initial commit of a worker skeleton

2025-10-10 20:26:16 +00:00 · 2020-10-20 16:20:38 +03:00
commit 7e63c77419
28 changed files with 665 additions and 0 deletions
--- a/MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
@@ -0,0 +1,72 @@
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using System.Text.RegularExpressions;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Abstracts
+{
+    public abstract class AbstractLocalProcessScanBackend : AbstractScanBackend
+    {
+        private readonly ILogger _logger;
+        
+        protected virtual Regex MatchRegex { get; }
+        protected virtual string BackendPath { get; }
+        protected virtual bool ParseStdErr { get; }
+
+        protected virtual string GetBackendArguments(string path)
+        {
+            throw new NotImplementedException();
+        }
+
+        protected AbstractLocalProcessScanBackend(ILogger logger)
+        {
+            _logger = logger;
+        }
+
+        public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
+        {
+            var process = new Process
+            {
+                StartInfo = new ProcessStartInfo(BackendPath, GetBackendArguments(path))
+                {
+                    RedirectStandardError = true,
+                    RedirectStandardOutput = true,
+                    WorkingDirectory = Path.GetDirectoryName(BackendPath) ?? Directory.GetCurrentDirectory()
+                }
+            };
+            
+            _logger.LogInformation(
+                $"Starting process {process.StartInfo.FileName} " +
+                $"with arguments {process.StartInfo.Arguments} " +
+                $"in working directory {process.StartInfo.WorkingDirectory}");
+            
+            process.Start();
+
+            cancellationToken.Register(() =>
+            {
+                if (!process.HasExited)
+                    process.Kill(true);
+            });
+            
+            process.WaitForExit();
+
+            _logger.LogInformation($"Process has exited with code {process.ExitCode}");
+
+            var standardOutput = await process.StandardOutput.ReadToEndAsync();
+            var standardError = await process.StandardError.ReadToEndAsync();
+            
+            _logger.LogDebug($"Process standard output: {standardOutput}");
+            _logger.LogDebug($"Process standard error: {standardError}");
+
+            return MatchRegex
+                .Matches(ParseStdErr ? standardError : standardOutput)
+                .Where(x => x.Success)
+                .Select(x => x.Groups["threat"].Value)
+                .ToArray();
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
@@ -0,0 +1,54 @@
+using System;
+using System.IO;
+using System.Net.Http;
+using System.Threading;
+using System.Threading.Tasks;
+using MalwareMultiScan.Shared.Interfaces;
+using Microsoft.AspNetCore.Http;
+
+namespace MalwareMultiScan.Backends.Backends.Abstracts
+{
+    public abstract class AbstractScanBackend : IScanBackend
+    {
+        public virtual string Name => throw new NotImplementedException();
+        
+        public virtual DateTime DatabaseLastUpdate => throw new NotImplementedException();
+        
+        public virtual Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
+        {
+            throw new NotImplementedException();
+        }
+
+        public async Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
+        {
+            using var httpClient = new HttpClient();
+            await using var uriStream = await httpClient.GetStreamAsync(uri);
+            
+            return await ScanAsync(uriStream, cancellationToken);
+        }
+
+        public async Task<string[]> ScanAsync(IFormFile file, CancellationToken cancellationToken)
+        {
+            await using var fileStream = file.OpenReadStream();
+            
+            return await ScanAsync(fileStream, cancellationToken);
+        }
+
+        public async Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
+        {
+            var tempFile = Path.GetTempFileName();
+
+            try
+            {
+                await using (var tempFileStream = File.OpenWrite(tempFile))
+                    await stream.CopyToAsync(tempFileStream, cancellationToken);
+
+                return await ScanAsync(tempFile, cancellationToken);
+            }
+            finally
+            {
+                File.Delete(tempFile);
+            }
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
@@ -0,0 +1,30 @@
+using System;
+using System.Diagnostics;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
+    {
+        public override string Name { get; } = "Windows Defender";
+
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/opt/engine/mpavbase.vdm");
+
+        protected override string BackendPath { get; } = "/opt/mpclient";
+        protected override Regex MatchRegex { get; } = 
+            new Regex(@"EngineScanCallback\(\)\: Threat (?<threat>[\S]+) identified", 
+                RegexOptions.Compiled | RegexOptions.Multiline);
+        
+        protected override bool ParseStdErr { get; } = true;
+
+        protected override string GetBackendArguments(string path) => path;
+
+        public WindowsDefenderScanBackend(ILogger logger) : base(logger)
+        {
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile
@@ -0,0 +1,8 @@
+FROM mindcollapse/malware-multi-scan-base:latest
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get update && apt-get install -y clamav
+RUN freshclam --quiet
+
+ENV MULTI_SCAN_BACKEND_BIN=/usr/bin/clamscan
--- a/MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile
@@ -0,0 +1,22 @@
+FROM ubuntu:bionic AS backend
+
+RUN apt-get update
+RUN apt-get install -y build-essential ca-certificates cabextract libc6-dev-i386 git-core curl
+
+WORKDIR /opt/loadlibrary
+RUN git clone https://github.com/taviso/loadlibrary.git /opt/loadlibrary
+RUN make
+
+WORKDIR /opt/loadlibrary/engine
+RUN curl -L "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" --output mpan-fe.exe
+RUN cabextract mpan-fe.exe && rm mpan-fe.exe
+
+FROM mindcollapse/malware-multi-scan-worker:latest
+
+RUN apt-get update && apt-get install -y libc6-i386
+
+COPY --from=backend /opt/loadlibrary/engine /opt/engine
+COPY --from=backend /opt/loadlibrary/mpclient /opt/mpclient
+
+ENV BackendType=Defender
+ENV ScanTimeout=300
--- a/MalwareMultiScan.Backends/MalwareMultiScan.Backends.csproj
+++ b/MalwareMultiScan.Backends/MalwareMultiScan.Backends.csproj
@@ -0,0 +1,11 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+    <PropertyGroup>
+        <TargetFramework>netcoreapp3.1</TargetFramework>
+    </PropertyGroup>
+
+    <ItemGroup>
+      <ProjectReference Include="..\MalwareMultiScan.Shared\MalwareMultiScan.Shared.csproj" />
+    </ItemGroup>
+
+</Project>