diff --git a/docs/unsorted/shadowserver.md b/docs/unsorted/shadowserver.md deleted file mode 100644 index 1c7c2918e..000000000 --- a/docs/unsorted/shadowserver.md +++ /dev/null @@ -1,24 +0,0 @@ - - - -# Shadowserver Parser - -**Structure of this Parser Bot** - -The parser consists of two files: - -: - `_config.py` - -- `parser.py` or `parser_json.py` - -Both files are required for the parser to work properly. - -**Add new Feedformats** - -Add a new feed format and conversions if required to the file -`_config.py`. Don't forget to update the `mapping` dict. It is required to look up the correct configuration. - -Look at the documentation in the bot's `_config.py` file for more information. diff --git a/intelmq/bots/parsers/shadowserver/_config.py b/intelmq/bots/parsers/shadowserver/_config.py index c84bc7e85..cf2581379 100644 --- a/intelmq/bots/parsers/shadowserver/_config.py +++ b/intelmq/bots/parsers/shadowserver/_config.py @@ -263,19 +263,19 @@ def force_base64(value: Optional[str]) -> Optional[str]: def scan_exchange_taxonomy(field): - if field == 'exchange;webshell': + if 'webshell' in field: return 'intrusions' return 'vulnerable' def scan_exchange_type(field): - if field == 'exchange;webshell': + if 'webshell' in field: return 'system-compromise' - return 'infected-system' + return 'vulnerable-system' def scan_exchange_identifier(field): - if field == 'exchange;webshell': + if 'webshell' in field: return 'exchange-server-webshell' return 'vulnerable-exchange-server' @@ -321,7 +321,7 @@ def reload(): return else: if not __config.test_mode: - raise ValueError("The schema file does not exist.") + raise ValueError("The schema file does not exist: %r.", __config.schema_file) if __config.schema_mtime == 0.0 and mtime == 0.0 and __config.auto_update: update_schema()