| MASTIFF 0.6.0 Released | 2013-04-19 09:50 |
The latest version of MASTIFF, 0.6.0, has just been released! Run over to the
download site and grab the latest version!
The official changelog is located here, but the major improvements are described below.
Upgrading MASTIFF to the latest version is easy. You can follow this process:
Queue
MASTIFF now has a queueing system so multiple files can be analyzed by the framework. To utilize this, give MASTIFF a directory instead of a file to analyze. It will find all files in that directory and its subdirectories, add them to the queue, and begin processing.
The queue is maintained within the MASTIFF database. So, if you have to stop MASTIFF in the middle of its run, it will begin re-processing the queue when its restarted. Some additional options have been added to allow you to work with the queue:
Fuzzy Hashing
Fuzzy hashing is not something new within MASTIFF. However, we have changed the Python library used for it. Previously, we used pyssdeep but found that there were a number of stability issues with it on OSX and when processing large amounts of files.
Therefore, we have switched to pydeep (https://github.com/kbandla/pydeep). Our testing has shown it to be much more stable thus far.
libmagic
There was some confusion on which Python libmagic libraries to use when installing MASTIFF. To help alleviate some of that, the framework has been modified to use two different libmagic libraries:
Other Changes
A number of other bug fixes and improvements have been made. Please see the changelog file for a complete list.
As always, if you have any questions, please email mastiff-project@korelogic.com.
We have a lot of great things coming down the pipe for MASTIFF, but if you have any suggestions, enhancements or plug-ins, let us know!
The official changelog is located here, but the major improvements are described below.
Upgrading MASTIFF to the latest version is easy. You can follow this process:
- Download and install pydeep.
- Download MASTIFF 0.6.0 and untar it.
- Run "make test" to ensure you are not missing any dependencies.
- Run "sudo make install" to install the latest version.
- Copy the analysis plug-ins (the plugins directory in the tarball) to your location of choice and ensure the config file is pointing to that directory.
- Add any new options to your MASTIFF config file. The easiest way may be to use sdiff.
Queue
MASTIFF now has a queueing system so multiple files can be analyzed by the framework. To utilize this, give MASTIFF a directory instead of a file to analyze. It will find all files in that directory and its subdirectories, add them to the queue, and begin processing.
The queue is maintained within the MASTIFF database. So, if you have to stop MASTIFF in the middle of its run, it will begin re-processing the queue when its restarted. Some additional options have been added to allow you to work with the queue:
- --clear-queue: This will clear the current queue.
- --ignore-queue: This will ignore the queue and just process the file you give it.
Fuzzy Hashing
Fuzzy hashing is not something new within MASTIFF. However, we have changed the Python library used for it. Previously, we used pyssdeep but found that there were a number of stability issues with it on OSX and when processing large amounts of files.
Therefore, we have switched to pydeep (https://github.com/kbandla/pydeep). Our testing has shown it to be much more stable thus far.
libmagic
There was some confusion on which Python libmagic libraries to use when installing MASTIFF. To help alleviate some of that, the framework has been modified to use two different libmagic libraries:
- libmagic Python extensions (ftp://ftp.astron.com/pub/file/) - This may be installed through the source code or is the library installed as python-magic in most Linux code repositories.
- Python-magic (https://github.com/ahupp/python-magic/) - This may be installed through the source code or via Python pip.
Other Changes
A number of other bug fixes and improvements have been made. Please see the changelog file for a complete list.
As always, if you have any questions, please email mastiff-project@korelogic.com.
We have a lot of great things coming down the pipe for MASTIFF, but if you have any suggestions, enhancements or plug-ins, let us know!
| 0 comments | Posted by Tyler at: 09:50 permalink |
Comments are closed for this story.