Mirrors/MalwareMultiScan
1
0
Fork 0
mirror of https://github.com/volodymyrsmirnov/MalwareMultiScan.git synced 2025-08-24 05:22:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6 from mindcollapse/api

Browse Source 
API for MalwareMultiScan
This commit is contained in:
Volodymyr Smirnov 2020-10-26 21:27:54 +02:00 committed by GitHub
commit d7bf6e1dd0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
62 changed files with 900 additions and 458 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@ -1,4 +1,5 @@
.git .git
*.Dockerfile
Dockerfile Dockerfile
bin bin
obj obj

4
.idea/.idea.MalwareMultiScan/.idea/runConfigurations/MalwareMultiScan_Worker_Dockerfile.xml → .idea/.idea.MalwareMultiScan/.idea/runConfigurations/MalwareMultiScan_Scanner_Dockerfile.xml generated
View File

@ -1,5 +1,5 @@
<component name="ProjectRunConfigurationManager"> <component name="ProjectRunConfigurationManager">
<configuration default="false" name="MalwareMultiScan.Worker/Dockerfile" type="docker-deploy" factoryName="dockerfile" server-name="Docker"> <configuration default="false" name="MalwareMultiScan.Scanner/Dockerfile" type="docker-deploy" factoryName="dockerfile" server-name="Docker">
<deployment type="dockerfile"> <deployment type="dockerfile">
<settings> <settings>
<option name="imageTag" value="mindcollapse/malware-multi-scan-worker" /> <option name="imageTag" value="mindcollapse/malware-multi-scan-worker" />
@ -10,7 +10,7 @@
<option name="contextFolderPath" value="." /> <option name="contextFolderPath" value="." />
<option name="entrypoint" value="" /> <option name="entrypoint" value="" />
<option name="commandLineOptions" value="" /> <option name="commandLineOptions" value="" />
<option name="sourceFilePath" value="MalwareMultiScan.Worker/Dockerfile" /> <option name="sourceFilePath" value="MalwareMultiScan.Scanner/Dockerfile" />
</settings> </settings>
</deployment> </deployment>
<method v="2" /> <method v="2" />

22
MalwareMultiScan.Api/Attributes/IsHttpUrlAttribute.cs Normal file
View File

@ -0,0 +1,22 @@
using System;
using System.ComponentModel.DataAnnotations;
namespace MalwareMultiScan.Api.Attributes
{
/// <summary>
/// Validate URI to be an absolute http(s) URL.
/// </summary>
internal class IsHttpUrlAttribute : ValidationAttribute
{
/// <inheritdoc />
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
if (!Uri.TryCreate((string)value, UriKind.Absolute, out var uri)
|| !uri.IsAbsoluteUri
|| uri.Scheme != "http" && uri.Scheme != "https")
return new ValidationResult("Only absolute http(s) URLs are supported");
return ValidationResult.Success;
}
}
}

28
MalwareMultiScan.Api/Attributes/MaxFileSizeAttribute.cs Normal file
View File

@ -0,0 +1,28 @@
using System.ComponentModel.DataAnnotations;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
namespace MalwareMultiScan.Api.Attributes
{
/// <summary>
/// Validate uploaded file size for the max file size defined in settings.
/// </summary>
public class MaxFileSizeAttribute : ValidationAttribute
{
/// <inheritdoc />
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
var maxSize = validationContext
.GetRequiredService<IConfiguration>()
.GetValue<long>("MaxFileSize");
var formFile = (IFormFile) value;
if (formFile == null || formFile.Length > maxSize)
return new ValidationResult($"File exceeds the maximum size of {maxSize} bytes");
return ValidationResult.Success;
}
}
}

33
MalwareMultiScan.Api/Controllers/DownloadController.cs Normal file
View File

@ -0,0 +1,33 @@
using System.Threading.Tasks;
using MalwareMultiScan.Api.Services;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
[ApiController]
[Route("download")]
[Produces("application/octet-stream")]
public class DownloadController : Controller
{
private readonly ScanResultService _scanResultService;
public DownloadController(ScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
[HttpGet("{id}")]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<IActionResult> Index(string id)
{
var fileStream = await _scanResultService.ObtainFile(id);
if (fileStream == null)
return NotFound();
return File(fileStream, "application/octet-stream");
}
}
}

55
MalwareMultiScan.Api/Controllers/QueueController.cs Normal file
View File

@ -0,0 +1,55 @@
using System.ComponentModel.DataAnnotations;
using System.Threading.Tasks;
using MalwareMultiScan.Api.Attributes;
using MalwareMultiScan.Api.Data.Models;
using MalwareMultiScan.Api.Services;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
[ApiController]
[Route("queue")]
[Produces("application/json")]
public class QueueController : Controller
{
private readonly ScanResultService _scanResultService;
public QueueController(ScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
[HttpPost("file")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status201Created)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
public async Task<IActionResult> ScanFile(
[Required, MaxFileSize] IFormFile file)
{
var result = await _scanResultService.CreateScanResult();
string storedFileId;
await using (var uploadFileStream = file.OpenReadStream())
storedFileId = await _scanResultService.StoreFile(file.Name, uploadFileStream);
await _scanResultService.QueueUrlScan(result, Url.Action("Index", "Download", new {id = storedFileId},
Request.Scheme, Request.Host.Value));
return CreatedAtAction("Index", "ScanResults", new {id = result.Id}, result);
}
[HttpPost("url")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status201Created)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
public async Task<IActionResult> ScanUrl(
[FromForm, Required, IsHttpUrl] string url)
{
var result = await _scanResultService.CreateScanResult();
await _scanResultService.QueueUrlScan(result, url);
return CreatedAtAction("Index", "ScanResults", new {id = result.Id}, result);
}
}
}

34
MalwareMultiScan.Api/Controllers/ScanResultsController.cs Normal file
View File

@ -0,0 +1,34 @@
using System.Threading.Tasks;
using MalwareMultiScan.Api.Data.Models;
using MalwareMultiScan.Api.Services;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Api.Controllers
{
[ApiController]
[Route("results")]
[Produces("application/json")]
public class ScanResultsController : Controller
{
private readonly ScanResultService _scanResultService;
public ScanResultsController(ScanResultService scanResultService)
{
_scanResultService = scanResultService;
}
[HttpGet("{id}")]
[ProducesResponseType(typeof(ScanResult), StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status404NotFound)]
public async Task<IActionResult> Index(string id)
{
var scanResult = await _scanResultService.GetScanResult(id);
if (scanResult == null)
return NotFound();
return Ok(scanResult);
}
}
}

8
MalwareMultiScan.Api/Data/Configuration/ScanBackend.cs Normal file
View File

@ -0,0 +1,8 @@
namespace MalwareMultiScan.Api.Data.Configuration
{
public class ScanBackend
{
public string Id { get; set; }
public bool Enabled { get; set; }
}
}

16
MalwareMultiScan.Api/Data/Models/ScanResult.cs Normal file
View File

@ -0,0 +1,16 @@
using System.Collections.Generic;
using MongoDB.Bson;
using MongoDB.Bson.Serialization.Attributes;
namespace MalwareMultiScan.Api.Data.Models
{
public class ScanResult
{
[BsonId]
[BsonRepresentation(BsonType.ObjectId)]
public string Id { get; set; }
public Dictionary<string, ScanResultEntry> Results { get; set; } =
new Dictionary<string, ScanResultEntry>();
}
}

9
MalwareMultiScan.Api/Data/Models/ScanResultEntry.cs Normal file
View File

@ -0,0 +1,9 @@
namespace MalwareMultiScan.Api.Data.Models
{
public class ScanResultEntry
{
public bool Completed { get; set; }
public bool? Succeeded { get; set; }
public string[] Threats { get; set; }
}
}

0
MalwareMultiScan.Api/Dockerfile Normal file
View File

42
MalwareMultiScan.Api/Extensions/ServiceCollectionExtensions.cs Normal file
View File

@ -0,0 +1,42 @@
using System.Net;
using EasyNetQ;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using MongoDB.Driver;
namespace MalwareMultiScan.Api.Extensions
{
internal static class ServiceCollectionExtensions
{
public static void AddMongoDb(this IServiceCollection services, IConfiguration configuration)
{
services.AddSingleton(
serviceProvider =>
{
var db = new MongoClient(configuration.GetConnectionString("Mongo"));
return db.GetDatabase(
configuration.GetValue<string>("DatabaseName"));
});
}
public static void AddRabbitMq(this IServiceCollection services, IConfiguration configuration)
{
services.AddSingleton(x =>
RabbitHutch.CreateBus(configuration.GetConnectionString("RabbitMQ")));
}
public static void AddDockerForwardedHeadersOptions(this IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:10.0.0.0"), 104));
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:192.168.0.0"), 112));
options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("::ffff:172.16.0.0"), 108));
});
}
}
}

23
MalwareMultiScan.Api/MalwareMultiScan.Api.csproj Normal file
View File

@ -0,0 +1,23 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<None Update="backends.yaml">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</None>
</ItemGroup>
<ItemGroup>
<PackageReference Include="EasyNetQ" Version="5.6.0" />
<PackageReference Include="MongoDB.Driver" Version="2.11.3" />
<PackageReference Include="MongoDB.Driver.GridFS" Version="2.11.3" />
<PackageReference Include="YamlDotNet" Version="8.1.2" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\MalwareMultiScan.Backends\MalwareMultiScan.Backends.csproj" />
</ItemGroup>
</Project>

4
MalwareMultiScan.Worker/Program.cs → MalwareMultiScan.Api/Program.cs
View File

@ -1,7 +1,7 @@
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Hosting; using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Worker namespace MalwareMultiScan.Api
{ {
public static class Program public static class Program
{ {
@ -13,7 +13,7 @@ namespace MalwareMultiScan.Worker
private static IHostBuilder CreateHostBuilder(string[] args) private static IHostBuilder CreateHostBuilder(string[] args)
{ {
return Host.CreateDefaultBuilder(args) return Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(builder => { builder.UseStartup<Startup>(); }); .ConfigureWebHostDefaults(webBuilder => webBuilder.UseStartup<Startup>());
} }
} }
} }

69
MalwareMultiScan.Api/Services/ReceiverHostedService.cs Normal file
View File

@ -0,0 +1,69 @@
using System.Threading;
using System.Threading.Tasks;
using EasyNetQ;
using MalwareMultiScan.Backends.Messages;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Api.Services
{
/// <summary>
/// Receiver hosted service.
/// </summary>
public class ReceiverHostedService : IHostedService
{
private readonly IBus _bus;
private readonly IConfiguration _configuration;
private readonly ILogger<ReceiverHostedService> _logger;
private readonly ScanResultService _scanResultService;
/// <summary>
/// Create receiver hosted service.
/// </summary>
/// <param name="bus">Service bus.</param>
/// <param name="configuration">Configuration.</param>
/// <param name="scanResultService">Scan result service.</param>
/// <param name="logger">Logger.</param>
public ReceiverHostedService(IBus bus, IConfiguration configuration, ScanResultService scanResultService,
ILogger<ReceiverHostedService> logger)
{
_bus = bus;
_configuration = configuration;
_scanResultService = scanResultService;
_logger = logger;
}
/// <inheritdoc />
public Task StartAsync(CancellationToken cancellationToken)
{
_bus.Receive<ScanResultMessage>(_configuration.GetValue<string>("ResultsSubscriptionId"), async message =>
{
_logger.LogInformation(
$"Received a result from {message.Backend} for {message.Id} " +
$"with threats {string.Join(",", message.Threats)}");
await _scanResultService.UpdateScanResultForBackend(
message.Id, message.Backend, true,
message.Succeeded, message.Threats ?? new string[] { });
});
_logger.LogInformation(
"Started hosted service for receiving scan results");
return Task.CompletedTask;
}
/// <inheritdoc />
public Task StopAsync(CancellationToken cancellationToken)
{
_bus.Dispose();
_logger.LogInformation(
"Stopped hosted service for receiving scan results");
return Task.CompletedTask;
}
}
}

72
MalwareMultiScan.Api/Services/ScanBackendService.cs Normal file
View File

@ -0,0 +1,72 @@
using System;
using System.IO;
using System.Threading.Tasks;
using EasyNetQ;
using MalwareMultiScan.Api.Data.Configuration;
using MalwareMultiScan.Api.Data.Models;
using MalwareMultiScan.Backends.Messages;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using YamlDotNet.Serialization;
using YamlDotNet.Serialization.NamingConventions;
namespace MalwareMultiScan.Api.Services
{
/// <summary>
/// Scan backends service.
/// </summary>
public class ScanBackendService
{
private readonly IBus _bus;
private readonly ILogger<ScanBackendService> _logger;
/// <summary>
/// Create scan backend service.
/// </summary>
/// <param name="configuration">Configuration.</param>
/// <param name="bus">Service bus.</param>
/// <param name="logger">Logger.</param>
/// <exception cref="FileNotFoundException">Missing BackendsConfiguration YAML file.</exception>
public ScanBackendService(IConfiguration configuration, IBus bus, ILogger<ScanBackendService> logger)
{
_bus = bus;
_logger = logger;
var configurationPath = configuration.GetValue<string>("BackendsConfiguration");
if (!File.Exists(configurationPath))
throw new FileNotFoundException("Missing BackendsConfiguration YAML file", configurationPath);
var configurationContent = File.ReadAllText(configurationPath);
var deserializer = new DeserializerBuilder()
.WithNamingConvention(CamelCaseNamingConvention.Instance)
.Build();
List = deserializer.Deserialize<ScanBackend[]>(configurationContent);
}
/// <summary>
/// List of available scan backends.
/// </summary>
public ScanBackend[] List { get; }
/// <summary>
/// Queue URL scan.
/// </summary>
/// <param name="result">Scan result instance.</param>
/// <param name="backend">Scan backend.</param>
/// <param name="fileUrl">File download URL.</param>
public async Task QueueUrlScan(ScanResult result, ScanBackend backend, string fileUrl)
{
_logger.LogInformation(
$"Queueing scan for {result.Id} on {backend.Id} at {fileUrl}");
await _bus.SendAsync(backend.Id, new ScanRequestMessage
{
Id = result.Id,
Uri = new Uri(fileUrl)
});
}
}
}

128
MalwareMultiScan.Api/Services/ScanResultService.cs Normal file
View File

@ -0,0 +1,128 @@
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using MalwareMultiScan.Api.Data.Models;
using MongoDB.Bson;
using MongoDB.Driver;
using MongoDB.Driver.GridFS;
namespace MalwareMultiScan.Api.Services
{
/// <summary>
/// Scan results service.
/// </summary>
public class ScanResultService
{
private const string CollectionName = "ScanResults";
private readonly GridFSBucket _bucket;
private readonly IMongoCollection<ScanResult> _collection;
private readonly ScanBackendService _scanBackendService;
/// <summary>
/// Create scan result service.
/// </summary>
/// <param name="db">Mongo database.</param>
/// <param name="scanBackendService">Scan backend service.</param>
public ScanResultService(IMongoDatabase db, ScanBackendService scanBackendService)
{
_scanBackendService = scanBackendService;
_bucket = new GridFSBucket(db);
_collection = db.GetCollection<ScanResult>(CollectionName);
}
/// <summary>
/// Create scan result.
/// </summary>
/// <returns>Scan result.</returns>
public async Task<ScanResult> CreateScanResult()
{
var scanResult = new ScanResult
{
Results = _scanBackendService.List
.Where(b => b.Enabled)
.ToDictionary(k => k.Id, v => new ScanResultEntry())
};
await _collection.InsertOneAsync(scanResult);
return scanResult;
}
/// <summary>
/// Get scan result.
/// </summary>
/// <param name="id">Scan result id.</param>
/// <returns>Scan result.</returns>
public async Task<ScanResult> GetScanResult(string id)
{
var result = await _collection.FindAsync(
Builders<ScanResult>.Filter.Where(r => r.Id == id));
return await result.FirstOrDefaultAsync();
}
/// <summary>
/// Update scan status for the backend.
/// </summary>
/// <param name="resultId">Result id.</param>
/// <param name="backendId">Backend id.</param>
/// <param name="completed">If the scan has been completed.</param>
/// <param name="succeeded">If the scan has been succeeded.</param>
/// <param name="threats">List of found threats.</param>
public async Task UpdateScanResultForBackend(string resultId, string backendId,
bool completed = false, bool succeeded = false, string[] threats = null)
{
await _collection.UpdateOneAsync(
Builders<ScanResult>.Filter.Where(r => r.Id == resultId),
Builders<ScanResult>.Update.Set(r => r.Results[backendId], new ScanResultEntry
{
Completed = completed,
Succeeded = succeeded,
Threats = threats ?? new string[] { }
}));
}
/// <summary>
/// Queue URL scan.
/// </summary>
/// <param name="result">Scan result instance.</param>
/// <param name="fileUrl">File URL.</param>
public async Task QueueUrlScan(ScanResult result, string fileUrl)
{
foreach (var backend in _scanBackendService.List.Where(b => b.Enabled))
await _scanBackendService.QueueUrlScan(result, backend, fileUrl);
}
/// <summary>
/// Store file.
/// </summary>
/// <param name="fileName">File name.</param>
/// <param name="fileStream">File stream.</param>
/// <returns>Stored file id.</returns>
public async Task<string> StoreFile(string fileName, Stream fileStream)
{
var objectId = await _bucket.UploadFromStreamAsync(
fileName, fileStream);
return objectId.ToString();
}
/// <summary>
/// Obtain stored file stream.
/// </summary>
/// <param name="id">File id.</param>
/// <returns>File seekable stream.</returns>
public async Task<Stream> ObtainFile(string id)
{
if (!ObjectId.TryParse(id, out var objectId))
return null;
return await _bucket.OpenDownloadStreamAsync(objectId, new GridFSDownloadOptions
{
Seekable = true
});
}
}
}

40
MalwareMultiScan.Api/Startup.cs Normal file
View File

@ -0,0 +1,40 @@
using MalwareMultiScan.Api.Extensions;
using MalwareMultiScan.Api.Services;
using Microsoft.AspNetCore.Builder;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
namespace MalwareMultiScan.Api
{
public class Startup
{
private readonly IConfiguration _configuration;
public Startup(IConfiguration configuration)
{
_configuration = configuration;
}
public void ConfigureServices(IServiceCollection services)
{
services.AddDockerForwardedHeadersOptions();
services.AddMongoDb(_configuration);
services.AddRabbitMq(_configuration);
services.AddSingleton<ScanBackendService>();
services.AddSingleton<ScanResultService>();
services.AddControllers();
services.AddHostedService<ReceiverHostedService>();
}
public void Configure(IApplicationBuilder app)
{
app.UseRouting();
app.UseForwardedHeaders();
app.UseEndpoints(endpoints => endpoints.MapControllers());
}
}
}

20
MalwareMultiScan.Api/appsettings.json Normal file
View File

@ -0,0 +1,20 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"AllowedHosts": "*",
"ConnectionStrings": {
"Mongo": "mongodb://localhost:27017",
"RabbitMQ": "host=localhost"
},
"DatabaseName": "MalwareMultiScan",
"ResultsSubscriptionId": "mms.results",
"MaxFileSize": 1048576,
"BackendsConfiguration": "backends.yaml"
}

2
MalwareMultiScan.Api/backends.yaml Normal file
View File

@ -0,0 +1,2 @@
- id: dummy
enabled: true

15
MalwareMultiScan.Backends/Backends/Abstracts/AbstractLocalProcessScanBackend.cs
View File

@ -18,15 +18,12 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
_logger = logger; _logger = logger;
} }
protected virtual Regex MatchRegex { get; } protected abstract Regex MatchRegex { get; }
protected virtual string BackendPath { get; } protected abstract string BackendPath { get; }
protected virtual bool ParseStdErr { get; } protected virtual bool ParseStdErr { get; } = false;
protected virtual bool ThrowOnNonZeroExitCode { get; } = true; protected virtual bool ThrowOnNonZeroExitCode { get; } = true;
protected virtual string GetBackendArguments(string path) protected abstract string GetBackendArguments(string path);
{
throw new NotImplementedException();
}
public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken) public override async Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{ {
@ -56,13 +53,13 @@ namespace MalwareMultiScan.Backends.Backends.Abstracts
process.WaitForExit(); process.WaitForExit();
_logger.LogInformation($"Process has exited with code {process.ExitCode}"); _logger.LogInformation($"Process has exited with code {process.ExitCode}");
var standardOutput = await process.StandardOutput.ReadToEndAsync(); var standardOutput = await process.StandardOutput.ReadToEndAsync();
var standardError = await process.StandardError.ReadToEndAsync(); var standardError = await process.StandardError.ReadToEndAsync();
_logger.LogDebug($"Process standard output: {standardOutput}"); _logger.LogDebug($"Process standard output: {standardOutput}");
_logger.LogDebug($"Process standard error: {standardError}"); _logger.LogDebug($"Process standard error: {standardError}");
if (ThrowOnNonZeroExitCode && process.ExitCode != 0) if (ThrowOnNonZeroExitCode && process.ExitCode != 0)
throw new ApplicationException($"Process has terminated with an exit code {process.ExitCode}"); throw new ApplicationException($"Process has terminated with an exit code {process.ExitCode}");

20
MalwareMultiScan.Backends/Backends/Abstracts/AbstractScanBackend.cs
View File

@ -3,37 +3,25 @@ using System.IO;
using System.Net.Http; using System.Net.Http;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using MalwareMultiScan.Shared.Interfaces; using MalwareMultiScan.Backends.Interfaces;
using Microsoft.AspNetCore.Http;
namespace MalwareMultiScan.Backends.Backends.Abstracts namespace MalwareMultiScan.Backends.Backends.Abstracts
{ {
public abstract class AbstractScanBackend : IScanBackend public abstract class AbstractScanBackend : IScanBackend
{ {
public virtual string Id => throw new NotImplementedException(); public abstract string Id { get; }
public virtual DateTime DatabaseLastUpdate => throw new NotImplementedException(); public abstract Task<string[]> ScanAsync(string path, CancellationToken cancellationToken);
public virtual Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
throw new NotImplementedException();
}
public async Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken) public async Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{ {
using var httpClient = new HttpClient(); using var httpClient = new HttpClient();
await using var uriStream = await httpClient.GetStreamAsync(uri); await using var uriStream = await httpClient.GetStreamAsync(uri);
return await ScanAsync(uriStream, cancellationToken); return await ScanAsync(uriStream, cancellationToken);
} }
public async Task<string[]> ScanAsync(IFormFile file, CancellationToken cancellationToken)
{
await using var fileStream = file.OpenReadStream();
return await ScanAsync(fileStream, cancellationToken);
}
public async Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken) public async Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{ {
var tempFile = Path.GetTempFileName(); var tempFile = Path.GetTempFileName();

11
MalwareMultiScan.Backends/Backends/Implementations/ClamavScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,17 +9,16 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public ClamavScanBackend(ILogger logger) : base(logger) public ClamavScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "clamav"; public override string Id { get; } = "clamav";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/var/lib/clamav/daily.cvd");
protected override string BackendPath { get; } = "/usr/bin/clamscan"; protected override string BackendPath { get; } = "/usr/bin/clamscan";
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =
new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline); new Regex(@"(\S+): (?<threat>[\S]+) FOUND", RegexOptions.Compiled | RegexOptions.Multiline);
protected override bool ThrowOnNonZeroExitCode { get; } = false;
protected override string GetBackendArguments(string path) protected override string GetBackendArguments(string path)
{ {
return $"--no-summary {path}"; return $"--no-summary {path}";

11
MalwareMultiScan.Backends/Backends/Implementations/ComodoScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,16 +9,13 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public ComodoScanBackend(ILogger logger) : base(logger) public ComodoScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "comodo"; public override string Id { get; } = "comodo";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/opt/COMODO/scanners/bases.cav");
protected override string BackendPath { get; } = "/opt/COMODO/cmdscan"; protected override string BackendPath { get; } = "/opt/COMODO/cmdscan";
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =
new Regex(@".* ---> Found Virus, Malware Name is (?<threat>.*)", new Regex(@".* ---> Found Virus, Malware Name is (?<threat>.*)",
RegexOptions.Compiled | RegexOptions.Multiline); RegexOptions.Compiled | RegexOptions.Multiline);
protected override string GetBackendArguments(string path) protected override string GetBackendArguments(string path)

9
MalwareMultiScan.Backends/Backends/Implementations/DrWebScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,14 +9,11 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public DrWebScanBackend(ILogger logger) : base(logger) public DrWebScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "drweb"; public override string Id { get; } = "drweb";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/var/opt/drweb.com/version/version.ini");
protected override string BackendPath { get; } = "/usr/bin/drweb-ctl"; protected override string BackendPath { get; } = "/usr/bin/drweb-ctl";
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =
new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline); new Regex(@".* - infected with (?<threat>[\S ]+)", RegexOptions.Compiled | RegexOptions.Multiline);

33
MalwareMultiScan.Backends/Backends/Implementations/DummyScanBackend.cs Normal file
View File

@ -0,0 +1,33 @@
using System;
using System.IO;
using System.Threading;
using System.Threading.Tasks;
using MalwareMultiScan.Backends.Interfaces;
namespace MalwareMultiScan.Backends.Backends.Implementations
{
public class DummyScanBackend : IScanBackend
{
public string Id { get; } = "dummy";
public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken)
{
return Scan();
}
public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken)
{
return Scan();
}
public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken)
{
return Scan();
}
private static Task<string[]> Scan()
{
return Task.FromResult(new[] {"Malware.Dummy.Result"});
}
}
}

9
MalwareMultiScan.Backends/Backends/Implementations/KesScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,14 +9,11 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public KesScanBackend(ILogger logger) : base(logger) public KesScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "kes"; public override string Id { get; } = "kes";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/var/opt/kaspersky/kesl/common/updates/avbases/klsrl.dat");
protected override string BackendPath { get; } = "/bin/bash"; protected override string BackendPath { get; } = "/bin/bash";
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =
new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline); new Regex(@"[ +]DetectName.*: (?<threat>.*)", RegexOptions.Compiled | RegexOptions.Multiline);

9
MalwareMultiScan.Backends/Backends/Implementations/McAffeeScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,14 +9,11 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public McAfeeScanBackend(ILogger logger) : base(logger) public McAfeeScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "mcafeee"; public override string Id { get; } = "mcafeee";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/usr/local/uvscan/avvscan.dat");
protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan"; protected override string BackendPath { get; } = "/usr/local/uvscan/uvscan";
protected override bool ThrowOnNonZeroExitCode { get; } = false; protected override bool ThrowOnNonZeroExitCode { get; } = false;
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =

7
MalwareMultiScan.Backends/Backends/Implementations/SophosScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -11,11 +9,8 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public SophosScanBackend(ILogger logger) : base(logger) public SophosScanBackend(ILogger logger) : base(logger)
{ {
} }
public override string Id { get; } = "sophos"; public override string Id { get; } = "sophos";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/opt/sophos-av/lib/sav/vdlsync.upd");
protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan"; protected override string BackendPath { get; } = "/opt/sophos-av/bin/savscan";

5
MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs
View File

@ -1,5 +1,3 @@
using System;
using System.IO;
using System.Text.RegularExpressions; using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts; using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
@ -14,9 +12,6 @@ namespace MalwareMultiScan.Backends.Backends.Implementations
public override string Id { get; } = "windows-defender"; public override string Id { get; } = "windows-defender";
public override DateTime DatabaseLastUpdate =>
File.GetLastWriteTime("/opt/engine/mpavbase.vdm");
protected override string BackendPath { get; } = "/opt/mpclient"; protected override string BackendPath { get; } = "/opt/mpclient";
protected override Regex MatchRegex { get; } = protected override Regex MatchRegex { get; } =

2
MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive

2
MalwareMultiScan.Backends/Dockerfiles/Comodo.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
RUN apt-get update && apt-get install wget -y RUN apt-get update && apt-get install wget -y

2
MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
ARG DRWEB_KEY ARG DRWEB_KEY
ENV DRWEB_KEY=$DRWEB_KEY ENV DRWEB_KEY=$DRWEB_KEY

2
MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
ARG KES_KEY ARG KES_KEY
ENV KES_KEY=$KES_KEY ENV KES_KEY=$KES_KEY

2
MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
RUN apt-get update && apt-get install unzip wget -y RUN apt-get update && apt-get install unzip wget -y

2
MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile
View File

@ -1,4 +1,4 @@
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
RUN apt-get update && apt-get install wget -y RUN apt-get update && apt-get install wget -y

2
MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile
View File

@ -11,7 +11,7 @@ WORKDIR /opt/loadlibrary/engine
RUN curl -L "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" --output mpan-fe.exe RUN curl -L "https://go.microsoft.com/fwlink/?LinkID=121721&arch=x86" --output mpan-fe.exe
RUN cabextract mpan-fe.exe && rm mpan-fe.exe RUN cabextract mpan-fe.exe && rm mpan-fe.exe
FROM mindcollapse/malware-multi-scan-worker:latest FROM mindcollapse/malware-multi-scan-scanner:latest
RUN apt-get update && apt-get install -y libc6-i386 RUN apt-get update && apt-get install -y libc6-i386

3
MalwareMultiScan.Shared/Data/Enums/BackendType.cs → MalwareMultiScan.Backends/Enums/BackendType.cs
View File

@ -1,7 +1,8 @@
namespace MalwareMultiScan.Shared.Data.Enums namespace MalwareMultiScan.Backends.Enums
{ {
public enum BackendType public enum BackendType
{ {
Dummy,
Defender, Defender,
Clamav, Clamav,
DrWeb, DrWeb,

32
MalwareMultiScan.Backends/Extensions/ServiceCollectionExtensions.cs Normal file
View File

@ -0,0 +1,32 @@
using System;
using MalwareMultiScan.Backends.Backends.Implementations;
using MalwareMultiScan.Backends.Enums;
using MalwareMultiScan.Backends.Interfaces;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Backends.Extensions
{
public static class ServiceCollectionExtensions
{
public static void AddScanningBackend(this IServiceCollection services, BackendType type)
{
using var provider = services.BuildServiceProvider();
var logger = provider.GetService<ILogger<IScanBackend>>();
services.AddSingleton<IScanBackend>(type switch
{
BackendType.Dummy => new DummyScanBackend(),
BackendType.Defender => new WindowsDefenderScanBackend(logger),
BackendType.Clamav => new ClamavScanBackend(logger),
BackendType.DrWeb => new DrWebScanBackend(logger),
BackendType.Kes => new KesScanBackend(logger),
BackendType.Comodo => new ComodoScanBackend(logger),
BackendType.Sophos => new SophosScanBackend(logger),
BackendType.McAfee => new McAfeeScanBackend(logger),
_ => throw new NotImplementedException()
});
}
}
}

7
MalwareMultiScan.Shared/Interfaces/IScanBackend.cs → MalwareMultiScan.Backends/Interfaces/IScanBackend.cs
View File

@ -2,19 +2,14 @@ using System;
using System.IO; using System.IO;
using System.Threading; using System.Threading;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
namespace MalwareMultiScan.Shared.Interfaces namespace MalwareMultiScan.Backends.Interfaces
{ {
public interface IScanBackend public interface IScanBackend
{ {
public string Id { get; } public string Id { get; }
public DateTime DatabaseLastUpdate { get; }
public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken); public Task<string[]> ScanAsync(string path, CancellationToken cancellationToken);
public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken); public Task<string[]> ScanAsync(Uri uri, CancellationToken cancellationToken);
public Task<string[]> ScanAsync(IFormFile file, CancellationToken cancellationToken);
public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken); public Task<string[]> ScanAsync(Stream stream, CancellationToken cancellationToken);
} }
} }

5
MalwareMultiScan.Backends/MalwareMultiScan.Backends.csproj
View File

@ -3,9 +3,10 @@
<PropertyGroup> <PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework> <TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup> </PropertyGroup>
<ItemGroup> <ItemGroup>
<ProjectReference Include="..\MalwareMultiScan.Shared\MalwareMultiScan.Shared.csproj" /> <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="3.1.9" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.9" />
</ItemGroup> </ItemGroup>
</Project> </Project>

11
MalwareMultiScan.Backends/Messages/ScanRequestMessage.cs Normal file
View File

@ -0,0 +1,11 @@
using System;
namespace MalwareMultiScan.Backends.Messages
{
public class ScanRequestMessage
{
public string Id { get; set; }
public Uri Uri { get; set; }
}
}

11
MalwareMultiScan.Backends/Messages/ScanResultMessage.cs Normal file
View File

@ -0,0 +1,11 @@
namespace MalwareMultiScan.Backends.Messages
{
public class ScanResultMessage
{
public string Id { get; set; }
public string Backend { get; set; }
public bool Succeeded { get; set; }
public string[] Threats { get; set; }
}
}

10
MalwareMultiScan.Worker/Dockerfile → MalwareMultiScan.Scanner/Dockerfile
View File

@ -2,11 +2,10 @@ FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS builder
WORKDIR /src WORKDIR /src
COPY MalwareMultiScan.Worker /src/MalwareMultiScan.Worker COPY MalwareMultiScan.Worker /src/MalwareMultiScan.Scanner
COPY MalwareMultiScan.Shared /src/MalwareMultiScan.Shared
COPY MalwareMultiScan.Backends /src/MalwareMultiScan.Backends COPY MalwareMultiScan.Backends /src/MalwareMultiScan.Backends
RUN dotnet publish -c Release -r linux-x64 -o ./publish MalwareMultiScan.Worker/MalwareMultiScan.Worker.csproj RUN dotnet publish -c Release -r linux-x64 -o ./publish MalwareMultiScan.Scanner/MalwareMultiScan.Scanner.csproj
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
@ -14,7 +13,4 @@ WORKDIR /worker
COPY --from=builder /src/publish /worker COPY --from=builder /src/publish /worker
ENV ASPNETCORE_ENVIRONMENT=Production ENTRYPOINT ["/worker/MalwareMultiScan.Scanner"]
ENV ASPNETCORE_URLS=http://+:9901
ENTRYPOINT ["/worker/MalwareMultiScan.Worker"]

15
MalwareMultiScan.Scanner/MalwareMultiScan.Scanner.csproj Normal file
View File

@ -0,0 +1,15 @@
<Project Sdk="Microsoft.NET.Sdk.Worker">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="EasyNetQ" Version="5.6.0" />
<PackageReference Include="Microsoft.Extensions.Hosting" Version="3.1.8" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\MalwareMultiScan.Backends\MalwareMultiScan.Backends.csproj" />
</ItemGroup>
</Project>

32
MalwareMultiScan.Scanner/Program.cs Normal file
View File

@ -0,0 +1,32 @@
using System.Threading.Tasks;
using MalwareMultiScan.Backends.Enums;
using MalwareMultiScan.Backends.Extensions;
using MalwareMultiScan.Scanner.Services;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
namespace MalwareMultiScan.Scanner
{
public static class Program
{
public static async Task Main(string[] args)
{
await Host.CreateDefaultBuilder(args)
.ConfigureAppConfiguration(configure =>
{
configure.AddJsonFile("appsettings.json");
configure.AddEnvironmentVariables();
})
.ConfigureServices((context, services) =>
{
services.AddLogging();
services.AddScanningBackend(
context.Configuration.GetValue<BackendType>("BackendType"));
services.AddHostedService<ScanHostedService>();
}).RunConsoleAsync();
}
}
}

90
MalwareMultiScan.Scanner/Services/ScanHostedService.cs Normal file
View File

@ -0,0 +1,90 @@
using System;
using System.Threading;
using System.Threading.Tasks;
using EasyNetQ;
using MalwareMultiScan.Backends.Interfaces;
using MalwareMultiScan.Backends.Messages;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Scanner.Services
{
internal class ScanHostedService : IHostedService
{
private readonly IScanBackend _backend;
private readonly IConfiguration _configuration;
private readonly ILogger<ScanHostedService> _logger;
private IBus _bus;
public ScanHostedService(ILogger<ScanHostedService> logger, IConfiguration configuration, IScanBackend backend)
{
_logger = logger;
_configuration = configuration;
_backend = backend;
}
public Task StartAsync(CancellationToken cancellationToken)
{
_bus = RabbitHutch.CreateBus(
_configuration.GetConnectionString("RabbitMQ"));
_bus.Receive<ScanRequestMessage>(_backend.Id, Scan);
_logger.LogInformation(
$"Started scan hosting service for the backend {_backend.Id}");
return Task.CompletedTask;
}
public Task StopAsync(CancellationToken cancellationToken)
{
_bus.Dispose();
_logger.LogInformation(
$"Stopped scan hosting service for the backend {_backend.Id}");
return Task.CompletedTask;
}
private async Task Scan(ScanRequestMessage message)
{
_logger.LogInformation(
$"Starting scan of {message.Uri} via backend {_backend.Id} from {message.Id}");
var cancellationTokenSource = new CancellationTokenSource(
TimeSpan.FromSeconds(_configuration.GetValue<int>("MaxScanningTime")));
var result = new ScanResultMessage
{
Id = message.Id,
Backend = _backend.Id
};
try
{
result.Threats = await _backend.ScanAsync(
message.Uri, cancellationTokenSource.Token);
result.Succeeded = true;
_logger.LogInformation(
$"Backend {_backend.Id} completed a scan of {message.Id} " +
$"with result '{string.Join(", ", result.Threats)}'");
}
catch (Exception exception)
{
result.Succeeded = false;
_logger.LogError(
exception, "Scanning failed with exception");
}
finally
{
await _bus.SendAsync(
_configuration.GetValue<string>("ResultsSubscriptionId"), result);
}
}
}
}

18
MalwareMultiScan.Scanner/appsettings.json Normal file
View File

@ -0,0 +1,18 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
},
"BackendType": "Dummy",
"MaxScanningTime": 60,
"ResultsSubscriptionId": "mms.results",
"ConnectionStrings": {
"RabbitMQ": "host=localhost;prefetchcount=1"
}
}

18
MalwareMultiScan.Shared/Attributes/UrlValidationAttribute.cs
View File

@ -1,18 +0,0 @@
using System;
using System.ComponentModel.DataAnnotations;
namespace MalwareMultiScan.Shared.Attributes
{
public class UrlValidationAttribute : ValidationAttribute
{
protected override ValidationResult IsValid(object value, ValidationContext validationContext)
{
var uri = (Uri) value;
if (uri == null || uri.Scheme != "http" && uri.Scheme != "https")
return new ValidationResult("Only http(s) URLs are supported");
return ValidationResult.Success;
}
}
}

13
MalwareMultiScan.Shared/Data/Requests/BasicRequest.cs
View File

@ -1,13 +0,0 @@
using System;
using System.ComponentModel.DataAnnotations;
using MalwareMultiScan.Shared.Attributes;
namespace MalwareMultiScan.Shared.Data.Requests
{
public abstract class BasicRequest
{
[Required]
[UrlValidation]
public Uri CallbackUrl { get; set; }
}
}

11
MalwareMultiScan.Shared/Data/Requests/FileRequest.cs
View File

@ -1,11 +0,0 @@
using System.ComponentModel.DataAnnotations;
using Microsoft.AspNetCore.Http;
namespace MalwareMultiScan.Shared.Data.Requests
{
public class FileRequest : BasicRequest
{
[Required]
public IFormFile InputFile { get; set; }
}
}

13
MalwareMultiScan.Shared/Data/Requests/UrlRequest.cs
View File

@ -1,13 +0,0 @@
using System;
using System.ComponentModel.DataAnnotations;
using MalwareMultiScan.Shared.Attributes;
namespace MalwareMultiScan.Shared.Data.Requests
{
public class UrlRequest : BasicRequest
{
[Required]
[UrlValidation]
public Uri InputUrl { get; set; }
}
}

18
MalwareMultiScan.Shared/Data/Responses/ResultResponse.cs
View File

@ -1,18 +0,0 @@
using System;
using System.Linq;
namespace MalwareMultiScan.Shared.Data.Responses
{
public class ResultResponse
{
public string Backend { get; set; }
public bool Success { get; set; }
public DateTime? DatabaseLastUpdate { get; set; }
public bool Detected => Threats?.Any() == true;
public string[] Threats { get; set; }
}
}

12
MalwareMultiScan.Shared/MalwareMultiScan.Shared.csproj
View File

@ -1,12 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.Http.Features" Version="3.1.9" />
<PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="3.1.9" />
</ItemGroup>
</Project>

46
MalwareMultiScan.Worker/Controllers/ScanController.cs
View File

@ -1,46 +0,0 @@
using System.IO;
using System.Threading.Tasks;
using Hangfire;
using MalwareMultiScan.Shared.Data.Requests;
using MalwareMultiScan.Worker.Jobs;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
namespace MalwareMultiScan.Worker.Controllers
{
[ApiController]
[Produces("application/json")]
public class ScanController : ControllerBase
{
[HttpPost]
[ProducesResponseType(StatusCodes.Status202Accepted)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[Route("/scan/file")]
public async Task<IActionResult> ScanFile([FromForm] FileRequest request)
{
var temporaryFile = Path.GetTempFileName();
await using (var temporaryFileSteam = System.IO.File.OpenWrite(temporaryFile))
{
await request.InputFile.CopyToAsync(temporaryFileSteam);
}
BackgroundJob.Enqueue<ScanJob>(
x => x.ScanFile(temporaryFile, request.CallbackUrl));
return Accepted(request.CallbackUrl);
}
[HttpPost]
[ProducesResponseType(StatusCodes.Status202Accepted)]
[ProducesResponseType(StatusCodes.Status400BadRequest)]
[Route("/scan/url")]
public IActionResult ScanUrl([FromForm] UrlRequest request)
{
BackgroundJob.Enqueue<ScanJob>(
x => x.ScanUrl(request.InputUrl, request.CallbackUrl));
return Accepted(request.CallbackUrl);
}
}
}

112
MalwareMultiScan.Worker/Jobs/ScanJob.cs
View File

@ -1,112 +0,0 @@
using System;
using System.IO;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
using Hangfire;
using MalwareMultiScan.Backends.Backends.Implementations;
using MalwareMultiScan.Shared.Data.Enums;
using MalwareMultiScan.Shared.Data.Responses;
using MalwareMultiScan.Shared.Interfaces;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
namespace MalwareMultiScan.Worker.Jobs
{
public class ScanJob
{
private readonly IScanBackend _backend;
private readonly IHttpClientFactory _httpClientFactory;
private readonly ILogger<ScanJob> _logger;
private readonly int _scanTimeout;
public ScanJob(IConfiguration configuration, ILogger<ScanJob> logger,
IHttpClientFactory httpClientFactory)
{
_logger = logger;
_httpClientFactory = httpClientFactory;
_scanTimeout = configuration.GetValue<int>("ScanTimeout");
_backend = configuration.GetValue<BackendType>("BackendType") switch
{
BackendType.Defender => new WindowsDefenderScanBackend(logger),
BackendType.Clamav => new ClamavScanBackend(logger),
BackendType.DrWeb => new DrWebScanBackend(logger),
BackendType.Kes => new KesScanBackend(logger),
BackendType.Comodo => new ComodoScanBackend(logger),
BackendType.Sophos => new SophosScanBackend(logger),
BackendType.McAfee => new McAfeeScanBackend(logger),
_ => throw new NotImplementedException()
};
}
private async Task PostResult(ResultResponse response, Uri callbackUrl, CancellationToken cancellationToken)
{
var serializedResponse = JsonSerializer.Serialize(
response, typeof(ResultResponse), new JsonSerializerOptions
{
WriteIndented = true
});
_logger.LogInformation(
$"Sending following payload to {callbackUrl}: {serializedResponse}");
using var httpClient = _httpClientFactory.CreateClient();
var callbackResponse = await httpClient.PostAsync(callbackUrl,
new StringContent(serializedResponse, Encoding.UTF8, "application/json"), cancellationToken);
_logger.LogInformation($"Callback URL {callbackUrl} returned a status {callbackResponse.StatusCode}");
}
private async Task Scan(Func<CancellationToken, Task<string[]>> scanMethod, Uri callbackUrl)
{
var cancellationTokenSource = new CancellationTokenSource();
cancellationTokenSource.CancelAfter(_scanTimeout * 1000);
var cancellationToken = cancellationTokenSource.Token;
var response = new ResultResponse
{
Backend = _backend.Id
};
try
{
response.Success = true;
response.Threats = await scanMethod(cancellationToken);
response.DatabaseLastUpdate = _backend.DatabaseLastUpdate;
}
catch (Exception exception)
{
response.Success = false;
_logger.LogError(exception, "Scanning failed with exception");
}
await PostResult(response, callbackUrl, cancellationToken);
}
[AutomaticRetry(Attempts = 0, OnAttemptsExceeded = AttemptsExceededAction.Delete)]
public async Task ScanUrl(Uri url, Uri callbackUrl)
{
await Scan(async t => await _backend.ScanAsync(url, t), callbackUrl);
}
[AutomaticRetry(Attempts = 0, OnAttemptsExceeded = AttemptsExceededAction.Delete)]
public async Task ScanFile(string file, Uri callbackUrl)
{
try
{
await Scan(async t => await _backend.ScanAsync(file, t), callbackUrl);
}
finally
{
File.Delete(file);
}
}
}
}

17
MalwareMultiScan.Worker/MalwareMultiScan.Worker.csproj
View File

@ -1,17 +0,0 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>netcoreapp3.1</TargetFramework>
</PropertyGroup>
<ItemGroup>
<ProjectReference Include="..\MalwareMultiScan.Backends\MalwareMultiScan.Backends.csproj" />
<ProjectReference Include="..\MalwareMultiScan.Shared\MalwareMultiScan.Shared.csproj" />
</ItemGroup>
<ItemGroup>
<PackageReference Include="Hangfire.AspNetCore" Version="1.7.16" />
<PackageReference Include="Hangfire.MemoryStorage" Version="1.7.0" />
</ItemGroup>
</Project>

30
MalwareMultiScan.Worker/Properties/launchSettings.json
View File

@ -1,30 +0,0 @@
{
"$schema": "http://json.schemastore.org/launchsettings.json",
"iisSettings": {
"windowsAuthentication": false,
"anonymousAuthentication": true,
"iisExpress": {
"applicationUrl": "http://localhost:53549",
"sslPort": 44380
}
},
"profiles": {
"IIS Express": {
"commandName": "IISExpress",
"launchBrowser": true,
"launchUrl": "weatherforecast",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
},
"MalwareMultiScan.Worker": {
"commandName": "Project",
"launchBrowser": true,
"launchUrl": "weatherforecast",
"applicationUrl": "https://localhost:5001;http://localhost:5000",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Development"
}
}
}
}

35
MalwareMultiScan.Worker/Startup.cs
View File

@ -1,35 +0,0 @@
using Hangfire;
using Hangfire.MemoryStorage;
using MalwareMultiScan.Worker.Jobs;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
namespace MalwareMultiScan.Worker
{
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddLogging();
services.AddControllers();
services.AddHttpClient();
services.AddSingleton<ScanJob>();
services.AddHangfire(
configuration => configuration.UseMemoryStorage());
services.AddHangfireServer();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseRouting();
app.UseEndpoints(endpoints => { endpoints.MapControllers(); });
app.UseHangfireServer();
}
}
}

9
MalwareMultiScan.Worker/appsettings.Development.json
View File

@ -1,9 +0,0 @@
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
}
}
}

13
MalwareMultiScan.Worker/appsettings.json
View File

@ -1,13 +0,0 @@
{
"Logging": {
"LogLevel": {
"Default": "Warning",
"MalwareMultiScan": "Debug"
}
},
"AllowedHosts": "*",
"BackendType": "",
"ScanTimeout": 300
}

24
MalwareMultiScan.sln
View File

@ -1,28 +1,28 @@
 
Microsoft Visual Studio Solution File, Format Version 12.00 Microsoft Visual Studio Solution File, Format Version 12.00
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Worker", "MalwareMultiScan.Worker\MalwareMultiScan.Worker.csproj", "{5D515E0A-B2C6-4C1D-88F6-C296F73409FA}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Shared", "MalwareMultiScan.Shared\MalwareMultiScan.Shared.csproj", "{9E0A0B50-741F-4A49-97A2-0B337374347F}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Backends", "MalwareMultiScan.Backends\MalwareMultiScan.Backends.csproj", "{382B49AC-0FFA-44FC-875D-9D4692DDC05D}" Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Backends", "MalwareMultiScan.Backends\MalwareMultiScan.Backends.csproj", "{382B49AC-0FFA-44FC-875D-9D4692DDC05D}"
EndProject EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Api", "MalwareMultiScan.Api\MalwareMultiScan.Api.csproj", "{7B63B897-D390-4617-821F-F96799CBA2F4}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MalwareMultiScan.Scanner", "MalwareMultiScan.Scanner\MalwareMultiScan.Scanner.csproj", "{8A16A3C4-2AE3-4F63-8280-635FF7878080}"
EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU Release|Any CPU = Release|Any CPU
EndGlobalSection EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution GlobalSection(ProjectConfigurationPlatforms) = postSolution
{5D515E0A-B2C6-4C1D-88F6-C296F73409FA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{5D515E0A-B2C6-4C1D-88F6-C296F73409FA}.Debug|Any CPU.Build.0 = Debug|Any CPU
{5D515E0A-B2C6-4C1D-88F6-C296F73409FA}.Release|Any CPU.ActiveCfg = Release|Any CPU
{5D515E0A-B2C6-4C1D-88F6-C296F73409FA}.Release|Any CPU.Build.0 = Release|Any CPU
{9E0A0B50-741F-4A49-97A2-0B337374347F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9E0A0B50-741F-4A49-97A2-0B337374347F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9E0A0B50-741F-4A49-97A2-0B337374347F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9E0A0B50-741F-4A49-97A2-0B337374347F}.Release|Any CPU.Build.0 = Release|Any CPU
{382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Debug|Any CPU.Build.0 = Debug|Any CPU {382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Release|Any CPU.ActiveCfg = Release|Any CPU {382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Release|Any CPU.Build.0 = Release|Any CPU {382B49AC-0FFA-44FC-875D-9D4692DDC05D}.Release|Any CPU.Build.0 = Release|Any CPU
{7B63B897-D390-4617-821F-F96799CBA2F4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{7B63B897-D390-4617-821F-F96799CBA2F4}.Debug|Any CPU.Build.0 = Debug|Any CPU
{7B63B897-D390-4617-821F-F96799CBA2F4}.Release|Any CPU.ActiveCfg = Release|Any CPU
{7B63B897-D390-4617-821F-F96799CBA2F4}.Release|Any CPU.Build.0 = Release|Any CPU
{8A16A3C4-2AE3-4F63-8280-635FF7878080}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8A16A3C4-2AE3-4F63-8280-635FF7878080}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8A16A3C4-2AE3-4F63-8280-635FF7878080}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8A16A3C4-2AE3-4F63-8280-635FF7878080}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection EndGlobalSection
EndGlobal EndGlobal