Simplifying and renaming

README.md

@@ -44,8 +44,8 @@ Once MetaDefender Core has been installed and activated with your license, the f
 * **max_md_scan_time**: Maximum amount of time to wait for scan results before the MetaDefender server is put on a brief timeout (only applicable when multiple MetaDefender deployments are used)
 * **av_safelist_config**: Dictionary containing details that we will use for revising or omitting antivirus signature hits
   * **blocklist**: A list of antivirus vendors who we want to omit from all results
-  * **kw_score_revision_map**: A dictionary where the keys are the keywords that could be found in signatures and the value is the revised score
-  * **sig_score_revisions**: A list of dictionaries that follow the format `{"name": <name>, "score": <int>}` where the `"name"` is the antivirus signature name which you want to revise the score to (the value of `"score"`)
+  * **kw_score_revision_map**: A dictionary where the keys are the keywords that could be found in signatures, and the value is the revised score
+  * **sig_score_revisions**: A dictionary where the keys are the signatures that you want to revise, and the values are the scores that the signatures will be revised to
 
 ## Updating Antivirus Definitions
 

metadefender.py

@@ -83,10 +83,10 @@ def start(self) -> None:
                 base_urls.append(prepared_base_url)
         else:
             raise Exception("Invalid format for BASE_URL service variable (must be str or list)")
-        av_safelist_config: Dict[str, Any] = self.config.get("av_safelist_config", {})
-        self.blocklist: List[str] = av_safelist_config.get("blocklist", [])
-        self.kw_score_revision_map: Dict[str, int] = av_safelist_config.get("kw_score_revision_map", {})
-        self.sig_score_revision_map = {sig["name"]: sig["score"] for sig in av_safelist_config.get("sig_score_revisions", [])}
+        av_config: Dict[str, Any] = self.config.get("av_config", {})
+        self.blocklist: List[str] = av_config.get("blocklist", [])
+        self.kw_score_revision_map: Dict[str, int] = av_config.get("kw_score_revision_map", {})
+        self.sig_score_revision_map = av_config.get("sig_score_revisions", {})
 
         # Initialize a list of all nodes with default data
         for index, url in enumerate(base_urls):

service_manifest.yml

@@ -25,7 +25,7 @@ config:
   min_node_time: 60
   max_node_time: 300
   max_md_scan_time: 5
-  av_safelist_config:
+  av_config:
     # AV Blocklist (ignore results)
     blocklist:
       - "Antiy-AVL"
@@ -37,20 +37,13 @@ config:
     # Signature names are not valid YAML keys according to the Assemblyline
     # ODM so we cannot use them in the heuristic signature_score_map. Hence why we're putting this here.
     sig_score_revisions:
-      - name: "Ikarus.Trojan-Downloader.MSWord.Agent"
-        score: 0
-      - name: "Ikarus.Trojan-Downloader.VBA.Agent"
-        score: 0
-      - name: "Vir.IT eXplorer.Office.VBA_Macro_Heur"
-        score: 0
-      - name: "Vir.IT eXplorer.W97M/Downloader.AB"
-        score: 0
-      - name: "NANOAV.Exploit.Xml.CVE-2017-0199.equmby"
-        score: 0
-      - name: "TACHYON.Suspicious/XOX.Obfus.Gen.2"
-        score: 100
-      - name: "TACHYON.Suspicious/XOX.Obfus.Gen.3"
-        score: 0
+      Ikarus.Trojan-Downloader.MSWord.Agent: 0
+      Ikarus.Trojan-Downloader.VBA.Agent: 0
+      NANOAV.Exploit.Xml.CVE-2017-0199.equmby: 0
+      TACHYON.Suspicious/XOX.Obfus.Gen.2: 100
+      TACHYON.Suspicious/XOX.Obfus.Gen.3: 0
+      Vir.IT eXplorer.Office.VBA_Macro_Heur: 0
+      Vir.IT eXplorer.W97M/Downloader.AB: 0
 
 heuristics:
   - heur_id: 1