Releases: CERT-Polska/karton-classifier
Releases · CERT-Polska/karton-classifier
v2.0.0
Breaking changes:
script:linux:sh
is now classified asscript:sh
(platform field is gone) (#54)
New features and improvements:
- Added platform detection for ELF files (#55)
- Added support for other types of malicious scripts (#54)
- Added
{"kind": "json"}
classification for JSON files (misc:json
) (#49) - XML documents are classified as ASCII-encoded (
misc:ascii
) (#51) - Support for CSV files (
misc:csv
) (#58) - Support for multiple extra archive formats (#57)
- Support for MBR, XCOFF and COM files (#59)
- Support for graphics images and VHD disk images (#60)
Bugfixes:
- Fixed pcap files recognition (#67)
Thanks @jasperla, @r1d3th3wav3s and @chkp-ramanl for contributions! 🎉
v1.4.0
v1.3.0
v1.2.0
New features:
- Added support for PCAP files (#25, thanks @rakovskij-stanislav)
- Added support for MacOS binaries (#32, thanks @chkp-alexeybu)
- Improved EML support (#36)
- Other improvements (#37):
- Reordered Powershell and Javascript heuristics with favor of Powershell
- Improved Composite Document type recognition when file name lacks of extension
- MIME type fix-up for archive:xz, which is correctly generated by libmagic>=5.40
Other changes:
- Minimum supported Python version: 3.7
- Supported libmagic versions: >=5.37, <=5.40
v1.1.0
New features:
- Added support for ISO-8859-1, UTF-8 text files and PGP encrypted files (#13, thanks @r1d3th3wav3s)
- Added support for PE binaries with custom MS-DOS stub (#16)
- Classifier spawns
stage:unrecognized
tasks for samples that were not recognized by classifier (#19, thanks @conitrade-as) - Added MIME type to resulting Task headers (#23, thanks @conitrade-as)
- Alternative libmagic method used for classification can be specified via
magic
argument ofClassifier
constructor (used for libmagic pinning in tests, #23)
Bugfixes:
- Fix for OOXML files (#17)