diff --git a/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs index 4aa8af4..2aa6e69 100644 --- a/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs +++ b/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs @@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations protected override Regex MatchRegex { get; } = new Regex(@"(\S+): (?[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline); - - protected override bool ParseStdErr { get; } = false; - + protected override string GetBackendArguments(string path) { return $"--no-summary {path}"; diff --git a/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs index 203dad4..ba8d11b 100644 --- a/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs +++ b/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs @@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations protected override Regex MatchRegex { get; } = new Regex(@".* - infected with (?[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline); - - protected override bool ParseStdErr { get; } = false; - + protected override string GetBackendArguments(string path) { return $"scan {path}"; diff --git a/MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs new file mode 100644 index 0000000..89b9b3b --- /dev/null +++ b/MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs @@ -0,0 +1,30 @@ +using System; +using System.IO; +using System.Text.RegularExpressions; +using MalwareMultiScan.Backends.Backends.Abstracts; +using Microsoft.Extensions.Logging; + +namespace MalwareMultiScan.Backends.Backends.Implementations +{ + public class KesScanBackend : AbstractLocalProcessScanBackend + { + public KesScanBackend(ILogger logger) : base(logger) + { + } + + public override string Id { get; } = "kes"; + + public override DateTime DatabaseLastUpdate => + File.GetLastWriteTime("/var/opt/kaspersky/kesl/common/updates/avbases/klsrl.dat"); + + protected override string BackendPath { get; } = "/bin/bash"; + + protected override Regex MatchRegex { get; } = + new Regex(@"[ +]DetectName.*: (?.*)", RegexOptions.Compiled | RegexOptions.Multiline); + + protected override string GetBackendArguments(string path) + { + return $"/usr/bin/kesl-scan {path}"; + } + } +} \ No newline at end of file diff --git a/MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile b/MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile new file mode 100644 index 0000000..5a7fbd6 --- /dev/null +++ b/MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile @@ -0,0 +1,35 @@ +FROM mindcollapse/malware-multi-scan-worker:latest + +ARG KES_KEY +ENV KES_KEY=$KES_KEY + +ARG KES_URL=https://products.s.kaspersky-labs.com/endpoints/keslinux10/10.1.1.6421/multilanguage-10.1.1.6421/babce9ef/kesl_10.1.1-6421_amd64.deb +ENV KES_URL=$KES_URL + +RUN apt-get update && apt-get install make gcc wget perl procps -y +RUN wget -q $KES_URL -O /tmp/kesl.deb && dpkg -i /tmp/kesl.deb && rm -f /tmp/kesl.deb + +RUN printf "\ +EULA_AGREED=yes \n\ +PRIVACY_POLICY_AGREED=yes \n\ +USE_KSN=yes \n\ +UPDATER_SOURCE=KLServers \n\ +PROXY_SERVER=none \n\ +UPDATE_EXECUTE=yes \n\ +IMPORT_SETTINGS=yes \n\ +USE_GUI=no \n\ +INSTALL_LICENSE=$KES_KEY\ +" > /tmp/kesl_autoinstall + +RUN /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=/tmp/kesl_autoinstall || exit 0 + +RUN printf '\ +#!/bin/bash \n\ +kesl-control --scan-file $1 > /dev/null \n\ +kesl-control -B --query "FileName == \"$1\"" 2> /dev/null \n\ +exit $? \ +' > /usr/bin/kesl-scan && chmod +x /usr/bin/kesl-scan + +ENV BackendType=Kes + +ENTRYPOINT /etc/init.d/kesl-supervisor start && /worker/MalwareMultiScan.Worker \ No newline at end of file diff --git a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs index 8694dd4..2b4ba14 100644 --- a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs +++ b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs @@ -4,6 +4,7 @@ namespace MalwareMultiScan.Shared.Data.Enums { Defender, Clamav, - DrWeb + DrWeb, + Kes } } \ No newline at end of file diff --git a/MalwareMultiScan.Worker/Jobs/ScanJob.cs b/MalwareMultiScan.Worker/Jobs/ScanJob.cs index 02818f2..eb61065 100644 --- a/MalwareMultiScan.Worker/Jobs/ScanJob.cs +++ b/MalwareMultiScan.Worker/Jobs/ScanJob.cs @@ -34,6 +34,7 @@ namespace MalwareMultiScan.Worker.Jobs BackendType.Defender => new WindowsDefenderScanBackend(logger), BackendType.Clamav => new ClamavScanBackend(logger), BackendType.DrWeb => new DrWebScanBackend(logger), + BackendType.Kes => new KesScanBackend(logger), _ => throw new NotImplementedException() }; }