From 6beeeebe3c43f0643e521139d3f8b1ff4a7f3059 Mon Sep 17 00:00:00 2001 From: Julien Voisin Date: Thu, 5 Mar 2015 15:36:22 +0100 Subject: Yara is cooler than Python --- scanner.py | 44 -------------------------------------------- 1 file changed, 44 deletions(-) delete mode 100644 scanner.py (limited to 'scanner.py') diff --git a/scanner.py b/scanner.py deleted file mode 100644 index bbd5fa2..0000000 --- a/scanner.py +++ /dev/null @@ -1,44 +0,0 @@ -import argparse -import os -import glob -import imp -import sys -import logging -import time -logging.basicConfig(level=logging.INFO) - -import modules.grep_count as grep_module -import modules.entropy as entropy_module -import modules.whitelist as whitelist_module -import modules.libfuzzy as fuzzy_module - -parser = argparse.ArgumentParser(description='Fuzzy matching for malwares') -group = parser.add_mutually_exclusive_group(required=True) -group.add_argument('--save', '-s', help='Path to save the databases', default=None) -group.add_argument('--filenames', '-f', nargs='*', help='Files to check') -parser.add_argument('--sleep', '-t', type=int, default=0, help='Sleep between files processing') -args = parser.parse_args() - - -grep = grep_module.GrepCount() -entropy = entropy_module.Entropy() -whitelist = whitelist_module.HashWhitelist() -fuzzy = fuzzy_module.FuzzyMatcher() - -if args.save: # Save the computed database - for m in [whitelist, fuzzy]: - m.save(args.save + '.' + m.name) -else: - for f in args.filenames: - for root, _, filenames in os.walk(f): - for filename in filenames: - fpath = os.path.join(root, filename) - - grep_results = grep.is_malware(fpath) - entropy_results = entropy.is_malware(fpath) - fuzzy_results = fuzzy.is_malware(fpath) - if grep_results or entropy_results or fuzzy_results: - if whitelist.is_malware(fpath) and '/.git/' not in fpath: # Not in whitelist - logging.info('MALWARE: ' + fpath) - - time.sleep(args.sleep) -- cgit v1.3