you encounter a bug, please feel free to post it on GitHub. For questions or comments.