dont rescan

2025-07-06 21:00:22 +00:00 · 2023-07-24 15:49:57 -04:00 · 2023-07-24 15:49:57 -04:00 · a634a2e7fd
commit a634a2e7fd
parent 404284cdfc
1 changed files with 15 additions and 4 deletions
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
@ -50,6 +50,7 @@ import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.SleuthkitCase;
+import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;

 /**
@ -198,12 +199,21 @@ public class MalwareScanIngestModule implements FileIngestModule {
        })
        IngestModule.ProcessResult process(AbstractFile af) {
            try {
-                if (runState == RunState.STARTED_UP && af.getKnown() != TskData.FileKnown.KNOWN
-                        && EXECUTABLE_MIME_TYPES.contains(StringUtils.defaultString(fileTypeDetector.getMIMEType(af)).trim().toLowerCase())) {
+                if (runState == RunState.STARTED_UP 
+                        && af.getKnown() != TskData.FileKnown.KNOWN
+                        && EXECUTABLE_MIME_TYPES.contains(StringUtils.defaultString(fileTypeDetector.getMIMEType(af)).trim().toLowerCase())
+                        && CollectionUtils.isEmpty(af.getAnalysisResults(malwareType))) {
+                    
                    batchProcessor.add(new FileRecord(af.getId(), af.getMd5Hash()));

                }
                return ProcessResult.OK;
+            } catch (TskCoreException ex) {
+                notifyWarning(
+                        Bundle.MalwareScanIngestModule_SharedProcessing_generalProcessingError_title(),
+                        Bundle.MalwareScanIngestModule_SharedProcessing_generalProcessingError_desc(),
+                        ex);
+                return IngestModule.ProcessResult.ERROR;
            } catch (InterruptedException ex) {
                notifyWarning(
                        Bundle.MalwareScanIngestModule_ShareProcessing_batchTimeout_title(),
@ -231,7 +241,7 @@ public class MalwareScanIngestModule implements FileIngestModule {

            // create mapping of md5 to corresponding object ids as well as just the list of md5's
            Map<String, List<Long>> md5ToObjId = new HashMap<>();
-            List<String> md5Hashes = new ArrayList<>();
+
            for (FileRecord fr : fileRecords) {
                if (fr == null || StringUtils.isBlank(fr.getMd5hash()) || fr.getObjId() <= 0) {
                    continue;
@ -242,9 +252,10 @@ public class MalwareScanIngestModule implements FileIngestModule {
                        .computeIfAbsent(sanitizedMd5, (k) -> new ArrayList<>())
                        .add(fr.getObjId());

-                md5Hashes.add(sanitizedMd5);
            }

+            List<String> md5Hashes = new ArrayList<>(md5ToObjId.keySet());
+            
            if (md5Hashes.isEmpty()) {
                return;
            }