#7 Compare unknown signatures to known ones

[Jesse Kornblum]

Develop a method to compare unknown signatures (without computation) to known signatures. Unlike -x mode, this should*not* compare the known signatures to each other. Given a set of known signature k1, k2, k3, ... kn, and a set of unknown signatures u1, u2, u3... um, you would like the program to compare:

u1 vs k1
u1 vs k2
u1 vs k3
...
u1 vs kn

u2 vs k1
u2 vs k2
u2 vs k3
...
u2 vs kn

...

um vs k1
um vs k2
um vs k3
...
um vs kn

Suggested syntax:

The -k flag could be used to specify files of known hashes. The FILES parameters could be used to specify the files of unknown hashes. For example:

$ ssdeep -k known1.txt -k known2.txt -k known3.txt unknown1.txt unknown2.txt

Which should produce results like this:

unknown1.txt:harmless.exe matches known1.txt:EVILEVIL.EXE

[Jesse Kornblum]

A possible solution has been checked into SVN and is undergoing testing.

[Jesse Kornblum]

The patch in SVN has been accepted.