modules/whitelist.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

import os
import hashlib
import scanmodule

def main():
    return HashWhitelist()

class HashWhitelist(scanmodule.ScanModule):
    name = 'hashwhitelist'
    def evaluate(self, path):
        ''' Return in percent, the probability that
        the file is a malware
        @param path File to evaluate
        '''
        sha1 = ''
        with open(path, 'r') as f:
            sha1 = hashlib.sha1(f.read()).hexdigest()

        lst = list()
        for f in self.samples:
            if sha1 == self.samples[f]:
                lst.append([f, 100])
        return sorted(lst, key=lambda lst: lst[1], reverse=True)

    def is_malware(self, path):
        ''' Return False if the file is whitelisted
        '''
        sha1 = ''
        with open(path, 'r') as f:
            sha1 = hashlib.sha1(f.read()).hexdigest()

        for f in self.samples:
            if sha1 == self.samples[f]:
                return False
        return True

    def populate(self, path):
        ''' Populate the module's internal database
        with data from the given path
        @param path Path to the data
        '''
        for root, _, filenames in os.walk(path):
            for filename in filenames:
                full_path = os.path.join(root, filename)
                with open(full_path, 'r') as f:
                    self.samples[full_path] = hashlib.sha1(f.read()).hexdigest()