MalwareMultiScan/MalwareMultiScan.Backends/Backends/Implementations/WindowsDefenderScanBackend.cs

using System;
using System.Diagnostics;
using System.IO;
using System.Text.RegularExpressions;
using MalwareMultiScan.Backends.Backends.Abstracts;
using Microsoft.Extensions.Logging;

namespace MalwareMultiScan.Backends.Backends.Implementations
{
    public class WindowsDefenderScanBackend : AbstractLocalProcessScanBackend
    {
        public override string Name { get; } = "Windows Defender";

        public override DateTime DatabaseLastUpdate =>
            File.GetLastWriteTime("/opt/engine/mpavbase.vdm");

        protected override string BackendPath { get; } = "/opt/mpclient";
        protected override Regex MatchRegex { get; } = 
            new Regex(@"EngineScanCallback\(\)\: Threat (?<threat>[\S]+) identified", 
                RegexOptions.Compiled | RegexOptions.Multiline);
        
        protected override bool ParseStdErr { get; } = true;

        protected override string GetBackendArguments(string path) => path;

        public WindowsDefenderScanBackend(ILogger logger) : base(logger)
        {
        }
    }
}