Yara is cooler than Python

author: Julien Voisin 2015-03-05 15:36:22 +0100
committer: Julien Voisin 2015-03-05 15:36:22 +0100
commit: 6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 (patch)
tree: 72de2c9e6f8eb30b847da44213b8482f98691589 /scanner.py
parent: 1c917ed43a58e1c1c77ccd0815b6e95fbcca54ff (diff)
1 files changed, 0 insertions, 44 deletions
diff --git a/scanner.py b/scanner.py
deleted file mode 100644
index bbd5fa2..0000000
--- a/scanner.py
+++ /dev/null
@@ -1,44 +0,0 @@
-import argparse
-import os
-import glob
-import imp
-import sys
-import logging
-import time
-logging.basicConfig(level=logging.INFO)
-import modules.grep_count as grep_module
-import modules.entropy as entropy_module
-import modules.whitelist as whitelist_module
-import modules.libfuzzy as fuzzy_module
-parser = argparse.ArgumentParser(description='Fuzzy matching for malwares')
-group = parser.add_mutually_exclusive_group(required=True)
-group.add_argument('--save', '-s', help='Path to save the databases', default=None)
-group.add_argument('--filenames', '-f', nargs='*', help='Files to check')
-parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing')
-args = parser.parse_args()
-grep = grep_module.GrepCount()
-entropy = entropy_module.Entropy()
-whitelist = whitelist_module.HashWhitelist()
-fuzzy = fuzzy_module.FuzzyMatcher()
-if args.save:  # Save the computed database
-    for m in [whitelist, fuzzy]:
-        m.save(args.save + '.' + m.name)
-else:
-    for f in args.filenames:
-        for root, _, filenames in os.walk(f):
-            for filename in filenames:
-                fpath = os.path.join(root, filename)
-                grep_results = grep.is_malware(fpath)
-                entropy_results = entropy.is_malware(fpath)
-                fuzzy_results = fuzzy.is_malware(fpath)
-                if grep_results or entropy_results or fuzzy_results:
-                    if whitelist.is_malware(fpath) and '/.git/' not in fpath:  # Not in whitelist
-                        logging.info('MALWARE: ' + fpath)
-                time.sleep(args.sleep)
author	Julien Voisin	2015-03-05 15:36:22 +0100
committer	Julien Voisin	2015-03-05 15:36:22 +0100
commit	6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 (patch)
tree	72de2c9e6f8eb30b847da44213b8482f98691589 /scanner.py
parent	1c917ed43a58e1c1c77ccd0815b6e95fbcca54ff (diff)

diff --git a/scanner.py b/scanner.py deleted file mode 100644 index bbd5fa2..0000000 --- a/scanner.py +++ /dev/null
@@ -1,44 +0,0 @@
1	import argparse
2	import os
3	import glob
4	import imp
5	import sys
6	import logging
7	import time
8	logging.basicConfig(level=logging.INFO)
9
10	import modules.grep_count as grep_module
11	import modules.entropy as entropy_module
12	import modules.whitelist as whitelist_module
13	import modules.libfuzzy as fuzzy_module
14
15	parser = argparse.ArgumentParser(description='Fuzzy matching for malwares')
16	group = parser.add_mutually_exclusive_group(required=True)
17	group.add_argument('--save', '-s', help='Path to save the databases', default=None)
18	group.add_argument('--filenames', '-f', nargs='*', help='Files to check')
19	parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing')
20	args = parser.parse_args()
21
22
23	grep = grep_module.GrepCount()
24	entropy = entropy_module.Entropy()
25	whitelist = whitelist_module.HashWhitelist()
26	fuzzy = fuzzy_module.FuzzyMatcher()
27
28	if args.save: # Save the computed database
29	for m in [whitelist, fuzzy]:
30	m.save(args.save + '.' + m.name)
31	else:
32	for f in args.filenames:
33	for root, _, filenames in os.walk(f):
34	for filename in filenames:
35	fpath = os.path.join(root, filename)
36
37	grep_results = grep.is_malware(fpath)
38	entropy_results = entropy.is_malware(fpath)
39	fuzzy_results = fuzzy.is_malware(fpath)
40	if grep_results or entropy_results or fuzzy_results:
41	if whitelist.is_malware(fpath) and '/.git/' not in fpath: # Not in whitelist
42	logging.info('MALWARE: ' + fpath)
43
44	time.sleep(args.sleep)