summaryrefslogtreecommitdiff
path: root/fbin
diff options
context:
space:
mode:
authorJon Bergli Heier <snakebite@jvnv.net>2020-07-28 09:30:43 +0200
committerJon Bergli Heier <snakebite@jvnv.net>2020-07-28 09:30:43 +0200
commita8c8728c223e72ff843faba5aed7de2d2d5330e1 (patch)
tree5bd924024a4fa69aca1cd5ef6cec7699da2a4169 /fbin
parentf205f01afc4beb10b84d2c33c2c244a4c4d71619 (diff)
Allow single VT match on specific results
By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some matches that's usually only matched by a few engines, such as phishing.
Diffstat (limited to 'fbin')
-rwxr-xr-xfbin/fbin.py4
1 files changed, 3 insertions, 1 deletions
diff --git a/fbin/fbin.py b/fbin/fbin.py
index cf7de02..02337f5 100755
--- a/fbin/fbin.py
+++ b/fbin/fbin.py
@@ -191,7 +191,9 @@ def uploaded(hash):
@app.route('/file/<hash:hash>/<path:filename>', endpoint = 'file')
def _file(hash, ext=None, filename=None):
f = get_file(hash)
- if not f or (f.blocked_reason and f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES']):
+ if not f or (f.blocked_reason and (f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES'] \
+ or any(scan['detected'] and scan['result'] in current_app.config['VIRUSTOTAL_SINGULAR_MATCHES']
+ for scan in f.blocked_reason['scans']))):
abort(404)
path = storage.get_file(f)
if isinstance(path, Response):