Add mechanism to synthetically test entire pipeline

[michaelweiser]

We could use a mechanism to make sure that the whole peekaboo/cuckoo pipeline works, ideally without submitting and including in the distribution any actual or test malware.

The vision is to have a custom community signature in cuckoo which accepts a random cookie upon job submit and then looks for exactly this cookie as an existing file of that name or a file of that content in a fixed location. Peekaboo could then submit that trigger file to cuckoo and thus test the whole pipeline from beginning to end.

The signature could be enabled all the time in cuckoo because peekaboo can control if and when it submits a test job with the signature's cookie parameter, e.g. when started in debug or a special system-test-on-startup mode. This would avoid a need for reconfiguration of any system components to test them.

This would replace the current PeekabooYar EICAR-signature-like approach.

Suggested by @jack28.

[Jack28]

Exactly! Having the cuckoo signature check for our EICAR string in the file seems to be what we need.

• We can not distrubute malware in any way
• If one of the AVs in the chain before us catches our test file we loose (.bat, .py, ... not an option)
• We want to test the whole process
• The checksum of the file has to be variable also type ..
• This should be enabled by default (no change required in the system to test the system)