Miscellaneous errors

[Fryyyyy]

We're experiencing (rare) errors on our Cuckoo instances:

[lib.cuckoo.core.scheduler] ERROR: : unable to upload malware to analysis machine: <Fault 1: "<type 'exceptions.MemoryError'>:">

and

[lib.cuckoo.core.scheduler] ERROR: : unable to upload malware to analysis machine: <Fault 1: "<class 'xml.parsers.expat.ExpatError'>:out of memory: line 1, column 0">

Are they related?

[simonk9]

i actually had those recently as well

the first one was for 300mb sample the second one was for 1gb sample

i edited the max sample limit so i could send those.

not sure why the first one failed, but the second one most likely happened because my VM machine had 1gb ram so it reasonable it will go out of memory

[jbremer]

Yeah, these errors indirectly belong to us using xmlrpc for communicating to the VM and basically xmlrpc sucks. Not only does it cache everything you want to send in-memory (so in your case 300mb up to 1gb) it does so in a base64-encoded fashion..

We have recently added support for a new, more generic and improved Cuckoo Agent. Although I've not tested yet whether it supports large files this should definitely be something that can be tested and worked with. (Just have to check whether both the client and the server, i.e., the host and the guest in our case don't cache the whole thing in-memory).

So a first start would be to use the latest 2.0-dev version of Cuckoo (i.e., latest master branch from Github) and then to install the following Agent into your VM instead of the one that you have right now - https://github.com/jbremer/agent (yes, should be moved to the official Cuckoo repository once it gets some more documentation etc).

Please let me know your findings!

Edit: At the time of commenting I didn't notice this was posted on the cuckoo-modified fork, so excuse me for promoting upstream Cuckoo features.