Malware Scanner Configuration
Last updated
Last updated
The is configured in the YAML file conf/xygeni.malware.yml :
# Configuration for xygeni Malware evidences scanner.
# Arguments from command line have priority over properties in this file.
# Includes: list of glob patterns to include in analysis.
#
# A pattern could use ** (to match zero or more directories), * (zero or more characters
# in a directory or file name), and ? (one character).
# Examples: **/*.txt matches all files with 'txt' extension. **/test/** matches all files under any test directory.
#
# If empty, ALL files will be matched.
# The command-line argument -i or --include will be used when specified.
#
# A file is analyzed when matched by 'includes' AND NOT matched by 'excludes'.
includes: []
# Excludes: list of glob patterns to exclude from analysis.
# If empty, NO file will be excluded.
# The command-line argument -e or --exclude will be used when specified.
excludes:
- ".git/**/*"
- ".vscode/**/*"
- "build/**/*"
- "dev/**/*"
- "**/__pycache__/**/*"
- "**/.eggs/**/*"
- "**/bower_components/**/*"
- "**/integration/**/*"
- "**/locales/**/*"
- "**/spec/**/*"
- "**/specs/**/*"
- "**/test/**/*"
- "**/tests/**/*"
- "**/mock/**/*"
- "**/mocks/**/*"
- "**/node_modules/**/*"
- "**/.xygeni.*.json"
# mode=sequential runs analyzers sequentially;
# mode=parallel runs analyzers in multiple threads, when analyzer is capable of parallel runs.
mode: sequential
# Config for reporters
report:
- format: json
prettyPrint: true
- format: sarif
prettyPrint: true
- format: csv
# Allowed values: kind, hash, severity, confidence, detector, file, beginLine, endLine, code, tags
columns: [ "severity", "kind", "hash", "resource", "detector", "file", "beginLine", "endLine", "confidence", "tags" ]
# Order specification. 'default' lists highest severe first, then by type, file and line.
# One of 'default', 'type', 'exposure' or 'severity-confidence'. Blank for no sort
sort: default
- format: text
# Allowed values: kind, hash, type, severity, confidence, detector, file, beginLine, endLine, code, tags
columns: [ "severity", "kind", "detector", "file", "beginLine", "tags" ]
# Order specification. 'default' lists highest severe first, then by type, file and line.
# One of 'default', 'type', 'exposure' or 'severity-confidence'. Blank for no sort
sort: default
# The style for table borders.
# One of 'full', 'none', 'outside', 'inside', 'horizontal', 'vertical', 'topbottom'.
# Use 'default' for border that works well for the underlying OS.
borders: full
# The block characters to use: 'ascii' (use '+', '|', '-' and '=')
# or 'utf8' for UTF-8 block characters.
# Use 'default' for the encoding that works best for the underlying OS.
bordersEncoding: utf8
# The detectors to use for detecting Malware evidences
# are configured in resource files under malware/*.yml
# List of detectors to run: IDs or severity.
# runDetectors: ['high'] will run all detectors with severity 'high' or greater.
# runDetectors: ['hidden_file_extension'] will run these.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --detectors overrides this.
runDetectors: []
# Same format as runDetectors, but for skipping the selected detectors.
# skipDetectors: ['high'] will skip all detectors with severity 'high' or lower.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --skip-detectors overrides this.
skipDetectors: []# Configuration for xygeni Malware evidences scanner.
# Arguments from command line have priority over properties in this file.
# Includes: list of glob patterns to include in analysis.
#
# A pattern could use ** (to match zero or more directories), * (zero or more characters
# in a directory or file name), and ? (one character).
# Examples: **/*.txt matches all files with 'txt' extension. **/test/** matches all files under any test directory.
#
# If empty, ALL files will be matched.
# The command-line argument -i or --include will be used when specified.
#
# A file is analyzed when matched by 'includes' AND NOT matched by 'excludes'.
includes: []
# Excludes: list of glob patterns to exclude from analysis.
# If empty, NO file will be excluded.
# The command-line argument -e or --exclude will be used when specified.
excludes:
- ".git/**/*"
- ".vscode/**/*"
- "build/**/*"
- "dev/**/*"
- "**/__pycache__/**/*"
- "**/.eggs/**/*"
- "**/bower_components/**/*"
- "**/integration/**/*"
- "**/locales/**/*"
- "**/spec/**/*"
- "**/specs/**/*"
- "**/test/**/*"
- "**/tests/**/*"
- "**/mock/**/*"
- "**/mocks/**/*"
- "**/node_modules/**/*"
- "**/.xygeni.*.json"
# mode=sequential runs analyzers sequentially;
# mode=parallel runs analyzers in multiple threads, when analyzer is capable of parallel runs.
mode: sequential
# Config for reporters
report:
- format: json
prettyPrint: true
- format: sarif
prettyPrint: true
- format: csv
# Allowed values: kind, hash, severity, confidence, detector, file, beginLine, endLine, code, tags
columns: [ "severity", "kind", "hash", "resource", "detector", "file", "beginLine", "endLine", "confidence", "tags" ]
# Order specification. 'default' lists highest severe first, then by type, file and line.
# One of 'default', 'type', 'exposure' or 'severity-confidence'. Blank for no sort
sort: default
- format: text
# Allowed values: kind, hash, type, severity, confidence, detector, file, beginLine, endLine, code, tags
columns: [ "severity", "kind", "detector", "file", "beginLine", "tags" ]
# Order specification. 'default' lists highest severe first, then by type, file and line.
# One of 'default', 'type', 'exposure' or 'severity-confidence'. Blank for no sort
sort: default
# The style for table borders.
# One of 'full', 'none', 'outside', 'inside', 'horizontal', 'vertical', 'topbottom'.
# Use 'default' for border that works well for the underlying OS.
borders: full
# The block characters to use: 'ascii' (use '+', '|', '-' and '=')
# or 'utf8' for UTF-8 block characters.
# Use 'default' for the encoding that works best for the underlying OS.
bordersEncoding: utf8
# The detectors to use for detecting Malware evidences
# are configured in resource files under malware/*.yml
# List of detectors to run: IDs or severity.
# runDetectors: ['high'] will run all detectors with severity 'high' or greater.
# runDetectors: ['hidden_file_extension'] will run these.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --detectors overrides this.
runDetectors: []
# Same format as runDetectors, but for skipping the selected detectors.
# skipDetectors: ['high'] will skip all detectors with severity 'high' or lower.
# Leave empty for no restriction (all detectors not disabled will be chosen).
# Command-line property --skip-detectors overrides this.
skipDetectors: []
Specify a directory for custom detectors with the --custom-detectors-dir command-line option to prevent scanner updates from overwriting your configurations.
Detectors are configured with different YAML files located under the conf/malware directory of the .
There is a sample _template.yml_ file that can be used to create your own .
Please refer to the documentation for more information.