Allow single VT match on specific results

By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some matches that's usually only matched by a few engines, such as phishing.
author: Jon Bergli Heier <snakebite@jvnv.net> 2020-07-28 09:30:43 +0200
committer: Jon Bergli Heier <snakebite@jvnv.net> 2020-07-28 09:30:43 +0200
commit: a8c8728c223e72ff843faba5aed7de2d2d5330e1 (patch)
tree: 5bd924024a4fa69aca1cd5ef6cec7699da2a4169
parent: f205f01afc4beb10b84d2c33c2c244a4c4d71619 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py
index cf7de02..02337f5 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -191,7 +191,9 @@ def uploaded(hash):
 @app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file')
 def _file(hash, ext=None, filename=None):
     f = get_file(hash)
-    if not f or (f.blocked_reason and f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES']):
+    if not f or (f.blocked_reason and (f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES'] \
+            or any(scan['detected'] and scan['result'] in current_app.config['VIRUSTOTAL_SINGULAR_MATCHES']
+                    for scan in f.blocked_reason['scans']))):
         abort(404)
     path = storage.get_file(f)
     if isinstance(path, Response):
author	Jon Bergli Heier <snakebite@jvnv.net>	2020-07-28 09:30:43 +0200
committer	Jon Bergli Heier <snakebite@jvnv.net>	2020-07-28 09:30:43 +0200
commit	a8c8728c223e72ff843faba5aed7de2d2d5330e1 (patch)
tree	5bd924024a4fa69aca1cd5ef6cec7699da2a4169
parent	f205f01afc4beb10b84d2c33c2c244a4c4d71619 (diff)