summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xphp-malware-finder/utils/generate_whitelist.py (renamed from php-malware-finder/generate_whitelist.py)13
1 files changed, 7 insertions, 6 deletions
diff --git a/php-malware-finder/generate_whitelist.py b/php-malware-finder/utils/generate_whitelist.py
index af6be27..231eb1f 100755
--- a/php-malware-finder/generate_whitelist.py
+++ b/php-malware-finder/utils/generate_whitelist.py
@@ -19,7 +19,7 @@ if not os.path.isdir(sys.argv[2]):
19 print('%s is not a folder !' % sys.argv[2]) 19 print('%s is not a folder !' % sys.argv[2])
20 sys.exit(1) 20 sys.exit(1)
21 21
22rules = yara.compile('./php.yar', includes=True, error_on_warning=True) 22rules = yara.compile('../php.yar', includes=True, error_on_warning=True)
23 23
24output_list = list() 24output_list = list()
25 25
@@ -34,8 +34,9 @@ for curdir, dirnames, filenames in os.walk(sys.argv[2]):
34 output_list.append('hash.sha1(0, filesize) == "%s" or // %s' % (digest, fname)) 34 output_list.append('hash.sha1(0, filesize) == "%s" or // %s' % (digest, fname))
35 35
36 36
37output_rule = 'import "hash"\n\nrule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1]) 37if output_list:
38output_list.append(output_list.pop().replace(' or ', ' ')) 38 output_rule = 'import "hash"\n\nrule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1])
39output_rule += '\n\t\t'.join(output_list) 39 output_list.append(output_list.pop().replace(' or ', ' '))
40output_rule += '\n}' 40 output_rule += '\n\t\t'.join(output_list)
41print(output_rule) 41 output_rule += '\n}'
42 print(output_rule)