From 216702a22dac24e54c88404cf9cd38bca4f0645b Mon Sep 17 00:00:00 2001
From: Mathieu Deous
Date: Tue, 26 Jul 2016 18:28:39 +0200
Subject: move utility scripts to a ./utils/ subfolder

---
 php-malware-finder/generate_whitelist.py       | 41 -------------------------
 php-malware-finder/utils/generate_whitelist.py | 42 ++++++++++++++++++++++++++
 2 files changed, 42 insertions(+), 41 deletions(-)
 delete mode 100755 php-malware-finder/generate_whitelist.py
 create mode 100755 php-malware-finder/utils/generate_whitelist.py

diff --git a/php-malware-finder/generate_whitelist.py b/php-malware-finder/generate_whitelist.py
deleted file mode 100755
index af6be27..0000000
--- a/php-malware-finder/generate_whitelist.py
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/usr/bin/env python
-
-import fnmatch
-import hashlib
-import os
-import sys
-
-try:
-    import yara
-except ImportError:
-    print('Please install python-yara')
-    sys.exit(1)
-
-if len(sys.argv) != 3:
-    print('Usage: %s name_of_the_rule_and_version folder_to_scan' % sys.argv[0])
-    sys.exit(1)
-
-if not os.path.isdir(sys.argv[2]):
-    print('%s is not a folder !' % sys.argv[2])
-    sys.exit(1)
-
-rules = yara.compile('./php.yar', includes=True, error_on_warning=True)
-
-output_list = list()
-
-for curdir, dirnames, filenames in os.walk(sys.argv[2]):
-    for filename in fnmatch.filter(filenames, '*.ph*'):
-        fname = os.path.join(curdir, filename)
-        if 0 < os.stat(fname).st_size < 5 * 1024 * 1024:
-            matches = rules.match(fname, fast=True)
-            if matches:
-                with open(fname, 'rb') as f:
-                    digest = hashlib.sha1(f.read()).hexdigest()
-                output_list.append('hash.sha1(0, filesize) == "%s" or // %s' % (digest, fname))
-
-
-output_rule = 'import "hash"\n\nrule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1])
-output_list.append(output_list.pop().replace(' or ', '    '))
-output_rule += '\n\t\t'.join(output_list)
-output_rule += '\n}'
-print(output_rule)
diff --git a/php-malware-finder/utils/generate_whitelist.py b/php-malware-finder/utils/generate_whitelist.py
new file mode 100755
index 0000000..231eb1f
--- /dev/null
+++ b/php-malware-finder/utils/generate_whitelist.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+import fnmatch
+import hashlib
+import os
+import sys
+
+try:
+    import yara
+except ImportError:
+    print('Please install python-yara')
+    sys.exit(1)
+
+if len(sys.argv) != 3:
+    print('Usage: %s name_of_the_rule_and_version folder_to_scan' % sys.argv[0])
+    sys.exit(1)
+
+if not os.path.isdir(sys.argv[2]):
+    print('%s is not a folder !' % sys.argv[2])
+    sys.exit(1)
+
+rules = yara.compile('../php.yar', includes=True, error_on_warning=True)
+
+output_list = list()
+
+for curdir, dirnames, filenames in os.walk(sys.argv[2]):
+    for filename in fnmatch.filter(filenames, '*.ph*'):
+        fname = os.path.join(curdir, filename)
+        if 0 < os.stat(fname).st_size < 5 * 1024 * 1024:
+            matches = rules.match(fname, fast=True)
+            if matches:
+                with open(fname, 'rb') as f:
+                    digest = hashlib.sha1(f.read()).hexdigest()
+                output_list.append('hash.sha1(0, filesize) == "%s" or // %s' % (digest, fname))
+
+
+if output_list:
+    output_rule = 'import "hash"\n\nrule %s\n{\n\tcondition:\n\t\t/* %s */\n\t\t' % (sys.argv[1].split(' ')[0], sys.argv[1])
+    output_list.append(output_list.pop().replace(' or ', '    '))
+    output_rule += '\n\t\t'.join(output_list)
+    output_rule += '\n}'
+    print(output_rule)
-- 
cgit v1.3