refactoring and adding clamav scanning backend

2025-10-10 20:26:16 +00:00 · 2020-10-20 17:08:40 +03:00
parent 7e63c77419
commit b1a2357b50
15 changed files with 128 additions and 46 deletions
--- a/MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
@@ -12,7 +12,12 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
    public abstract class AbstractLocalProcessScanBackend : AbstractScanBackend
    {
        private readonly ILogger _logger;
-        
+
+        protected AbstractLocalProcessScanBackend(ILogger logger)
+        {
+            _logger = logger;
+        }
+
        protected virtual Regex MatchRegex { get; }
        protected virtual string BackendPath { get; }
        protected virtual bool ParseStdErr { get; }
@@ -22,11 +27,6 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
            throw new NotImplementedException();
        }

-        protected AbstractLocalProcessScanBackend(ILogger logger)
-        {
-            _logger = logger;
-        }
-
        public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
        {
            var process = new Process
@@ -38,12 +38,12 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
                    WorkingDirectory = Path.GetDirectoryName(BackendPath) ?? Directory.GetCurrentDirectory()
                }
            };
-            
+
            _logger.LogInformation(
                $"Starting process {process.StartInfo.FileName} " +
                $"with arguments {process.StartInfo.Arguments} " +
                $"in working directory {process.StartInfo.WorkingDirectory}");
-            
+
            process.Start();

            cancellationToken.Register(() =>
@@ -51,14 +51,14 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
                if (!process.HasExited)
                    process.Kill(true);
            });
-            
+
            process.WaitForExit();

            _logger.LogInformation($"Process has exited with code {process.ExitCode}");

            var standardOutput = await process.StandardOutput.ReadToEndAsync();
            var standardError = await process.StandardError.ReadToEndAsync();
-            
+
            _logger.LogDebug($"Process standard output: {standardOutput}");
            _logger.LogDebug($"Process standard error: {standardError}");

--- a/MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
@@ -11,9 +11,9 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
    public abstract class AbstractScanBackend : IScanBackend
    {
        public virtual string Name => throw new NotImplementedException();
-        
+
        public virtual DateTime DatabaseLastUpdate => throw new NotImplementedException();
-        
+
        public virtual Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
        {
            throw new NotImplementedException();
@@ -23,14 +23,14 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
        {
            using var httpClient = new HttpClient();
            await using var uriStream = await httpClient.GetStreamAsync(uri);
-            
+
            return await ScanAsync(uriStream, cancellationToken);
        }

        public async Task<string[]> ScanAsync(IFormFile file, CancellationToken cancellationToken)
        {
            await using var fileStream = file.OpenReadStream();
-            
+
            return await ScanAsync(fileStream, cancellationToken);
        }

@@ -41,7 +41,9 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
            try
            {
                await using (var tempFileStream = File.OpenWrite(tempFile))
+                {
                    await stream.CopyToAsync(tempFileStream, cancellationToken);
+                }

                return await ScanAsync(tempFile, cancellationToken);
            }
--- a/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs
@@ -0,0 +1,32 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class ClamavScanBackend : AbstractLocalProcessScanBackend
+    {
+        public ClamavScanBackend(ILogger logger) : base(logger)
+        {
+        }
+        
+        public override string Name { get; } = "Clamav";
+        
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/var/lib/clamav/daily.cvd");
+
+        protected override string BackendPath { get; } = "/usr/bin/clamscan";
+        
+        protected override Regex MatchRegex { get; } =
+            new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
+        
+        protected override bool ParseStdErr { get; } = false;
+        
+        protected override string GetBackendArguments(string path)
+        {
+            return $"--no-summary {path}";
+        }
+    }
+}
--- a/MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
+++ b/MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
@@ -1,5 +1,4 @@
 using System;
-using System.Diagnostics;
 using System.IO;
 using System.Text.RegularExpressions;
 using MalwareMultiScan.Backends.Backends.Abstracts;
@@ -9,22 +8,26 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
 {
    public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
    {
+        public WindowsDefenderScanBackend(ILogger logger) : base(logger)
+        {
+        }
+
        public override string Name { get; } = "Windows Defender";

        public override DateTime DatabaseLastUpdate =>
            File.GetLastWriteTime("/opt/engine/mpavbase.vdm");

        protected override string BackendPath { get; } = "/opt/mpclient";
-        protected override Regex MatchRegex { get; } = 
-            new Regex(@"EngineScanCallback\(\)\: Threat (?<threat>[\S]+) identified", 
+
+        protected override Regex MatchRegex { get; } =
+            new Regex(@"EngineScanCallback\(\): Threat (?<threat>[\S]+) identified",
                RegexOptions.Compiled | RegexOptions.Multiline);
-        
+
        protected override bool ParseStdErr { get; } = true;

-        protected override string GetBackendArguments(string path) => path;
-
-        public WindowsDefenderScanBackend(ILogger logger) : base(logger)
+        protected override string GetBackendArguments(string path)
        {
+            return path;
        }
    }
 }
--- a/MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile
@@ -1,8 +1,10 @@
-FROM mindcollapse/malware-multi-scan-base:latest
+FROM mindcollapse/malware-multi-scan-worker:latest

 ENV DEBIAN_FRONTEND noninteractive

 RUN apt-get update && apt-get install -y clamav
 RUN freshclam --quiet

-ENV MULTI_SCAN_BACKEND_BIN=/usr/bin/clamscan
+ENV MULTI_SCAN_BACKEND_BIN=/usr/bin/clamscan
+
+ENV BackendType=Clamav
--- a/MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile
+++ b/MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile
@@ -18,5 +18,4 @@ RUN apt-get update && apt-get install -y libc6-i386
 COPY --from=backend /opt/loadlibrary/engine /opt/engine
 COPY --from=backend /opt/loadlibrary/mpclient /opt/mpclient

-ENV BackendType=Defender
-ENV ScanTimeout=300
+ENV BackendType=Defender