pandora icon indicating copy to clipboard operation
pandora copied to clipboard

Published 20 hours ago verified publisher icon pandora-analysis

[worker][extraction] Extract ISO file.

Open FafnerKeyZee opened this issue 2 years ago • 3 comments

As many malware are delivered inside ISO file, it should be nice to have a generic extractor for it.

FafnerKeyZee avatar Mar 14 '22 14:03 FafnerKeyZee

It works for the files that are detected as application/x-iso9660-image, but there are files that are mountable as iso files but their mime type is not properly detected and pycdlib doesn't supports them either.

The quick fix for now is to mark all the .iso files as malicious.

Rafiot avatar Jun 07 '22 11:06 Rafiot

Extracting iso is a nightmare and windows will happily mount anything. This snipet of code will somehow help a bit: https://github.com/clalancette/pycdlib/issues/82

But it doesn't work for every image.

Rafiot avatar Jul 20 '22 17:07 Rafiot

Most ISO are supported, but some are considered invalid by the library even if Windows can open them.

Until it is solved, all the .iso files are considered malicious by default by the blocklist worker.

Rafiot avatar Jul 25 '22 08:07 Rafiot