diff --git a/MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs new file mode 100644 index 0000000..1970951 --- /dev/null +++ b/MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs @@ -0,0 +1,32 @@ +using System; +using System.IO; +using System.Text.RegularExpressions; +using MalwareMultiScan.Backends.Backends.Abstracts; +using Microsoft.Extensions.Logging; + +namespace MalwareMultiScan.Backends.Backends.Implementations +{ + public class McAfeeScanBackend : AbstractLocalProcessScanBackend + { + public McAfeeScanBackend(ILogger logger) : base(logger) + { + } + + public override string Id { get; } = "mcafeee"; + + public override DateTime DatabaseLastUpdate => + File.GetLastWriteTime("/usr/local/uvscan/avvscan.dat"); + + protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan"; + + protected override bool ThrowOnNonZeroExitCode { get; } = false; + + protected override Regex MatchRegex { get; } = + new Regex(@".* ... Found: (?.*).", RegexOptions.Compiled | RegexOptions.Multiline); + + protected override string GetBackendArguments(string path) + { + return $"--SECURE {path}"; + } + } +} \ No newline at end of file diff --git a/MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs new file mode 100644 index 0000000..d363a77 --- /dev/null +++ b/MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs @@ -0,0 +1,32 @@ +using System; +using System.IO; +using System.Text.RegularExpressions; +using MalwareMultiScan.Backends.Backends.Abstracts; +using Microsoft.Extensions.Logging; + +namespace MalwareMultiScan.Backends.Backends.Implementations +{ + public class SophosScanBackend : AbstractLocalProcessScanBackend + { + public SophosScanBackend(ILogger logger) : base(logger) + { + } + + public override string Id { get; } = "sophos"; + + public override DateTime DatabaseLastUpdate => + File.GetLastWriteTime("/opt/sophos-av/lib/sav/vdlsync.upd"); + + protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan"; + + protected override bool ThrowOnNonZeroExitCode { get; } = false; + + protected override Regex MatchRegex { get; } = + new Regex(@">>> Virus '(?.*)' found in file .*", RegexOptions.Compiled | RegexOptions.Multiline); + + protected override string GetBackendArguments(string path) + { + return $"-f -archive -ss {path}"; + } + } +} \ No newline at end of file diff --git a/MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile b/MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile new file mode 100644 index 0000000..b8dd8d4 --- /dev/null +++ b/MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile @@ -0,0 +1,19 @@ +FROM mindcollapse/malware-multi-scan-worker:latest + +RUN apt-get update && apt-get install unzip wget -y + +WORKDIR /tmp + +RUN wget -q http://b2b-download.mcafee.com/products/evaluation/vcl/l64/vscl-l64-604-e.tar.gz && \ + mkdir -p /usr/local/uvscan && \ + tar -xzf vscl-l64-604-e.tar.gz -C /usr/local/uvscan + +RUN wget -q -Nc -r -nd -l1 -A "avvepo????dat.zip" http://download.nai.com/products/DatFiles/4.x/nai/ && \ + for avvepo in `ls avvepo*`; do unzip -o $avvepo; done && \ + for avvdat in `ls avvdat-*`; do unzip -o $avvdat -d /usr/local/uvscan; done && \ + /usr/local/uvscan/uvscan --decompress && \ + rm -rf /tmp/* + +WORKDIR /worker + +ENV BackendType=McAfee \ No newline at end of file diff --git a/MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile b/MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile new file mode 100644 index 0000000..ce57e8b --- /dev/null +++ b/MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile @@ -0,0 +1,13 @@ +FROM mindcollapse/malware-multi-scan-worker:latest + +RUN apt-get update && apt-get install wget -y + +ARG SOPHOS_URL=https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/a9f5bc85ee950653ef0775ca1402120c/SophosInstall.sh +ENV SOPHOS_URL=$SOPHOS_URL + +RUN wget -q $SOPHOS_URL -O /tmp/SophosInstall.sh && \ + chmod +x /tmp/SophosInstall.sh && \ + /tmp/SophosInstall.sh --automatic --acceptlicence || exit 0 + +ENV BackendType=Sophos + diff --git a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs index 430959c..31e4fea 100644 --- a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs +++ b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs @@ -6,6 +6,8 @@ namespace MalwareMultiScan.Shared.Data.Enums Clamav, DrWeb, Kes, - Comodo + Comodo, + Sophos, + McAfee } } \ No newline at end of file diff --git a/MalwareMultiScan.Worker/Jobs/ScanJob.cs b/MalwareMultiScan.Worker/Jobs/ScanJob.cs index 863eb14..9fa7c05 100644 --- a/MalwareMultiScan.Worker/Jobs/ScanJob.cs +++ b/MalwareMultiScan.Worker/Jobs/ScanJob.cs @@ -36,6 +36,8 @@ namespace MalwareMultiScan.Worker.Jobs BackendType.DrWeb => new DrWebScanBackend(logger), BackendType.Kes => new KesScanBackend(logger), BackendType.Comodo => new ComodoScanBackend(logger), + BackendType.Sophos => new SophosScanBackend(logger), + BackendType.McAfee => new McAfeeScanBackend(logger), _ => throw new NotImplementedException() }; }