using System.Threading; using System.Threading.Tasks; using MalwareMultiScan.Backends.Backends; using MalwareMultiScan.Backends.Backends.Interfaces; using MalwareMultiScan.Backends.Services.Interfaces; using Moq; using NUnit.Framework; namespace MalwareMultiScan.Tests.Backends { public class BackendsTests { private static IProcessRunner GetProcessRunner(int exitCode, string stdOutput, string stdError) { var processRunnerMock = new Mock(); processRunnerMock .Setup(p => p.RunTillCompletion( It.IsAny(), It.IsAny(), It.IsAny(), out It.Ref.IsAny, out It.Ref.IsAny )) .Callback(new RunTillCompletion((string path, string arguments, CancellationToken token, out string pOut, out string pErr) => { pOut = stdOutput; pErr = stdError; })).Returns(exitCode); return processRunnerMock.Object; } [Test] public async Task TestDummy() { var backend = new DummyScanBackend(); Assert.Contains("Malware.Dummy.Result", await backend.ScanAsync("test.exe", default)); } private static async Task TestVirusDetected(IScanBackend backend) { Assert.Contains("Malware-Test-Result", await backend.ScanAsync("test.exe", default)); } private static async Task TestVirusNotDetected(IScanBackend backend) { Assert.IsEmpty(await backend.ScanAsync("test.exe", default)); } [Test] public async Task TestClamav() { await TestVirusDetected(new ClamavScanBackend( GetProcessRunner(1, "/worker/test.exe: Malware-Test-Result FOUND\n", null))); await TestVirusNotDetected(new ClamavScanBackend( GetProcessRunner(0, "/worker/test.exe: OK\n", ""))); } [Test] public async Task TestWindowsDefender() { await TestVirusDetected(new WindowsDefenderScanBackend( GetProcessRunner(0, null, "main(): Scanning /worker/test.exe...\n" + "EngineScanCallback(): Scanning input\n" + "EngineScanCallback(): Threat Malware-Test-Result identified."))); await TestVirusNotDetected(new WindowsDefenderScanBackend( GetProcessRunner(0, null, "main(): Scanning /worker/test.exe...\n" + "EngineScanCallback(): Scanning input"))); } [Test] public async Task TestSophos() { await TestVirusDetected(new SophosScanBackend( GetProcessRunner(3, ">>> Virus 'Malware-Test-Result' found in file /worker/test.exe\n", null))); await TestVirusNotDetected(new SophosScanBackend( GetProcessRunner(0, "", null))); } [Test] public async Task TestMcAfee() { await TestVirusDetected(new McAfeeScanBackend( GetProcessRunner(1, "McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564\n" + "Copyright (C) 2013 McAfee, Inc.\n" + "(408) 988-3832 EVALUATION COPY - October 28 2020\n\n" + "AV Engine version: 5600.1067 for Linux64\n" + "Dat set version: 9787 created Oct 27 2020\n" + "Scanning for 668682 viruses, trojans and variants.\n\n" + "/worker/test.exe ... Found: Malware-Test-Result.\n\n" + "Time: 00:00.00", null))); await TestVirusNotDetected(new McAfeeScanBackend( GetProcessRunner(0, "McAfee VirusScan Command Line for Linux64 Version: 6.0.4.564\n" + "Copyright (C) 2013 McAfee, Inc.\n" + "(408) 988-3832 EVALUATION COPY - October 28 2020\n\n" + "AV Engine version: 5600.1067 for Linux64\n" + "Dat set version: 9787 created Oct 27 2020\n" + "Scanning for 668682 viruses, trojans and variants.\n\n" + "Time: 00:00.00", null))); } [Test] public async Task TestKes() { await TestVirusDetected(new KesScanBackend( GetProcessRunner(0, "ObjectId: 22\n\t\t" + " FileName : /worker/test.exe\n" + " DangerLevel : High\n" + " DetectType : Virware\n" + " DetectName : Malware-Test-Result\n" + " CompoundObject : No\n" + " AddTime : 2020-10-29 13:05:20\n" + " FileSize : 68\n", null))); await TestVirusNotDetected(new KesScanBackend( GetProcessRunner(0, "No files in Storage for the query\n", null))); } [Test] public async Task TestDrWeb() { await TestVirusDetected(new DrWebScanBackend( GetProcessRunner(0, "/worker/test.exe - infected with Malware-Test-Result\n" + "Scanned objects: 1, scan errors: 0, threats found: 1, threats neutralized: 0.\n" + "Scanned 0.07 KB in 5.39 s with speed 0.01 KB/s.", null))); await TestVirusNotDetected(new DrWebScanBackend( GetProcessRunner(0, "/worker/test.exe - Ok\n" + "Scanned objects: 1, scan errors: 0, threats found: 0, threats neutralized: 0.", null))); } [Test] public async Task TestComodo() { await TestVirusDetected(new ComodoScanBackend( GetProcessRunner(0, "-----== Scan Start ==-----\n" + "/worker/test.exe ---> Found Virus, Malware Name is Malware-Test-Result\n" + "-----== Scan End ==-----\n" + "Number of Scanned Files: 1\n" + "Number of Found Viruses: 0", null))); await TestVirusNotDetected(new ComodoScanBackend( GetProcessRunner(0, "-----== Scan Start ==-----\n" + "/worker/test.exe ---> Not Virus\n" + "-----== Scan End ==-----\n" + "Number of Scanned Files: 1\n" + "Number of Found Viruses: 0", null))); } private delegate void RunTillCompletion(string path, string arguments, CancellationToken token, out string stdOut, out string stdErr); } }