kaspersky endpoint security scan backend

This commit is contained in:
Volodymyr Smirnov 2020-10-22 14:15:27 +03:00
parent 46974066a4
commit 45c86b8467
6 changed files with 70 additions and 7 deletions

View File

@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
protected override Regex MatchRegex { get; } =
new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
protected override bool ParseStdErr { get; } = false;
protected override string GetBackendArguments(string path)
{
return $"--no-summary {path}";

View File

@ -21,9 +21,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
protected override Regex MatchRegex { get; } =
new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);
protected override bool ParseStdErr { get; } = false;
protected override string GetBackendArguments(string path)
{
return $"scan {path}";

View File

@ -0,0 +1,30 @@
using System;
using System.IO;
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
public class KesScanBackend : AbstractLocalProcessScanBackend
{
public KesScanBackend(ILogger logger) : base(logger)
{
}
public override string Id { get; } = "kes";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/var/opt/kaspersky/kesl/common/updates/avbases/klsrl.dat");
protected override string BackendPath { get; } = "/bin/bash";
protected override Regex MatchRegex { get; } =
new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline);
protected override string GetBackendArguments(string path)
{
return $"/usr/bin/kesl-scan {path}";
}
}
}

View File

@ -0,0 +1,35 @@
FROM mindcollapse/malware-multi-scan-worker:latest
ARG KES_KEY
ENV KES_KEY=$KES_KEY
ARG KES_URL=https://products.s.kaspersky-labs.com/endpoints/keslinux10/10.1.1.6421/multilanguage-10.1.1.6421/babce9ef/kesl_10.1.1-6421_amd64.deb
ENV KES_URL=$KES_URL
RUN apt-get update && apt-get install make gcc wget perl procps -y
RUN wget -q $KES_URL -O /tmp/kesl.deb && dpkg -i /tmp/kesl.deb && rm -f /tmp/kesl.deb
RUN printf "\
EULA_AGREED=yes \n\
PRIVACY_POLICY_AGREED=yes \n\
USE_KSN=yes \n\
UPDATER_SOURCE=KLServers \n\
PROXY_SERVER=none \n\
UPDATE_EXECUTE=yes \n\
IMPORT_SETTINGS=yes \n\
USE_GUI=no \n\
INSTALL_LICENSE=$KES_KEY\
" > /tmp/kesl_autoinstall
RUN /opt/kaspersky/kesl/bin/kesl-setup.pl --autoinstall=/tmp/kesl_autoinstall || exit 0
RUN printf '\
#!/bin/bash \n\
kesl-control --scan-file $1 > /dev/null \n\
kesl-control -B --query "FileName == \"$1\"" 2> /dev/null \n\
exit $? \
' > /usr/bin/kesl-scan && chmod +x /usr/bin/kesl-scan
ENV BackendType=Kes
ENTRYPOINT /etc/init.d/kesl-supervisor start && /worker/MalwareMultiScan.Worker

View File

@ -4,6 +4,7 @@ namespace MalwareMultiScan.Shared.Data.Enums
{
Defender,
Clamav,
DrWeb
DrWeb,
Kes
}
}

View File

@ -34,6 +34,7 @@ namespace MalwareMultiScan.Worker.Jobs
BackendType.Defender => new WindowsDefenderScanBackend(logger),
BackendType.Clamav => new ClamavScanBackend(logger),
BackendType.DrWeb => new DrWebScanBackend(logger),
BackendType.Kes => new KesScanBackend(logger),
_ => throw new NotImplementedException()
};
}