Yara is cooler than Python

author: Julien Voisin 2015-03-05 15:36:22 +0100
committer: Julien Voisin 2015-03-05 15:36:22 +0100
commit: 6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 (patch)
tree: 72de2c9e6f8eb30b847da44213b8482f98691589 /modules/whitelist.py
parent: 1c917ed43a58e1c1c77ccd0815b6e95fbcca54ff (diff)
1 files changed, 0 insertions, 46 deletions
diff --git a/modules/whitelist.py b/modules/whitelist.py
deleted file mode 100644
index 587b392..0000000
--- a/modules/whitelist.py
+++ /dev/null
@@ -1,46 +0,0 @@
-import os
-import hashlib
-import scanmodule
-def main():
-    return HashWhitelist()
-class HashWhitelist(scanmodule.ScanModule):
-    name = 'hashwhitelist'
-    def evaluate(self, path):
-        ''' Return in percent, the probability that
-        the file is a malware
-        @param path File to evaluate
-        '''
-        sha1 = ''
-        with open(path, 'r') as f:
-            sha1 = hashlib.sha1(f.read()).hexdigest()
-        lst = list()
-        for f in self.samples:
-            if sha1 == self.samples[f]:
-                lst.append([f, 100])
-        return sorted(lst, key=lambda lst: lst[1], reverse=True)
-    def is_malware(self, path):
-        ''' Return False if the file is whitelisted
-        '''
-        sha1 = ''
-        with open(path, 'r') as f:
-            sha1 = hashlib.sha1(f.read()).hexdigest()
-        for f in self.samples:
-            if sha1 == self.samples[f]:
-                return False
-        return True
-    def populate(self, path):
-        ''' Populate the module's internal database
-        with data from the given path
-        @param path Path to the data
-        '''
-        for root, _, filenames in os.walk(path):
-            for filename in filenames:
-                full_path = os.path.join(root, filename)
-                with open(full_path, 'r') as f:
-                    self.samples[full_path] = hashlib.sha1(f.read()).hexdigest()
author	Julien Voisin	2015-03-05 15:36:22 +0100
committer	Julien Voisin	2015-03-05 15:36:22 +0100
commit	6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 (patch)
tree	72de2c9e6f8eb30b847da44213b8482f98691589 /modules/whitelist.py
parent	1c917ed43a58e1c1c77ccd0815b6e95fbcca54ff (diff)

diff --git a/modules/whitelist.py b/modules/whitelist.py deleted file mode 100644 index 587b392..0000000 --- a/modules/whitelist.py +++ /dev/null
@@ -1,46 +0,0 @@
1	import os
2	import hashlib
3	import scanmodule
4
5	def main():
6	return HashWhitelist()
7
8	class HashWhitelist(scanmodule.ScanModule):
9	name = 'hashwhitelist'
10	def evaluate(self, path):
11	''' Return in percent, the probability that
12	the file is a malware
13	@param path File to evaluate
14	'''
15	sha1 = ''
16	with open(path, 'r') as f:
17	sha1 = hashlib.sha1(f.read()).hexdigest()
18
19	lst = list()
20	for f in self.samples:
21	if sha1 == self.samples[f]:
22	lst.append([f, 100])
23	return sorted(lst, key=lambda lst: lst[1], reverse=True)
24
25	def is_malware(self, path):
26	''' Return False if the file is whitelisted
27	'''
28	sha1 = ''
29	with open(path, 'r') as f:
30	sha1 = hashlib.sha1(f.read()).hexdigest()
31
32	for f in self.samples:
33	if sha1 == self.samples[f]:
34	return False
35	return True
36
37	def populate(self, path):
38	''' Populate the module's internal database
39	with data from the given path
40	@param path Path to the data
41	'''
42	for root, _, filenames in os.walk(path):
43	for filename in filenames:
44	full_path = os.path.join(root, filename)
45	with open(full_path, 'r') as f:
46	self.samples[full_path] = hashlib.sha1(f.read()).hexdigest()