#!/bin/bash
#simple script to run ssdeep on network stream (or any list of files)
#output should be piped to log file or logging system (logger)


while read file
do
  result=`ssdeep -m /etc/ssdeep-n.sigs -b $file`
  if ! echo $result | grep matches > /dev/null
  then    
    rm $file
  else
    mv $file /var/lib/ssdeep-n/hits/
    echo $result | sed 's/ \/etc\/ssdeep-n\.sigs:/ /g'
  fi
done