import java.io.*; import java.math.*; import java.text.*; import java.util.*; /** * Insert the type's description here. * Creation date: (11/4/00 4:35:31 PM) * @author: Administrator */ public class Poison { public Hashtable signatures = null; public Hashtable signatureThresholds = null; public Hashtable signatureMatchPercentages = null; public String fileName = null; public String fileData = null; public BufferedReader reader = null; public PrintWriter writer = null; public String inputLine = null; public String trimmedInputLine = null; /** * Poison constructor comment. */ public Poison() throws Exception { super(); reader = new BufferedReader(new InputStreamReader(System.in)); writer = new PrintWriter(new FileWriter("Poison.out")); } /** * Insert the method's description here. * Creation date: (11/4/00 5:02:44 PM) * @exception java.lang.Exception The exception description. */ public void getFileData() throws java.lang.Exception { boolean fileStart = false; boolean fileEnd = false; boolean fileDataEnd = false; boolean firstFileDataLine = true; while (!fileStart) { trimmedInputLine = reader.readLine().trim(); if (!trimmedInputLine.equals("")) { fileStart = true; fileName = trimmedInputLine; } } reader.readLine(); fileDataEnd = false; firstFileDataLine = true; while (!fileDataEnd) { inputLine = reader.readLine(); trimmedInputLine = inputLine.trim(); if (trimmedInputLine.equals("DATA")) { fileDataEnd = true; } else { if (firstFileDataLine) { fileData = inputLine; firstFileDataLine = false; } else { fileData = fileData + "\n" + inputLine; } } } reader.readLine(); } /** * Insert the method's description here. * Creation date: (11/4/00 5:01:01 PM) * @exception java.lang.Exception The exception description. */ public void getSignatures() throws java.lang.Exception { boolean signatureStart = false; boolean signatureEnd = false; boolean signatureDataEnd = false; boolean firstSignatureDataLine = true; String signatureName = null; double percentage = 0.00; String signature = null; signatures = new Hashtable(); signatureThresholds = new Hashtable(); signatureMatchPercentages = new Hashtable(); while (!signatureStart) { trimmedInputLine = reader.readLine().trim(); if (trimmedInputLine.equals("MALICIOUS CODE SIGNATURES")) { signatureStart = true; } } while (!signatureEnd) { trimmedInputLine = reader.readLine().trim(); if (trimmedInputLine.equals("MALICIOUS CODE SIGNATURES")) { signatureEnd = true; } else { signatureName = trimmedInputLine; reader.readLine(); percentage = (new Double(reader.readLine().trim())).doubleValue(); percentage = percentage; signatureThresholds.put(signatureName,new Double(percentage)); reader.readLine(); reader.readLine(); signatureDataEnd = false; firstSignatureDataLine = true; while (!signatureDataEnd) { inputLine = reader.readLine(); trimmedInputLine = inputLine.trim(); if (trimmedInputLine.equals("SIGNATURE")) { signatureDataEnd = true; } else { if (firstSignatureDataLine) { signature = inputLine; firstSignatureDataLine = false; } else { signature = signature + "\n" + inputLine; } } } signatures.put(signatureName,signature); signatureMatchPercentages.put(signatureName,new Double(0.00)); reader.readLine(); } } } /** * Insert the method's description here. * Creation date: (11/4/00 4:35:56 PM) * @param args java.lang.String[] */ public static void main(String[] args) { Poison poison = null; try { poison = new Poison(); while (poison.reader.ready()) { poison.getSignatures(); poison.getFileData(); poison.processFileData(); } poison.reader.close(); poison.writer.close(); } catch (Throwable t) { //System.out.println("Throwable caught: " + t.getMessage()); //t.printStackTrace(System.out); try { poison.reader.close(); poison.writer.close(); } catch (Exception e) {} } } /** * Insert the method's description here. * Creation date: (11/4/00 5:03:11 PM) * @exception java.lang.Exception The exception description. */ public void processFileData() throws java.lang.Exception { int i = 0; char fileChar = 'a'; char signatureChar = 'a'; String signatureName = null; String signature = null; String fileDataSubstring = null; int firstIndex = 0; int lastIndex = 0; int signatureMatchCount = 0; int count = 0; boolean poison = false; Enumeration signatureNames = null; double percentage = 0.00; double threshhold = 0.00; signatureNames = signatures.keys(); while (signatureNames.hasMoreElements()) { signatureName = (String) signatureNames.nextElement(); signature = (String) signatures.get(signatureName); firstIndex = 0; lastIndex = signature.length(); signatureMatchCount = 0; while (lastIndex <= fileData.length()) { fileDataSubstring = fileData.substring(firstIndex,lastIndex); count = 0; for (i = 0; i < signature.length(); i++) { fileChar = fileDataSubstring.charAt(i); signatureChar = signature.charAt(i); //System.out.println(signatureChar + "|" + fileChar); if (fileChar == signatureChar) { count++; } } if (count > signatureMatchCount) { signatureMatchCount = count; } firstIndex++; lastIndex++; } percentage = ((signatureMatchCount * 1.0)/(signature.length() * 1.0)); percentage = Math.round(percentage * 10000)/100.00; signatureMatchPercentages.put(signatureName,new Double(percentage)); } signatureNames = signatures.keys(); poison = false; while (signatureNames.hasMoreElements() && !poison) { signatureName = (String) signatureNames.nextElement(); percentage = ((Double) signatureMatchPercentages.get(signatureName)).doubleValue(); threshhold = ((Double) signatureThresholds.get(signatureName)).doubleValue(); //System.out.println(signatureName + " " + threshhold + "|" + percentage); if (percentage >= threshhold) { poison = true; } } if (poison) { System.out.println(fileName + " " + "POISON"); writer.println(fileName + " " + "POISON"); } else { System.out.println(fileName + " " + "CLEAN"); writer.println(fileName + " " + "CLEAN"); } writer.flush(); } }