kaspersky endpoint security scan backend

MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs

@@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
         
         protected override Regex MatchRegex { get; } =
             new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
-        
+
-        protected override bool ParseStdErr { get; } = false;
-        
         protected override string GetBackendArguments(string path)
         {
             return $"--no-summary {path}";

MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs

@@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
         
         protected override Regex MatchRegex { get; } =
             new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);
-        
+
-        protected override bool ParseStdErr { get; } = false;
-        
         protected override string GetBackendArguments(string path)
         {
             return $"scan {path}";

MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs

@@ -0,0 +1,30 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class KesScanBackend : AbstractLocalProcessScanBackend
+    {
+        public KesScanBackend(ILogger logger) : base(logger)
+        {
+        }
+        
+        public override string Id { get; } = "kes";
+        
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/var/opt/kaspersky/kesl/common/updates/avbases/klsrl.dat");
+
+        protected override string BackendPath { get; } = "/bin/bash";
+        
+        protected override Regex MatchRegex { get; } =
+            new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline);
+
+        protected override string GetBackendArguments(string path)
+        {
+            return $"/usr/bin/kesl-scan {path}";
+        }
+    }
+}

MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile

@@ -0,0 +1,35 @@
+FROM mindcollapse/malware-multi-scan-worker:latest
+
+ARG KES_KEY
+ENV KES_KEY=$KES_KEY
+
+ARG KES_URL=https://products.s.kaspersky-labs.com/endpoints/keslinux10/10.1.1.6421/multilanguage-10.1.1.6421/babce9ef/kesl_10.1.1-6421_amd64.deb
+ENV KES_URL=$KES_URL
+
+RUN apt-get update && apt-get install make gcc wget perl procps -y
+RUN wget -q $KES_URL -O /tmp/kesl.deb && dpkg -i /tmp/kesl.deb && rm -f /tmp/kesl.deb
+
+RUN printf "\
+EULA_AGREED=yes \n\
+PRIVACY_POLICY_AGREED=yes \n\
+USE_KSN=yes \n\
+UPDATER_SOURCE=KLServers \n\
+PROXY_SERVER=none \n\
+UPDATE_EXECUTE=yes \n\
+IMPORT_SETTINGS=yes \n\
+USE_GUI=no \n\
+INSTALL_LICENSE=$KES_KEY\
+" > /tmp/kesl_autoinstall
+
+RUN /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=/tmp/kesl_autoinstall || exit 0
+
+RUN printf '\
+#!/bin/bash \n\
+kesl-control --scan-file $1 > /dev/null \n\
+kesl-control -B --query "FileName == \"$1\"" 2> /dev/null \n\
+exit $? \
+' > /usr/bin/kesl-scan && chmod +x /usr/bin/kesl-scan
+
+ENV BackendType=Kes
+
+ENTRYPOINT /etc/init.d/kesl-supervisor start && /worker/MalwareMultiScan.Worker

MalwareMultiScan.Shared/Data/Enums/BackendType.cs

@@ -4,6 +4,7 @@ namespace MalwareMultiScan.Shared.Data.Enums
     {
         Defender,
         Clamav,
-        DrWeb
+        DrWeb,
+        Kes
     }
 }

MalwareMultiScan.Worker/Jobs/ScanJob.cs

@@ -34,6 +34,7 @@ namespace MalwareMultiScan.Worker.Jobs
                 BackendType.Defender => new WindowsDefenderScanBackend(logger),
                 BackendType.Clamav => new ClamavScanBackend(logger),
                 BackendType.DrWeb => new DrWebScanBackend(logger),
+                BackendType.Kes => new KesScanBackend(logger),
                 _ => throw new NotImplementedException()
             };
         }