Digest-ssdeep

 view release on metacpan or  search on metacpan

lib/Digest/ssdeep.pm  view on Meta::CPAN


Usage:

    $hash = ssdeep_hash_file( "/tmp/malware1.exe" );

This is a convenient function. Returns the same of ssdeep_file in scalar or
array context.

Since this function slurps the whole file into memory, you should not use it in
big files. You should not use this module for big files, use libfuzzy wrapper
instead (L<BUGS AND LIMITATIONS>).

Returns B<undef> on errors.

=item B<ssdeep_compare>

Calculates the matching between two hashes.

Usage. To compare two scalar hashes:

    $match = ssdeep_compare( $hashA, $hashB );

lib/Digest/ssdeep.pm  view on Meta::CPAN


Or this way:

From the 4th row I know the letter C<T> in the first hash comes from the
chunk that started at 210575+1 (the one-starting row before) and ends at
210730. The whole FNV hash of this block was 1069791891.

=back


=head1 BUGS AND LIMITATIONS

=over

=item B<Small blocksize comparison>

Original ssdeep limit the matching of small blocksize hashes. So when comparing
them the matching is limited by its size and is never 100%. This algorithm do
not behaviours that way. Small block sizes hashes are compared as big block
sizes ones.



( run in 0.452 second using v1.01-cache-2.11-cpan-fd5d4e115d8 )