The official changelog is located here, but the major improvements are described below.
Upgrading MASTIFF to the latest version is easy. You can follow this process:
- Download and install pydeep.
- Download MASTIFF 0.6.0 and untar it.
- Run "make test" to ensure you are not missing any dependencies.
- Run "sudo make install" to install the latest version.
- Copy the analysis plug-ins (the plugins directory in the tarball) to your location of choice and ensure the config file is pointing to that directory.
- Add any new options to your MASTIFF config file. The easiest way may be to use sdiff.
MASTIFF now has a queueing system so multiple files can be analyzed by the framework. To utilize this, give MASTIFF a directory instead of a file to analyze. It will find all files in that directory and its subdirectories, add them to the queue, and begin processing.
The queue is maintained within the MASTIFF database. So, if you have to stop MASTIFF in the middle of its run, it will begin re-processing the queue when its restarted. Some additional options have been added to allow you to work with the queue:
- --clear-queue: This will clear the current queue.
- --ignore-queue: This will ignore the queue and just process the file you give it.
Fuzzy hashing is not something new within MASTIFF. However, we have changed the Python library used for it. Previously, we used pyssdeep but found that there were a number of stability issues with it on OSX and when processing large amounts of files.
Therefore, we have switched to pydeep (https://github.com/kbandla/pydeep). Our testing has shown it to be much more stable thus far.
There was some confusion on which Python libmagic libraries to use when installing MASTIFF. To help alleviate some of that, the framework has been modified to use two different libmagic libraries:
- libmagic Python extensions (ftp://ftp.astron.com/pub/file/) - This may be installed through the source code or is the library installed as python-magic in most Linux code repositories.
- Python-magic (https://github.com/ahupp/python-magic/) - This may be installed through the source code or via Python pip.
A number of other bug fixes and improvements have been made. Please see the changelog file for a complete list.
As always, if you have any questions, please email firstname.lastname@example.org.
We have alot of great things coming down the pipe for MASTIFF, but if you have any suggestions, enhancements or plug-ins, let us know!