From d4703df14df88b4d637bf5df31ff8f2c4ed867ea Mon Sep 17 00:00:00 2001
From: Volodymyr Smirnov <v.smirnov@apptimized.com>
Date: Wed, 21 Oct 2020 17:33:58 +0300
Subject: [PATCH] dr.web scanning backend

---
 .../Dockerfiles_DrWeb_Dockerfile.xml          | 24 ++++++++++++++
 .../Implementations/DrWebScanBackend.cs       | 32 +++++++++++++++++++
 .../Dockerfiles/DrWeb.Dockerfile              | 28 ++++++++++++++++
 .../Data/Enums/BackendType.cs                 |  3 +-
 MalwareMultiScan.Worker/Jobs/ScanJob.cs       |  1 +
 5 files changed, 87 insertions(+), 1 deletion(-)
 create mode 100644 .idea/.idea.MalwareMultiScan/.idea/runConfigurations/Dockerfiles_DrWeb_Dockerfile.xml
 create mode 100644 MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
 create mode 100644 MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile

diff --git a/.idea/.idea.MalwareMultiScan/.idea/runConfigurations/Dockerfiles_DrWeb_Dockerfile.xml b/.idea/.idea.MalwareMultiScan/.idea/runConfigurations/Dockerfiles_DrWeb_Dockerfile.xml
new file mode 100644
index 0000000..2cbe74d
--- /dev/null
+++ b/.idea/.idea.MalwareMultiScan/.idea/runConfigurations/Dockerfiles_DrWeb_Dockerfile.xml
@@ -0,0 +1,24 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="Dockerfiles/DrWeb.Dockerfile" type="docker-deploy" factoryName="dockerfile" server-name="Docker">
+    <deployment type="dockerfile">
+      <settings>
+        <option name="imageTag" value="mindcollapse/malware-multi-scan-worker-drweb" />
+        <option name="buildCliOptions" value="" />
+        <option name="command" value="" />
+        <option name="containerName" value="malware-multi-scan-worker-drweb" />
+        <option name="entrypoint" value="" />
+        <option name="portBindings">
+          <list>
+            <DockerPortBindingImpl>
+              <option name="containerPort" value="9901" />
+              <option name="hostPort" value="9901" />
+            </DockerPortBindingImpl>
+          </list>
+        </option>
+        <option name="commandLineOptions" value="" />
+        <option name="sourceFilePath" value="MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile" />
+      </settings>
+    </deployment>
+    <method v="2" />
+  </configuration>
+</component>
\ No newline at end of file
diff --git a/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs b/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
new file mode 100644
index 0000000..203dad4
--- /dev/null
+++ b/MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
@@ -0,0 +1,32 @@
+using System;
+using System.IO;
+using System.Text.RegularExpressions;
+using MalwareMultiScan.Backends.Backends.Abstracts;
+using Microsoft.Extensions.Logging;
+
+namespace MalwareMultiScan.Backends.Backends.Implementations
+{
+    public class DrWebScanBackend : AbstractLocalProcessScanBackend
+    {
+        public DrWebScanBackend(ILogger logger) : base(logger)
+        {
+        }
+        
+        public override string Id { get; } = "drweb";
+        
+        public override DateTime DatabaseLastUpdate =>
+            File.GetLastWriteTime("/var/opt/drweb.com/version/version.ini");
+
+        protected override string BackendPath { get; } = "/usr/bin/drweb-ctl";
+        
+        protected override Regex MatchRegex { get; } =
+            new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);
+        
+        protected override bool ParseStdErr { get; } = false;
+        
+        protected override string GetBackendArguments(string path)
+        {
+            return $"scan {path}";
+        }
+    }
+}
\ No newline at end of file
diff --git a/MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile b/MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile
new file mode 100644
index 0000000..168156f
--- /dev/null
+++ b/MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile
@@ -0,0 +1,28 @@
+FROM mindcollapse/malware-multi-scan-worker:latest
+
+ARG DRWEB_KEY
+ENV DRWEB_KEY=$DRWEB_KEY
+
+ARG DRWEB_URL=https://download.geo.drweb.com/pub/drweb/unix/workstation/11.1/drweb-11.1.1-av-linux-amd64.run
+ENV DRWEB_URL=$DRWEB_URL
+
+RUN apt-get update && apt-get install build-essential ca-certificates wget -y
+
+RUN wget -q $DRWEB_URL -O /tmp/drweb.run && \
+    chmod +x /tmp/drweb.run && \
+    DRWEB_NON_INTERACTIVE=yes /tmp/drweb.run && \
+    rm -f /tmp/drweb.run
+
+RUN /opt/drweb.com/bin/drweb-configd -d -p /var/run/drweb-configd.pid && \
+    if [ -z "$DRWEB_KEY" ]; then drweb-ctl license --GetDemo; \
+    else drweb-ctl license --GetRegistered "$DRWEB_KEY"; \
+    fi && kill $(cat /var/run/drweb-configd.pid) 
+    
+RUN /opt/drweb.com/bin/drweb-configd -d -p /var/run/drweb-configd.pid && \
+    (drweb-ctl update --Stop || exit 0) && \
+    drweb-ctl update && \
+    kill $(cat /var/run/drweb-configd.pid)
+    
+ENV BackendType=DrWeb
+    
+ENTRYPOINT /opt/drweb.com/bin/drweb-configd -d -p /var/run/drweb-configd.pid && /worker/MalwareMultiScan.Worker
\ No newline at end of file
diff --git a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs
index ff69881..8694dd4 100644
--- a/MalwareMultiScan.Shared/Data/Enums/BackendType.cs
+++ b/MalwareMultiScan.Shared/Data/Enums/BackendType.cs
@@ -3,6 +3,7 @@ namespace MalwareMultiScan.Shared.Data.Enums
     public enum BackendType
     {
         Defender,
-        Clamav
+        Clamav,
+        DrWeb
     }
 }
\ No newline at end of file
diff --git a/MalwareMultiScan.Worker/Jobs/ScanJob.cs b/MalwareMultiScan.Worker/Jobs/ScanJob.cs
index de1d18f..02818f2 100644
--- a/MalwareMultiScan.Worker/Jobs/ScanJob.cs
+++ b/MalwareMultiScan.Worker/Jobs/ScanJob.cs
@@ -33,6 +33,7 @@ namespace MalwareMultiScan.Worker.Jobs
             {
                 BackendType.Defender => new WindowsDefenderScanBackend(logger),
                 BackendType.Clamav => new ClamavScanBackend(logger),
+                BackendType.DrWeb => new DrWebScanBackend(logger),
                 _ => throw new NotImplementedException()
             };
         }