From 807248f9343a4cabb48c3be1a512b27f6377e871 Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Tue, 3 Mar 2015 15:58:59 +0100
Subject: First commit!

---
 modules/whitelist.py | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 modules/whitelist.py

(limited to 'modules/whitelist.py')

diff --git a/modules/whitelist.py b/modules/whitelist.py
new file mode 100644
index 0000000..587b392
--- /dev/null
+++ b/modules/whitelist.py
@@ -0,0 +1,46 @@
+import os
+import hashlib
+import scanmodule
+
+def main():
+    return HashWhitelist()
+
+class HashWhitelist(scanmodule.ScanModule):
+    name = 'hashwhitelist'
+    def evaluate(self, path):
+        ''' Return in percent, the probability that
+        the file is a malware
+        @param path File to evaluate
+        '''
+        sha1 = ''
+        with open(path, 'r') as f:
+            sha1 = hashlib.sha1(f.read()).hexdigest()
+
+        lst = list()
+        for f in self.samples:
+            if sha1 == self.samples[f]:
+                lst.append([f, 100])
+        return sorted(lst, key=lambda lst: lst[1], reverse=True)
+
+    def is_malware(self, path):
+        ''' Return False if the file is whitelisted
+        '''
+        sha1 = ''
+        with open(path, 'r') as f:
+            sha1 = hashlib.sha1(f.read()).hexdigest()
+
+        for f in self.samples:
+            if sha1 == self.samples[f]:
+                return False
+        return True
+
+    def populate(self, path):
+        ''' Populate the module's internal database
+        with data from the given path
+        @param path Path to the data
+        '''
+        for root, _, filenames in os.walk(path):
+            for filename in filenames:
+                full_path = os.path.join(root, filename)
+                with open(full_path, 'r') as f:
+                    self.samples[full_path] = hashlib.sha1(f.read()).hexdigest()
-- 
cgit v1.3