Basic Features
Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor
Step #2 - Modify the configuration by adding or modifying the properties on this page
Step #3 - Save the file and restart the sandbox service
Second Stage Malware Detection
Enable file downloads to detect 2nd stage malware downloaded from the Internet
runFileDownloaders=truerunFileDownloaderDistributedTimeoutMs=60000fileDownloaderMaxFileDownloads=10| Property name | Default value | Description |
|---|---|---|
| runFileDownloaders | true | Main switch to enable file downloads |
| runFileDownloaderDistributedTimeoutMs | 1 minute | Execution timeout |
| fileDownloaderMaxFileDownloads | 10 | Download limit, '0' means no limit. |
Malware Config Extraction
Enable malware config extraction
malwareConfigExtractionEnabled=truemalwareConfigExtractionMaxInputFileSize=100| Property name | Default value | Description |
|---|---|---|
| malwareConfigExtractionEnabled | true | Switch to enable / disable malware config extraction |
| malwareConfigExtractionMaxInputFileSize | 100 MB | File size limit |
Certificate Extraction
Enable certificate extraction for executable files and PDF documents
extractCertificates=trueosslExecutionTimeout=30| Property name | Default value | Description |
|---|---|---|
| extractCertificates | true | Switch do enable / disable certificate extraction |
| osslExecutionTimeout | 30 seconds | Execution timeout |
YARA
Enable YARA rule matching
runYaraRulesOnInputFile=truerunYaraRulesOnExtractedFiles=trueyaraExecutionTimeout=30runYaraRulesOnInputFileMaxFileSizeInMb=100| Property name | Default value | Description |
|---|---|---|
| runYaraRulesOnInputFile | true | Switch to enable / disable YARA rule matching |
| runYaraRulesOnExtractedFiles | true | Execute YARA also on extracted files |
| yaraExecutionTimeout | 30 seconds | Execution timeout |
| runYaraRulesOnInputFileMaxFileSizeInMb | 100 MB | File size limit, '0' means no limit |
Image Text Extraction (OCR)
Enable text extraction from images
runTesseractOCRForImages=truetesseractExecutionTimeout=10tesseractLimitPerTransform=5| Property name | Default value | Description |
|---|---|---|
| runTesseractOCRForImages | true | Switch to enable / disable OCR |
| tesseractExecutionTimeout | 10 seconds | Execution timeout |
| tesseractLimitPerTransform | 5 | Limit: number of images to process |
QR Code Scan
Enable QR code scan for images
runQRCodeScanForImages=trueqrCodeScanLimitPerTransform=20| Property name | Default value | Description |
|---|---|---|
| runQRCodeScanForImages | true | Switch to enable / disable QR code scanning |
| qrCodeScanLimitPerTransform | 20 | Limit: number of images to process |
Text Metrics
generateTextMetrics=truegenerateTextMetricsNGramSize=5generateTextMetricsIncludeTopNGrams=20Enable text metrics generation like entropy, average word size, etc.
| Property name | Default value | Description |
|---|---|---|
| generateTextMetrics | true | Enable / disable text metrics generation |
| generateTextMetricsNGramSize | 5 | Size of collected ngrams |
| generateTextMetricsIncludeTopNGrams | 20 | Number of considered ngrams |
Visualization
Enable image rendering of input file (file preview pages)
runFileVisualizer=truerunFileVisualizerDistributedTimeoutMs=10000| Property name | Default value | Description |
|---|---|---|
| runFileVisualizer | true | Switch to enable / disable visualization |
| runFileVisualizerDistributedTimeoutMs | 10 seconds | Execution timeout |
Was this page helpful?