Chris Lenk

- Add a .dockerignore - Use "LABEL maintainer" instead of "MAINTAINER" - Only install pip if it doesn't already exist

Something like `-y` for `apt-get install`.

As you can see [here](https://github.com/mitre/multiscanner/blob/2e039cb0c58de565fc7e2e653a70aac3c9d9cef8/utils/api.py#L245-L252), the REST API updates the task database before even attempting to store the report in ES. So if any exceptions get raised from the elasticsearch...

An error can occur in a storage handler, but since the handler [runs in a separate thread](https://github.com/mitre/multiscanner/blob/a06e184824525940e8eb3862d2e24855ce2f5baa/storage/storage.py#L223) the celery worker doesn't receive any exceptions raised by the storage handler, and...

Ability to update an existing report in elasticsearch_storage

2

(More than just adding/removing tags) Example Use Case: > Say I had a very long running module and wanted it to add to an existing report when it finished.

Consider adding ability to scan all samples with new modules

2

Should we have an option to rescan all samples? So if you added a new module, you can get updated reports on all the samples you previously analyzed.

This could be some sort of amalgam from different modules, with values such as: - suspicious - malicious - unknown - suspected benign Would involve some normalization and potentially arbitrary...

For example, in Cuckoo output, beside a dropped file, show the number of other samples that drop the same file (by hash). A second example: in ssdeep, under matches, link...

In addition, if X samples match a search, be able to select some/all and download the raw samples or the reports.