mirror of
https://github.com/gnh1201/welsonjs.git
synced 2025-02-06 15:04:58 +00:00
Add to ClamAV integration to the File Event Monitor
This commit is contained in:
parent
93ea20cf25
commit
f7b1461cc5
|
|
@ -1,9 +1,13 @@
|
||||||
// FileEventMonitor.cs
|
// FileEventMonitor.cs
|
||||||
// Namhyeon Go <abuse@catswords.net>
|
// Namhyeon Go <abuse@catswords.net>
|
||||||
// https://github.com/gnh1201/welsonjs
|
// https://github.com/gnh1201/welsonjs
|
||||||
|
using ClamAV.Net.Client;
|
||||||
|
using ClamAV.Net.Client.Results;
|
||||||
using System;
|
using System;
|
||||||
using System.Diagnostics.Eventing.Reader;
|
using System.Diagnostics.Eventing.Reader;
|
||||||
|
using System.Runtime.CompilerServices;
|
||||||
using System.ServiceProcess;
|
using System.ServiceProcess;
|
||||||
|
using System.Threading.Tasks;
|
||||||
|
|
||||||
namespace WelsonJS.Service
|
namespace WelsonJS.Service
|
||||||
{
|
{
|
||||||
|
|
@ -62,10 +66,22 @@ namespace WelsonJS.Service
|
||||||
Details,
|
Details,
|
||||||
User
|
User
|
||||||
}
|
}
|
||||||
|
private string clamAvConenctionString;
|
||||||
|
private IClamAvClient clamAvClient;
|
||||||
|
|
||||||
public FileEventMonitor(ServiceBase parent, string workingDirectory)
|
public FileEventMonitor(ServiceBase parent, string workingDirectory)
|
||||||
{
|
{
|
||||||
this.parent = (ServiceMain)parent;
|
this.parent = (ServiceMain)parent;
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
clamAvConenctionString = this.parent.GetSettingsFileHandler().Read("CLAMAV_HOST", "Service");
|
||||||
|
}
|
||||||
|
catch (Exception)
|
||||||
|
{
|
||||||
|
clamAvConenctionString = "tcp://127.0.0.1:3310";
|
||||||
|
}
|
||||||
|
Task.Run(ConnectToClamAv);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void Start()
|
public void Start()
|
||||||
|
|
@ -86,7 +102,7 @@ namespace WelsonJS.Service
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
{
|
{
|
||||||
parent.Log($"Failed to connect the Windows EventLog Service: {ex.Message}");
|
parent.Log($"Could not reach to the Sysmon service: {ex.Message}");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -131,6 +147,15 @@ namespace WelsonJS.Service
|
||||||
fileName
|
fileName
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
if (clamAvClient != null)
|
||||||
|
{
|
||||||
|
parent.Log($"> Starting the ClamAV scan: {fileName}");
|
||||||
|
Task.Run(async () =>
|
||||||
|
{
|
||||||
|
await ScanWithClamAv(fileName);
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -191,5 +216,37 @@ namespace WelsonJS.Service
|
||||||
parent.Log("The event instance was null.");
|
parent.Log("The event instance was null.");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private async Task ConnectToClamAv()
|
||||||
|
{
|
||||||
|
try {
|
||||||
|
// Create a client
|
||||||
|
clamAvClient = ClamAvClient.Create(new Uri(clamAvConenctionString));
|
||||||
|
|
||||||
|
// Send PING command to ClamAV
|
||||||
|
await clamAvClient.PingAsync().ConfigureAwait(false);
|
||||||
|
|
||||||
|
// Get ClamAV engine and virus database version
|
||||||
|
VersionResult result = await clamAvClient.GetVersionAsync().ConfigureAwait(false);
|
||||||
|
|
||||||
|
parent.Log($"ClamAV version - {result.ProgramVersion} , virus database version {result.VirusDbVersion}");
|
||||||
|
}
|
||||||
|
catch (Exception ex)
|
||||||
|
{
|
||||||
|
parent.Log($"Could not reach to ClamAV service: {clamAvConenctionString}, {ex.Message}");
|
||||||
|
clamAvClient = null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private async Task ScanWithClamAv(string remotePath)
|
||||||
|
{
|
||||||
|
ScanResult res = await clamAvClient.ScanRemotePathAsync(remotePath).ConfigureAwait(false);
|
||||||
|
|
||||||
|
parent.Log($"> Scan result: Infected={res.Infected}, VirusName={res.VirusName}");
|
||||||
|
parent.Log(parent.DispatchServiceEvent("avScanResult", new string[] {
|
||||||
|
res.Infected.ToString(),
|
||||||
|
res.VirusName
|
||||||
|
}));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -97,6 +97,9 @@
|
||||||
<StartupObject />
|
<StartupObject />
|
||||||
</PropertyGroup>
|
</PropertyGroup>
|
||||||
<ItemGroup>
|
<ItemGroup>
|
||||||
|
<Reference Include="ClamAV.Net, Version=0.1.166.0, Culture=neutral, processorArchitecture=MSIL">
|
||||||
|
<HintPath>..\packages\ClamAV.Net.0.1.166\lib\netstandard2.0\ClamAV.Net.dll</HintPath>
|
||||||
|
</Reference>
|
||||||
<Reference Include="Google.Protobuf, Version=3.28.0.0, Culture=neutral, PublicKeyToken=a7d26565bac4d604, processorArchitecture=MSIL">
|
<Reference Include="Google.Protobuf, Version=3.28.0.0, Culture=neutral, PublicKeyToken=a7d26565bac4d604, processorArchitecture=MSIL">
|
||||||
<HintPath>..\packages\Google.Protobuf.3.28.0\lib\net45\Google.Protobuf.dll</HintPath>
|
<HintPath>..\packages\Google.Protobuf.3.28.0\lib\net45\Google.Protobuf.dll</HintPath>
|
||||||
</Reference>
|
</Reference>
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
<?xml version="1.0" encoding="utf-8"?>
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
<packages>
|
<packages>
|
||||||
|
<package id="ClamAV.Net" version="0.1.166" targetFramework="net48" />
|
||||||
<package id="Google.Protobuf" version="3.28.0" targetFramework="net48" />
|
<package id="Google.Protobuf" version="3.28.0" targetFramework="net48" />
|
||||||
<package id="Grpc" version="2.46.6" targetFramework="net48" />
|
<package id="Grpc" version="2.46.6" targetFramework="net48" />
|
||||||
<package id="Grpc.Core" version="2.46.6" targetFramework="net48" />
|
<package id="Grpc.Core" version="2.46.6" targetFramework="net48" />
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user