diff options
author | Jon Bergli Heier <snakebite@jvnv.net> | 2020-07-28 09:30:43 +0200 |
---|---|---|
committer | Jon Bergli Heier <snakebite@jvnv.net> | 2020-07-28 09:30:43 +0200 |
commit | a8c8728c223e72ff843faba5aed7de2d2d5330e1 (patch) | |
tree | 5bd924024a4fa69aca1cd5ef6cec7699da2a4169 /fbin | |
parent | f205f01afc4beb10b84d2c33c2c244a4c4d71619 (diff) |
Allow single VT match on specific results
By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we
can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some
matches that's usually only matched by a few engines, such as phishing.
Diffstat (limited to 'fbin')
-rwxr-xr-x | fbin/fbin.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py index cf7de02..02337f5 100755 --- a/fbin/fbin.py +++ b/fbin/fbin.py @@ -191,7 +191,9 @@ def uploaded(hash): @app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file') def _file(hash, ext=None, filename=None): f = get_file(hash) - if not f or (f.blocked_reason and f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES']): + if not f or (f.blocked_reason and (f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES'] \ + or any(scan['detected'] and scan['result'] in current_app.config['VIRUSTOTAL_SINGULAR_MATCHES'] + for scan in f.blocked_reason['scans']))): abort(404) path = storage.get_file(f) if isinstance(path, Response): |