SafeBrowsing est la base anti malware / anti phishing de Google. Intégré à Firefox et Google Chrome, il permet de valider que le site n’est pas un nid à malware ou tentative de phishing.
Pour tester par site :
http://www.google.com/safebrowsing/diagnostic?site=beufa.net
Ou par AS :
http://www.google.com/safebrowsing/diagnostic?site=AS:15069
Des modules existent en Perl pour automatiser ces vérifications :
use Net::Google::SafeBrowsing2; use Net::Google::SafeBrowsing2::Storage; use Net::Google::SafeBrowsing2::Sqlite;
Ensuite, quelques lignes de Perl suffit à vérifier une liste de sites (qu’il est possible d’inclure depuis une base MySQL !)
my @sites =( 'http://flashupdate.co.cc/', 'https://beufa.net/', 'http://www.fortinet.com/', 'http://www.gumblar.cn' );
Créer une base locale, qui permettra de stocker les hashs localement
my $storage_malware_db = Net::Google::SafeBrowsing2::Sqlite->new(file => 'goog-malware-shavar.db'); my $malware_db = Net::Google::SafeBrowsing2->new( key => "YOUR_KEY", storage => $storage_malware_db, error => 1, ## debug => 1, ## mac => 1, list => MALWARE, ## force => 1 );
Il est possible de télécharger 2 bases (paramètre LIST) : MALWARE (goog-malware-shava.db) ou PHISHING (googpub-phish-shavar.db)
Vérifier les mises à jour :
my $last_db1 = $storage_malware_db->last_update(list => 'goog-malware-shavar')->{time}; my $next_db1 = $last_db1+$storage_malware_db->last_update(list => 'goog-malware-shavar')->{wait}; my $last_db2 = $storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{time}; my $next_db2 = $last_db2+$storage_phishing_db->last_update(list => 'googpub-phish-shavar')->{wait}; print color 'reset'; print color 'bold yellow'; print "--- ---------------------------------- ----n"; print "--- Updates of Google SafeBrowsing DBs ----n"; print "--- ---------------------------------- ----n"; print color 'reset'; print color 'cyan'; print "t > Last Up. (google-malware-shavar) : ".scalar(localtime($last_db1))."n"; print "t > Next Up. (google-malware-shavar) : ".scalar(localtime($next_db1))."n"; print "t > Last Up. (googpub-phish-shavar) : ".scalar(localtime($last_db2))."n"; print "t > Next Up. (googpub-phish-shavar) : ".scalar(localtime($next_db2))."n"; print color 'reset';
Vérifiez ensuite que chacun des sites n’est pas dans les hashs Google SafeBrowsing :
print color 'reset'; print color 'bold yellow'; print "--- -------------------------------------- ----n"; print "--- Checking for Malwares Distribution URL ----n"; print "--- -------------------------------------- ----n"; foreach $site (@sites) { my $match_malware = $malware_db->lookup(url => $site); if ($match_malware eq MALWARE) { print color 'reset'; print color 'bold red'; print "t(MAL)tNOK => ".$site." => MALWARE n"; } else { print color 'reset'; print color 'green'; print "ttOK => ".$site."n"; } } print color 'reset'; print color 'reset'; print color 'red'; print "--- Errors for Malwares Distribution Check ----n"; print "Last malware_db error: ", $malware_db->last_error(), "n"; print "--- -------------------------------------- ----n"; $storage_malware_db->close();
Le résultat :
user@pc:~$ perl Bureau/safeb --- ---------------------------------- ---- --- Updates of Google SafeBrowsing DBs ---- --- ---------------------------------- ---- > Last Up. (google-malware-shavar) : Fri Nov 11 10:44:43 2011 > Next Up. (google-malware-shavar) : Fri Nov 11 11:14:49 2011 > Last Up. (googpub-phish-shavar) : Fri Nov 11 10:44:57 2011 > Next Up. (googpub-phish-shavar) : Fri Nov 11 11:16:36 2011 --- -------------------------------------- ---- --- Checking for Malwares Distribution URL ---- --- -------------------------------------- ---- (MAL) NOK => http://flashupdate.co.cc/ => MALWARE OK => https://beufa.net OK => http://fortinet.com OK => http://gumblar.cn --- Errors for Malwares Distribution Check ---- Last malware_db error: --- -------------------------------------- ---- --- -------------------------------------- ---- --- Checking for Phishing Distribution URL ---- --- -------------------------------------- ---- OK => http://flashupdate.co.cc/ OK => https://beufa.net OK => http://fortinet.com OK => http://gumblar.cn --- Errors for Phishing Distribution Check ---- Last phishing_db error: --- -------------------------------------- ----
Bon amusement !
A venir : scan de pages avec ClamAV et son module File::Scan::ClamAV