fix: add detection status of sections to outcome again

dobin · Sep 30, 2023 · c2ec7b2 · c2ec7b2
1 parent f24a809
commit c2ec7b2
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/avred.py b/avred.py
@@ -225,6 +225,8 @@ def handleFile(filename, args, serverName):
             else:
                break
 
+        # sections of file now have the "detected" attribute set. re-add to the outcome with this info
+        outcome.sections = filePlay.getSections()
 
     hashCache.save()
     #if not outcome.isMinimized:

diff --git a/plugins/pe/analyzer_pe.py b/plugins/pe/analyzer_pe.py
@@ -35,11 +35,11 @@ def scanForMatchesInPe(filePe: FilePe, scanner: Scanner, reducer: Reducer) -> Li
     # identify which sections get detected
     scan_sections = filePe.getScanSections()
     detected_sections = []
-    logging.info("Section Detection: Zero section (leave all others intact)")
+    logging.info("Find detected sections")
     detected_sections = findDetectedSections(filePe, scan_sections, scanner)
     logging.info(f"{len(detected_sections)} section(s) trigger the antivirus independantly")
     for section in detected_sections:
-        logging.info(f"  section: {section.name}")
+        logging.info(f"  section: {section.name} {section.detected}")
 
     moreMatches: List[Match] = []
     if len(detected_sections) == 0: