Malware Repository

The malware repository is a network share where files are stored for sandbox malware analysis.

In unattended mode, the Malware Analysis appliance polls the source directory at regular intervals. The appliance automatically retrieves the batched files and analyzes them within each guest image.

Each guest image in the MVX engine has three directories in the malware repository. Files are retrieved from the malware repository source (src) directory. Analyzed files that are determined to be malicious are automatically moved to the malware repository bad directory. Nonmalicious files are moved to the malware repository good directory.

Files that are passed to the Malware Analysis appliance for analysis are stored in the following paths.

• Input Path—The Input Path is the source (src) directory.
• Output (Good) Path—The Output (Good) Path is the good directory.
• Output (Bad) Path—The Output (Bad) Path is the bad directory.

For the automated unattended mode to function correctly, you must create a valid path to the repository for each guest image.

Task List for Managing the Malware Repository

Complete the steps for managing the malware repository in the following order:

1. Log in to the CLI to install the guest images on the Malware Analysis appliance. For details about installing the guest images, see Guest Images.
2. Determine the IP address of the server you want to use for the network share.
3. Configure the access point and user credentials for the network share.
4. Verify that the Malware Analysis appliance can communicate with the network share site from your local machine before configuring the malware repository for unattended mode.
5. Configure the malware repository paths for each guest image.
6. Copy the files to the network share source directory locations.
7. View the results of the configuration for the repositories.