Mirrors/MalwareMultiScan
1
0
Fork 0
mirror of https://github.com/volodymyrsmirnov/MalwareMultiScan.git synced 2025-10-11 04:26:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactoring and adding clamav scanning backend

Browse Source
This commit is contained in:
Volodymyr Smirnov
2020-10-20 17:08:40 +03:00
parent 7e63c77419
commit b1a2357b50
15 changed files with 128 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
View File

@@ -12,7 +12,12 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
public abstract class AbstractLocalProcessScanBackend : AbstractScanBackend
{
private readonly ILogger _logger;
protected AbstractLocalProcessScanBackend(ILogger logger)
{
_logger = logger;
}
protected virtual Regex MatchRegex { get; }
protected virtual string BackendPath { get; }
protected virtual bool ParseStdErr { get; }
@@ -22,11 +27,6 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
throw new NotImplementedException();
}
protected AbstractLocalProcessScanBackend(ILogger logger)
{
_logger = logger;
}
public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
var process = new Process
@@ -38,12 +38,12 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
WorkingDirectory = Path.GetDirectoryName(BackendPath) ?? Directory.GetCurrentDirectory()
}
};
_logger.LogInformation(
$"Starting process {process.StartInfo.FileName} " +
$"with arguments {process.StartInfo.Arguments} " +
$"in working directory {process.StartInfo.WorkingDirectory}");
process.Start();
cancellationToken.Register(() =>
@@ -51,14 +51,14 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
if (!process.HasExited)
process.Kill(true);
});
process.WaitForExit();
_logger.LogInformation($"Process has exited with code {process.ExitCode}");
var standardOutput = await process.StandardOutput.ReadToEndAsync();
var standardError = await process.StandardError.ReadToEndAsync();
_logger.LogDebug($"Process standard output: {standardOutput}");
_logger.LogDebug($"Process standard error: {standardError}");

10
MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
View File

@@ -11,9 +11,9 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
public abstract class AbstractScanBackend : IScanBackend
{
public virtual string Name => throw new NotImplementedException();
public virtual DateTime DatabaseLastUpdate => throw new NotImplementedException();
public virtual Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
throw new NotImplementedException();
@@ -23,14 +23,14 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
{
using var httpClient = new HttpClient();
await using var uriStream = await httpClient.GetStreamAsync(uri);
return await ScanAsync(uriStream, cancellationToken);
}
public async Task<string[]> ScanAsync(IFormFile file, CancellationToken cancellationToken)
{
await using var fileStream = file.OpenReadStream();
return await ScanAsync(fileStream, cancellationToken);
}
@@ -41,7 +41,9 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
try
{
await using (var tempFileStream = File.OpenWrite(tempFile))
{
await stream.CopyToAsync(tempFileStream, cancellationToken);
}
return await ScanAsync(tempFile, cancellationToken);
}

32
MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs Normal file
View File

@@ -0,0 +1,32 @@
using System;
using System.IO;
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
public class ClamavScanBackend : AbstractLocalProcessScanBackend
{
public ClamavScanBackend(ILogger logger) : base(logger)
{
}
public override string Name { get; } = "Clamav";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/var/lib/clamav/daily.cvd");
protected override string BackendPath { get; } = "/usr/bin/clamscan";
protected override Regex MatchRegex { get; } =
new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
protected override bool ParseStdErr { get; } = false;
protected override string GetBackendArguments(string path)
{
return $"--no-summary {path}";
}
}
}

17
MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
View File

@@ -1,5 +1,4 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
@@ -9,22 +8,26 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
{
public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
{
public WindowsDefenderScanBackend(ILogger logger) : base(logger)
{
}
public override string Name { get; } = "Windows Defender";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/opt/engine/mpavbase.vdm");
protected override string BackendPath { get; } = "/opt/mpclient";
protected override Regex MatchRegex { get; } =
new Regex(@"EngineScanCallback\(\)\: Threat (?<threat>[\S]+) identified",
protected override Regex MatchRegex { get; } =
new Regex(@"EngineScanCallback\(\): Threat (?<threat>[\S]+) identified",
RegexOptions.Compiled | RegexOptions.Multiline);
protected override bool ParseStdErr { get; } = true;
protected override string GetBackendArguments(string path) => path;
public WindowsDefenderScanBackend(ILogger logger) : base(logger)
protected override string GetBackendArguments(string path)
{
return path;
}
}
}