From be858f4a7d79fc52cb55e47610c2f88939609c49 Mon Sep 17 00:00:00 2001
From: patrik <patrik@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Tue, 24 Jul 2012 10:33:39 +0000
Subject: [PATCH] further improoved http-google-malware.nse malware detection
 by adding response code checks.

---
 scripts/http-google-malware.nse | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/http-google-malware.nse b/scripts/http-google-malware.nse
index dc5c4c221..5a6988fd1 100644
--- a/scripts/http-google-malware.nse
+++ b/scripts/http-google-malware.nse
@@ -77,8 +77,8 @@ action = function(host, port)
   local req = http.get_url(qry)
   stdnse.print_debug(2, "%s", qry)
 
-	if ( req.status == 403 ) then
-		return "[ERROR] 403 Forbidden (invalid API key?)"
+	if ( req.status > 400 ) then
+		return "[ERROR] Request failed (invalid API key?)"
 	end
 
   --The Safe Lookup API responds with a type when site is on the lists 
@@ -93,7 +93,7 @@ action = function(host, port)
     end
   end
   --For the verbose lovers
-  if nmap.verbosity() >= 2 and not(malware_found) then
+  if req.status == 204 and nmap.verbosity() >= 2 and not(malware_found) then
     output_lns[#output_lns+1] = "Host is safe to browse."
   end