skip download dumps and other files from analysis dir as dropfiles

VirusTotal · Aug 8, 2024 · 2c508d0 · 2c508d0
1 parent 07c0c5f
commit 2c508d0
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/analyzer/linux/modules/auxiliary/filecollector.py b/analyzer/linux/modules/auxiliary/filecollector.py
@@ -5,6 +5,7 @@
 from threading import Thread
 
 from lib.common.abstracts import Auxiliary
+from lib.common.constants import ROOT
 from lib.common.hashing import hash_file
 from lib.common.results import upload_to_host
 
@@ -125,6 +126,10 @@ def _method_name(self, event):
                     # log.info("Not currently set to collect %s", event.pathname)
                     return
 
+                if event.pathname.startswith(ROOT):
+                    # log.info("Skipping random base directory for file %s", event.pathname)
+                    return
+
                 if event.pathname.startswith("/tmp/#"):
                     # log.info("Skipping wierd file %s", event.pathname)
                     return