Merge pull request #654 from TcM1911/fuzzy-threshold

Fuzzy threshhold value impovements (closes #376)

Author: botherder

viper/modules/fuzzy.py

@@ -25,6 +25,7 @@ def __init__(self):
         super(Fuzzy, self).__init__()
         self.parser.add_argument('-v', '--verbose', action='store_true', help="Prints verbose logging")
         self.parser.add_argument('-c', '--cluster', action='store_true', help="Cluster all available samples by ssdeep")  # noqa
+        self.parser.add_argument('-t', '--threshold', type=int, default=40, help="Score threshold")
 
     def _get_ssdeep_bytes(self, ssdeep):
         # In an older database, you may endup with some hashes in binary form...
@@ -81,7 +82,7 @@ def run(self):
 
                             member_ssdeep = db.find(key='md5', value=member_hash)[0].ssdeep
                             if pydeep.compare(self._get_ssdeep_bytes(sample.ssdeep),
-                                              self._get_ssdeep_bytes(member_ssdeep)) > 40:
+                                              self._get_ssdeep_bytes(member_ssdeep)) > self.args.threshold:
                                 if arg_verbose:
                                     self.log('info', "Found home for {0} in cluster {1}".format(sample.md5, cluster_name))
 
@@ -127,7 +128,7 @@ def run(self):
                     score = pydeep.compare(self._get_ssdeep_bytes(__sessions__.current.file.ssdeep),
                                            self._get_ssdeep_bytes(sample.ssdeep))
 
-                    if score > 40:
+                    if score > self.args.threshold:
                         matches.append(['{0}%'.format(score), sample.name, sample.sha256])
 
                     if arg_verbose: