Add support for the MalwareBazaar database

Signed-off-by: Tad <tad@spotco.us>
2025-02-28 21:38:21 +03:00 · 2023-12-19 16:58:11 -05:00 · 2023-12-19 16:58:11 -05:00 · 3bd703d6b8
commit 3bd703d6b8
parent c70b45a4ee
7 changed files with 19 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -65,6 +65,7 @@ Credits
 - Nex (@botherder) for extra databases (CC BY-SA 4.0)
 - Amnesty International for extra databases (CC BY 2.0)
 - Echap for extra databases (CC BY 4.0)
+- MalwareBazaar for extra databases (CC0)
 - RecursiveFileObserver.java (GPL-3.0-or-later): Daniel Gultsch, ownCloud Inc., Bartek Przybylski
 - GPGDetachedSignatureVerifier.java (GPL-2.0-or-later): Federico Fissore, Arduino LLC
 - Petra Mirelli for the German/Spanish/Italian translations, the app banner/feature graphic, and various tweaks.
--- a/app/build.gradle
+++ b/app/build.gradle
@ -6,8 +6,8 @@ android {
        applicationId "us.spotco.malwarescanner"
        minSdkVersion 16
        targetSdkVersion 32
-        versionCode 105
-        versionName "2.32"
+        versionCode 107
+        versionName "2.33"
        resConfigs 'en', 'af', 'de', 'el', 'es', 'fi', 'fr', 'it', 'pl', 'pt', 'ru', 'tr', 'zh-rCN'
    }
    buildTypes {
--- a/app/src/main/java/us/spotco/malwarescanner/Database.java
+++ b/app/src/main/java/us/spotco/malwarescanner/Database.java
@ -107,6 +107,9 @@ class Database {
            signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hdb.gz"));
            signatureDatabases.add(new SignatureDatabase(baseURL, "eset.hsb.gz"));
        }
+        if (prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)) {
+            signatureDatabases.add(new SignatureDatabase(baseURL, "malware_bazaar.hsb.gz"));
+        }
        if (prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false)) {
            signatureDatabases.add(new SignatureDatabase(baseURL, "main.hdb.gz"));
            signatureDatabases.add(new SignatureDatabase(baseURL, "main.hsb.gz"));
--- a/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
+++ b/app/src/main/java/us/spotco/malwarescanner/MainActivity.java
@ -150,7 +150,8 @@ public class MainActivity extends Activity {
                localizeDBDescription("ESET\n • SIZE: SIZE_SMALL\n • LICENSE: BSD 2-Clause\n • AUTHOR: ESET\n • SOURCE: https://github.com/eset/malware-ioc\n"),
                localizeDBDescription("Targeted Threats\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY-SA 4.0\n • AUTHOR: Nex\n • SOURCE: https://github.com/botherder/targetedthreats\n"),
                localizeDBDescription("Amnesty Tech Investigations\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 2.0\n • AUTHOR: Amnesty International\n • SOURCE: https://github.com/amnestytech/investigations\n"),
-                localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators")};
+                localizeDBDescription("Stalkerware\n • SIZE: SIZE_SMALL\n • LICENSE: CC BY 4.0\n • AUTHOR: Echap\n • SOURCE: https://github.com/AssoEchap/stalkerware-indicators\n"),
+                localizeDBDescription("MalwareBazaar\n • SIZE: SIZE_SMALL\n • LICENSE: CC0\n • AUTHOR: Abuse.ch\n • SOURCE: https://bazaar.abuse.ch")};
        final boolean[] databaseDefaults = {
                prefs.getBoolean("SIGNATURES_CLAMAV-ANDROID", true),
                prefs.getBoolean("SIGNATURES_CLAMAV-MAIN", false),
@ -158,7 +159,8 @@ public class MainActivity extends Activity {
                prefs.getBoolean("SIGNATURES_ESET", true),
                prefs.getBoolean("SIGNATURES_TARGETEDTHREATS", true),
                prefs.getBoolean("SIGNATURES_AMNESTY", true),
-                prefs.getBoolean("SIGNATURES_STALKERWARE", true)};
+                prefs.getBoolean("SIGNATURES_STALKERWARE", true),
+                prefs.getBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", true)};

        Dialog databaseDialog;
        AlertDialog.Builder databaseBuilder = new AlertDialog.Builder(this);
@ -173,6 +175,7 @@ public class MainActivity extends Activity {
            prefs.edit().putBoolean("SIGNATURES_TARGETEDTHREATS", databaseDefaults[4]).apply();
            prefs.edit().putBoolean("SIGNATURES_AMNESTY", databaseDefaults[5]).apply();
            prefs.edit().putBoolean("SIGNATURES_STALKERWARE", databaseDefaults[6]).apply();
+            prefs.edit().putBoolean("SIGNATURES_MALWAREBAZAAR-ANDROID", databaseDefaults[7]).apply();
        });

        databaseDialog = databaseBuilder.create();
--- a/app/src/main/res/values/arrays.xml
+++ b/app/src/main/res/values/arrays.xml
@ -21,6 +21,7 @@
        <item>• Nex (@botherder): Signature Databases</item>
        <item>• Amnesty International: Signature Databases</item>
        <item>• Echap: Signature Databases</item>
+        <item>• MalwareBazaar: Signature Databases</item>
        <item>• RecursiveFileObserver.java: Daniel Gultsch, ownCloud Inc., Bartek Przybylski</item>
        <item>• GPGDetachedSignatureVerifier.java: Federico Fissore, Arduino LLC</item>
        <item>• Google: App Icon</item>
--- a/fastlane/metadata/android/en-US/changelogs/107.txt
+++ b/fastlane/metadata/android/en-US/changelogs/107.txt
@ -0,0 +1,2 @@
+* New database with 60k+ signatures from MalwareBazaar by abuse.ch
+* @Manuel-Senpai for updated Spanish translations.
--- a/scripts/0malware_bazaar-android.sh
+++ b/scripts/0malware_bazaar-android.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+#License: GPLv3
+#Description: Hypatia conversion script for https://bazaar.abuse.ch/export/csv/full/ (CC0)
+grep "\"apk\"" full.csv | awk '{ print $3 } ' | sed 's/^"//' | sed 's/",$/:0:MalwareBazaar/' > malware_bazaar.hsb;
+gzip *.hsb;