avclass2 contributions about avclass HOT 2 CLOSED

So far we have tried to maintain Python2 compatibility (and old Python 3 versions) to avoid affecting users, but that is bound to change at some point. Perhaps the easiest is that you do the change the way you think it should be done and leave us to worry about compatibility later if you submit a PR on the issue.

from avclass.

I ended up forking one of the branches a co-worker of mine was working on as he had added support for a Python package and started to add type hints and code documentation. As part of his work and likely because avclass2 has formatting for stdout backward compatibility -c, he did away with the avclass / avclass2 and simplified the structure. In addition to that, I restructured the labeler into a class and brought the cognitive complexity index under control. Those changes were significant enough that git compare is useless. From a maintainer perspective, I know this is a pain as it will not be super easy to diff the files if you want to merge, but I've been including your recent changes for the most part and happy to do a PR request if you find value in this fork.

It continues to support the command line while also allowing it to be used as a python package and importable class. At the command line, a new argument -json was added so you could also retrieve the Class output. In addition to the structure changes, I also removed arguments -lb, -vt, -lbdir, -vtdir, -vt3, -gz in favor of just specifying a -i (input) and -t (type) with auto-detection for directories and gzip (allows -i to be specified multiple times, even mix files, dirs, gzip). I believe this greatly simplifies things and allows you to add more formats. For example, I added support for OPSWAT Metadefender md reports. The -t or --type (defaults to vt3) currently takes these values as input: lb, vt or vt2, vt3, md. Perhaps in the future it could auto-detect the data type as well and remove -t.

So instead of this:

$ ./avclass2/avclass2_labeler.py -lb examples/malheurReference_lb.json -p

It looks like this after pip3 install (or you could run it via python3 labeler.py)

$ avclass -i ./examples/malheurReference_lb.json -t lb -p

And then we have the package support for the Class. Accepts all the cmd arguments and AvLabels.

import json
from avclass.labeler import AVClassLabeler

av_class = AVClassLabeler()
result = av_class.run(
    files="./examples/malheurReference_lb.json",
    data_type="lb",
    path_export=True,
)
print(json.dumps(result))

{
  "labels": [
    {
      "hash": "aca2d12934935b070df8f50e06a20539",
      "av_count": 33,
      "tags": [
        {
          "tag": "grayware",
          "count": 9,
          "category": "CLASS",
          "path": "CLASS:grayware"
        },
        {
          "tag": "adware",
          "count": 9,
          "category": "CLASS",
          "path": "CLASS:grayware:adware"
        },
        {
          "tag": "windows",
          "count": 8,
          "category": "FILE",
          "path": "FILE:os:windows"
        },
        {
          "tag": "adrotator",
          "count": 8,
          "category": "FAM",
          "path": "FAM:adrotator"
        },
        {
          "tag": "execdownload",
          "count": 3,
          "category": "BEH",
          "path": "BEH:execdownload"
        },
        {
          "tag": "downloader",
          "count": 3,
          "category": "CLASS",
          "path": "CLASS:downloader"
        },
        {
          "tag": "zlob",
          "count": 2,
          "category": "FAM",
          "path": "FAM:zlob"
        }
      ]
    }
  ]
}

from avclass.