Mirrors/MalwareMultiScan
1
0
Fork 0
mirror of https://github.com/volodymyrsmirnov/MalwareMultiScan.git synced 2025-10-11 04:26:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

finished unit tests and docstrings

Browse Source
This commit is contained in:
Volodymyr Smirnov
2020-10-29 16:09:56 +02:00
parent b2902c128a
commit b68c285ce5
48 changed files with 910 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
View File

@@ -1,77 +1,64 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Abstracts
{
/// <inheritdoc />
public abstract class AbstractLocalProcessScanBackend : AbstractScanBackend
{
private readonly ILogger _logger;
private readonly IProcessRunner _processRunner;
protected AbstractLocalProcessScanBackend(ILogger logger)
/// <inheritdoc />
protected AbstractLocalProcessScanBackend(IProcessRunner processRunner)
{
_logger = logger;
_processRunner = processRunner;
}
/// <summary>
/// Regex to extract names of threats.
/// </summary>
protected abstract Regex MatchRegex { get; }
/// <summary>
/// Path to the backend.
/// </summary>
protected abstract string BackendPath { get; }
/// <summary>
/// Parse StdErr instead of StdOut.
/// </summary>
protected virtual bool ParseStdErr { get; } = false;
/// <summary>
/// Throw on non-zero exit code.
/// </summary>
protected virtual bool ThrowOnNonZeroExitCode { get; } = true;
/// <summary>
/// Get backend process parameters.
/// </summary>
/// <param name="path">Path to the temporary file.</param>
/// <returns>Formatted string with parameters and path.</returns>
protected abstract string GetBackendArguments(string path);
public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
/// <inheritdoc />
public override Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
var process = new Process
{
StartInfo = new ProcessStartInfo(BackendPath, GetBackendArguments(path))
{
RedirectStandardError = true,
RedirectStandardOutput = true,
WorkingDirectory = Path.GetDirectoryName(BackendPath) ?? Directory.GetCurrentDirectory()
}
};
var exitCode = _processRunner.RunTillCompletion(BackendPath, GetBackendArguments(path), cancellationToken,
out var standardOutput, out var standardError);
_logger.LogInformation(
$"Starting process {process.StartInfo.FileName} " +
$"with arguments {process.StartInfo.Arguments} " +
$"in working directory {process.StartInfo.WorkingDirectory}");
if (ThrowOnNonZeroExitCode && exitCode != 0)
throw new ApplicationException($"Process has terminated with an exit code {exitCode}");
process.Start();
cancellationToken.Register(() =>
{
if (process.HasExited)
return;
process.Kill(true);
throw new TimeoutException("Scanning failed to complete within the timeout");
});
process.WaitForExit();
_logger.LogInformation($"Process has exited with code {process.ExitCode}");
var standardOutput = await process.StandardOutput.ReadToEndAsync();
var standardError = await process.StandardError.ReadToEndAsync();
_logger.LogDebug($"Process standard output: {standardOutput}");
_logger.LogDebug($"Process standard error: {standardError}");
if (ThrowOnNonZeroExitCode && process.ExitCode != 0)
throw new ApplicationException($"Process has terminated with an exit code {process.ExitCode}");
return MatchRegex
return Task.FromResult(MatchRegex
.Matches(ParseStdErr ? standardError : standardOutput)
.Where(x => x.Success)
.Select(x => x.Groups["threat"].Value)
.ToArray();
.ToArray());
}
}
}

7
MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Diagnostics.CodeAnalysis;
using System.IO;
using System.Net.Http;
using System.Threading;
@@ -7,12 +8,17 @@ using MalwareMultiScan.Backends.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Abstracts
{
/// <inheritdoc />
[ExcludeFromCodeCoverage]
public abstract class AbstractScanBackend : IScanBackend
{
/// <inheritdoc />
public abstract string Id { get; }
/// <inheritdoc />
public abstract Task<string[]> ScanAsync(string path, CancellationToken cancellationToken);
/// <inheritdoc />
public async Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{
using var httpClient = new HttpClient();
@@ -22,6 +28,7 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
return await ScanAsync(uriStream, cancellationToken);
}
/// <inheritdoc />
public async Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{
var tempFile = Path.GetTempFileName();

11
MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs
View File

@@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class ClamavScanBackend : AbstractLocalProcessScanBackend
{
public ClamavScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public ClamavScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "clamav";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/bin/clamdscan";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-m --fdpass --no-summary {path}";

10
MalwareMultiScan.Backends/Backends/Implementations/ComodoScanBackend.cs
View File

@@ -1,23 +1,29 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class ComodoScanBackend : AbstractLocalProcessScanBackend
{
public ComodoScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public ComodoScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "comodo";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/COMODO/cmdscan";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* ---> Found Virus, Malware Name is (?<threat>.*)",
RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-v -s {path}";

10
MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
View File

@@ -1,22 +1,28 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class DrWebScanBackend : AbstractLocalProcessScanBackend
{
public DrWebScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public DrWebScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "drweb";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/bin/drweb-ctl";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"scan {path}";

7
MalwareMultiScan.Backends/Backends/Implementations/DummyScanBackend.cs
View File

@@ -6,20 +6,25 @@ using MalwareMultiScan.Backends.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class DummyScanBackend : IScanBackend
{
/// <inheritdoc />
public string Id { get; } = "dummy";
/// <inheritdoc />
public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
return Scan();
}
/// <inheritdoc />
public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{
return Scan();
}
/// <inheritdoc />
public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{
return Scan();
@@ -29,7 +34,7 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
{
await Task.Delay(
TimeSpan.FromSeconds(5));
return new[] {"Malware.Dummy.Result"};
}
}

10
MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs
View File

@@ -1,22 +1,28 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class KesScanBackend : AbstractLocalProcessScanBackend
{
public KesScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public KesScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "kes";
/// <inheritdoc />
protected override string BackendPath { get; } = "/bin/bash";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"/usr/bin/kesl-scan {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/McAfeeScanBackend.cs
View File

@@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class McAfeeScanBackend : AbstractLocalProcessScanBackend
{
public McAfeeScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public McAfeeScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "mcafee";
/// <inheritdoc />
protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan";
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@".* ... Found: (?<threat>.*).", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"--SECURE {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs
View File

@@ -1,24 +1,31 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class SophosScanBackend : AbstractLocalProcessScanBackend
{
public SophosScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public SophosScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "sophos";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan";
/// <inheritdoc />
protected override bool ThrowOnNonZeroExitCode { get; } = false;
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@">>> Virus '(?<threat>.*)' found in file .*", RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return $"-f -archive -ss {path}";

15
MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
View File

@@ -1,25 +1,32 @@
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;
using MalwareMultiScan.Backends.Services.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
/// <inheritdoc />
public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
{
public WindowsDefenderScanBackend(ILogger logger) : base(logger)
/// <inheritdoc />
public WindowsDefenderScanBackend(IProcessRunner processRunner) : base(processRunner)
{
}
/// <inheritdoc />
public override string Id { get; } = "windows-defender";
/// <inheritdoc />
protected override string BackendPath { get; } = "/opt/mpclient";
/// <inheritdoc />
protected override Regex MatchRegex { get; } =
new Regex(@"EngineScanCallback\(\): Threat (?<threat>[\S]+) identified",
RegexOptions.Compiled | RegexOptions.Multiline);
/// <inheritdoc />
protected override bool ParseStdErr { get; } = true;
/// <inheritdoc />
protected override string GetBackendArguments(string path)
{
return path;