Implement sanity check so we stop startup if we can't detect any malware samples.
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
parent
dbad1e4725
commit
1217a12f80
2
go.mod
2
go.mod
@ -2,4 +2,4 @@ module git.cyber.gent/friedkiwi/malscan
|
||||
|
||||
go 1.18
|
||||
|
||||
require git.cyber.gent/friedkiwi/go-clamav v0.7.1
|
||||
require git.cyber.gent/friedkiwi/go-clamav v0.7.2
|
||||
|
||||
2
go.sum
2
go.sum
@ -4,5 +4,7 @@ git.cyber.gent/friedkiwi/go-clamav v0.7.0 h1:d6AxgOZhC1XEoo+msrRn3CQ6T7foF5JnbAp
|
||||
git.cyber.gent/friedkiwi/go-clamav v0.7.0/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
|
||||
git.cyber.gent/friedkiwi/go-clamav v0.7.1 h1:Xb53blnUfsqhudlqjMbbbLTY0gIdsUri+WmH5+E8ARI=
|
||||
git.cyber.gent/friedkiwi/go-clamav v0.7.1/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
|
||||
git.cyber.gent/friedkiwi/go-clamav v0.7.2 h1:N4xp5vHxjtVBOE9C27+6cAvi6gnuVnb3cEesM7fdTPw=
|
||||
git.cyber.gent/friedkiwi/go-clamav v0.7.2/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
|
||||
github.com/ca110us/go-clamav v0.6.0 h1:f8h/5Z9rJbSRFrmeZsAJCpJZ+6DVGBYw1fufvuc+oQA=
|
||||
github.com/ca110us/go-clamav v0.6.0/go.mod h1:6kMDtag0KOIuKxfoArtCRCATCYr1inVLGatSXp9xm1s=
|
||||
|
||||
55
malscan.go
55
malscan.go
@ -2,9 +2,8 @@ package main
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"log"
|
||||
"time"
|
||||
|
||||
clamav "git.cyber.gent/friedkiwi/go-clamav"
|
||||
)
|
||||
|
||||
func banner() {
|
||||
@ -13,49 +12,29 @@ func banner() {
|
||||
fmt.Println("")
|
||||
}
|
||||
|
||||
func sanity_check() bool {
|
||||
vName, error := scan_data([]byte("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"))
|
||||
if error != nil && vName == "" {
|
||||
panic(error)
|
||||
}
|
||||
if vName == "Win.Test.EICAR_HDB-1" {
|
||||
return true
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
||||
banner()
|
||||
// start freshclam goroutine
|
||||
go freshclam_update()
|
||||
|
||||
// new clamav instance
|
||||
c := new(clamav.Clamav)
|
||||
err := c.Init(clamav.SCAN_OPTIONS{
|
||||
General: 0,
|
||||
Parse: clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
|
||||
Heuristic: 0,
|
||||
Mail: 0,
|
||||
Dev: 0,
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
panic(err)
|
||||
log.Println("Carrying out sanity checks...")
|
||||
if !sanity_check() {
|
||||
log.Println("Sanity check failed!")
|
||||
return
|
||||
}
|
||||
|
||||
// free clamav memory
|
||||
defer c.Free()
|
||||
|
||||
// load db
|
||||
signo, err := c.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
fmt.Println("db load succeed:", signo)
|
||||
|
||||
// compile engine
|
||||
err = c.CompileEngine()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
|
||||
c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
|
||||
c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
|
||||
// fmt.Println(c.EngineGetNum(clamav.CL_ENGINE_MAX_SCANSIZE))
|
||||
|
||||
// scan
|
||||
scanned, virusName, ret := c.ScanFile("/bin/bash")
|
||||
fmt.Println(scanned, virusName, ret)
|
||||
log.Println("Sanity check passed! Continuing startup...")
|
||||
|
||||
// loop forever.
|
||||
for {
|
||||
|
||||
72
scanner.go
Normal file
72
scanner.go
Normal file
@ -0,0 +1,72 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
|
||||
clamav "git.cyber.gent/friedkiwi/go-clamav"
|
||||
)
|
||||
|
||||
func scan_data(data []byte) (string, error) {
|
||||
log.Println("scan_data(): scanning data...")
|
||||
|
||||
// write data out to file to be scanned
|
||||
tempFile, err := ioutil.TempFile("", "*.bin")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
defer os.Remove(tempFile.Name())
|
||||
|
||||
bytesWritten, writeErr := tempFile.Write(data)
|
||||
if writeErr != nil {
|
||||
return "", writeErr
|
||||
}
|
||||
|
||||
if bytesWritten != len(data) {
|
||||
return "", errors.New("scan_data(): bytesWritten!= len(data)")
|
||||
}
|
||||
|
||||
if err := tempFile.Close(); err != nil {
|
||||
return "", err
|
||||
}
|
||||
// temporary file is now written to disk
|
||||
|
||||
// new clamav instance
|
||||
clamavInstance := new(clamav.Clamav)
|
||||
clamInitError := clamavInstance.Init(clamav.SCAN_OPTIONS{
|
||||
General: 0,
|
||||
Parse: clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
|
||||
Heuristic: 0,
|
||||
Mail: 0,
|
||||
Dev: 0,
|
||||
})
|
||||
|
||||
if clamInitError != nil {
|
||||
return "", clamInitError
|
||||
}
|
||||
|
||||
// free clamav memory
|
||||
defer clamavInstance.Free()
|
||||
|
||||
// load db
|
||||
_, loadDbError := clamavInstance.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
|
||||
if loadDbError != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// compile engine
|
||||
err = clamavInstance.CompileEngine()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
|
||||
clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
|
||||
|
||||
// scan
|
||||
_, virusName, ret := clamavInstance.ScanFile(tempFile.Name())
|
||||
|
||||
return virusName, ret
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user