add sophos and mcafee scan backend

2025-08-24 05:22:22 +00:00 · 2020-10-22 21:27:16 +03:00 · 2020-10-22 21:27:16 +03:00 · 22ef94f527
commit 22ef94f527
parent e8f104168f
6 changed files with 101 additions and 1 deletions
--- a/MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs
@ -0,0 +1,32 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class McAfeeScanBackend : AbstractLocalProcessScanBackend
+    {
+        public McAfeeScanBackend(ILogger logger) : base(logger)
+        {
+        }
+        
+        public override string Id { get; } = "mcafeee";
+        
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/usr/local/uvscan/avvscan.dat");
+
+        protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan";
+        
+        protected override bool ThrowOnNonZeroExitCode { get; } = false;
+
+        protected override Regex MatchRegex { get; } =
+            new Regex(@".* ... Found: (?<threat>.*).", RegexOptions.Compiled | RegexOptions.Multiline);
+
+        protected override string GetBackendArguments(string path)
+        {
+            return $"--SECURE {path}";
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs
@ -0,0 +1,32 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class SophosScanBackend : AbstractLocalProcessScanBackend
+    {
+        public SophosScanBackend(ILogger logger) : base(logger)
+        {
+        }
+        
+        public override string Id { get; } = "sophos";
+        
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/opt/sophos-av/lib/sav/vdlsync.upd");
+
+        protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan";
+
+        protected override bool ThrowOnNonZeroExitCode { get; } = false;
+
+        protected override Regex MatchRegex { get; } =
+            new Regex(@">>> Virus '(?<threat>.*)' found in file .*", RegexOptions.Compiled | RegexOptions.Multiline);
+
+        protected override string GetBackendArguments(string path)
+        {
+            return $"-f -archive -ss {path}";
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile
@ -0,0 +1,19 @@
+FROM mindcollapse/malware-multi-scan-worker:latest
+
+RUN apt-get update && apt-get install unzip wget -y
+
+WORKDIR /tmp
+
+RUN wget -q http://b2b-download.mcafee.com/products/evaluation/vcl/l64/vscl-l64-604-e.tar.gz && \
+    mkdir -p /usr/local/uvscan && \
+    tar -xzf vscl-l64-604-e.tar.gz -C /usr/local/uvscan
+    
+RUN wget -q -Nc -r -nd -l1 -A "avvepo????dat.zip" http://download.nai.com/products/DatFiles/4.x/nai/ && \
+    for avvepo in `ls avvepo*`; do unzip -o $avvepo; done && \
+    for avvdat in `ls avvdat-*`; do unzip -o $avvdat -d /usr/local/uvscan; done && \
+    /usr/local/uvscan/uvscan --decompress && \
+    rm -rf /tmp/*
+
+WORKDIR /worker
+
+ENV BackendType=McAfee
--- a/MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile
@ -0,0 +1,13 @@
+FROM mindcollapse/malware-multi-scan-worker:latest
+
+RUN apt-get update && apt-get install wget -y
+
+ARG SOPHOS_URL=https://api-cloudstation-eu-central-1.prod.hydra.sophos.com/api/download/a9f5bc85ee950653ef0775ca1402120c/SophosInstall.sh
+ENV SOPHOS_URL=$SOPHOS_URL
+
+RUN wget -q $SOPHOS_URL -O /tmp/SophosInstall.sh && \
+    chmod +x /tmp/SophosInstall.sh && \
+    /tmp/SophosInstall.sh --automatic --acceptlicence || exit 0
+    
+ENV BackendType=Sophos
+
--- a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs
+++ b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs
@ -6,6 +6,8 @@ namespace MalwareMultiScan.Shared.Data.Enums
        Clamav,
        DrWeb,
        Kes,
-        Comodo
+        Comodo,
+        Sophos,
+        McAfee
    }
 }
--- a/MalwareMultiScan.Worker/Jobs/ScanJob.cs
+++ b/MalwareMultiScan.Worker/Jobs/ScanJob.cs
@ -36,6 +36,8 @@ namespace MalwareMultiScan.Worker.Jobs
                BackendType.DrWeb => new DrWebScanBackend(logger),
                BackendType.Kes => new KesScanBackend(logger),
                BackendType.Comodo => new ComodoScanBackend(logger),
+                BackendType.Sophos => new SophosScanBackend(logger),
+                BackendType.McAfee => new McAfeeScanBackend(logger),
                _ => throw new NotImplementedException()
            };
        }