Advertisement
Tatantyler

Heuristics Based AV Prototype

Dec 15th, 2012
409
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Lua 2.99 KB | None | 0 0
  1. local detectThreshold = 50
  2. local heuristicsTriggers = { -- this is a list of function calls that are classified as "dangerous".
  3.     "fs.delete",
  4.     "fs.move",
  5.     "fs.copy",
  6.     "fs.open",
  7.     "os.reboot",
  8.     "os.shutdown",
  9. }
  10.  
  11. local totalLines = 0
  12. local totalScore = 0
  13. local totalPercent = 0
  14. local scores = {}
  15. local percents = {}
  16. local args = {...}
  17.  
  18. if args[1] == nil then
  19.     print("USAGE: "..fs.getName(shell.getRunningProgram()).." [file]")
  20.     return
  21. end
  22.  
  23. for _,v in ipairs(heuristicsTriggers) do
  24.     scores[v] = 0
  25.     percents[v] = 0
  26. end
  27.  
  28. local handle = io.open(args[1], "r")
  29.  
  30. for line in handle:lines() do
  31.     if #line > 0 then
  32.         totalLines = totalLines+1
  33.         for _,trigger in ipairs(heuristicsTriggers) do
  34.             for match in string.gmatch(line, "("..trigger..")") do
  35.                 scores[trigger] = scores[trigger]+1
  36.                 totalScore = totalScore+1
  37.             end
  38.         end
  39.     end
  40. end
  41.  
  42. totalPercent = math.ceil((totalScore/totalLines) * 100)
  43.  
  44. term.clear()
  45. term.setCursorPos(1,1)
  46. print("Results of heuristics scan for file: "..args[1])
  47. print("Total (useful) lines: "..totalLines)
  48. print("Total trigger phrase count: "..totalScore)
  49. print("Total trigger phrase percentage count: "..totalPercent.."%")
  50. for i,v in pairs(scores) do
  51.     percents[i] = math.ceil((v/totalLines) * 100)
  52.     print("Percentage found: "..i..": "..percents[i].."% (found "..v.." times)")
  53. end
  54.  
  55. for i,v in pairs(percents) do
  56.     if v >= detectThreshold then
  57.         print("Caution: This file may be a virus, because it has a lot of "..i.." calls.")
  58.         print("We may be wrong, but it may be a good idea to check this file manually.")
  59.         print("Move to quarantine? (Y/N)")
  60.         write(">")
  61.         local quarantine = false
  62.         if string.upper(string.sub(read(),1,1)) == "Y" then
  63.             quarantine = true
  64.         else
  65.             quarantine = false
  66.         end
  67.         if quarantine then
  68.             if not fs.exists("quarantine") then
  69.                 fs.makeDir("quarantine")
  70.             end
  71.             local oldDataHandle = fs.open(args[1], "r")
  72.             local oldData = "--[["..oldDataHandle.readAll().."]]"
  73.             oldDataHandle.close()
  74.             local quarantineHandle = fs.open("quarantine/"..args[1], "w")
  75.             quarantineHandle.write(oldData)
  76.             quarantineHandle.close()
  77.         end
  78.     end
  79. end
  80.  
  81. if totalPercent >= detectThreshold then
  82.     print("Caution: This file may be a virus, because it contains many \"dangerous\" calls.")
  83.     print("We may be wrong, but it may be a good idea to check this file manually.")
  84.     print("Move to quarantine? (Y/N)")
  85.     write(">")
  86.     local quarantine = false
  87.     if string.upper(string.sub(read(),1,1)) == "Y" then
  88.         quarantine = true
  89.     else
  90.         quarantine = false
  91.     end
  92.     if quarantine then
  93.         if not fs.exists("quarantine") then
  94.             fs.makeDir("quarantine")
  95.         end
  96.         local oldDataHandle = fs.open(args[1], "r")
  97.         local oldData = "--[["..oldDataHandle.readAll().."]]"
  98.         oldDataHandle.close()
  99.         local quarantineHandle = fs.open("quarantine/"..args[1], "w")
  100.         quarantineHandle.write(oldData)
  101.         quarantineHandle.close()
  102.     end
  103. end
  104.  
  105. print("Large percentages may indicate viruses and/or malicious software.")
  106. print("Note: You may need to check this file manually.")
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement