From a8c8728c223e72ff843faba5aed7de2d2d5330e1 Mon Sep 17 00:00:00 2001 From: Jon Bergli Heier Date: Tue, 28 Jul 2020 09:30:43 +0200 Subject: Allow single VT match on specific results By including a result name in the VIRUSTOTAL_SINGULAR_MATCHES setting we can override VIRUSTOTAL_MINIMUM_POSITIVES. This is useful for some matches that's usually only matched by a few engines, such as phishing. --- fbin/fbin.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fbin/fbin.py b/fbin/fbin.py index cf7de02..02337f5 100755 --- a/fbin/fbin.py +++ b/fbin/fbin.py @@ -191,7 +191,9 @@ def uploaded(hash): @app.route('/file//', endpoint = 'file') def _file(hash, ext=None, filename=None): f = get_file(hash) - if not f or (f.blocked_reason and f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES']): + if not f or (f.blocked_reason and (f.blocked_reason['positives'] >= current_app.config['VIRUSTOTAL_MINIMUM_POSITIVES'] \ + or any(scan['detected'] and scan['result'] in current_app.config['VIRUSTOTAL_SINGULAR_MATCHES'] + for scan in f.blocked_reason['scans']))): abort(404) path = storage.get_file(f) if isinstance(path, Response): -- cgit v1.2.3