Implement sanity check so we stop startup if we can't detect any malware samples.

go.mod

@@ -2,4 +2,4 @@ module git.cyber.gent/friedkiwi/malscan
 
 go 1.18
 
-require git.cyber.gent/friedkiwi/go-clamav v0.7.1
+require git.cyber.gent/friedkiwi/go-clamav v0.7.2

go.sum

@@ -4,5 +4,7 @@ git.cyber.gent/friedkiwi/go-clamav v0.7.0 h1:d6AxgOZhC1XEoo+msrRn3CQ6T7foF5JnbAp
 git.cyber.gent/friedkiwi/go-clamav v0.7.0/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
 git.cyber.gent/friedkiwi/go-clamav v0.7.1 h1:Xb53blnUfsqhudlqjMbbbLTY0gIdsUri+WmH5+E8ARI=
 git.cyber.gent/friedkiwi/go-clamav v0.7.1/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
+git.cyber.gent/friedkiwi/go-clamav v0.7.2 h1:N4xp5vHxjtVBOE9C27+6cAvi6gnuVnb3cEesM7fdTPw=
+git.cyber.gent/friedkiwi/go-clamav v0.7.2/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
 github.com/ca110us/go-clamav v0.6.0 h1:f8h/5Z9rJbSRFrmeZsAJCpJZ+6DVGBYw1fufvuc+oQA=
 github.com/ca110us/go-clamav v0.6.0/go.mod h1:6kMDtag0KOIuKxfoArtCRCATCYr1inVLGatSXp9xm1s=

malscan.go

@@ -2,9 +2,8 @@ package main
 
 import (
 	"fmt"
+	"log"
 	"time"
-
-	clamav "git.cyber.gent/friedkiwi/go-clamav"
 )
 
 func banner() {
@@ -13,49 +12,29 @@ func banner() {
 	fmt.Println("")
 }
 
+func sanity_check() bool {
+	vName, error := scan_data([]byte("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"))
+	if error != nil && vName == "" {
+		panic(error)
+	}
+	if vName == "Win.Test.EICAR_HDB-1" {
+		return true
+	}
+	return false
+}
+
 func main() {
 
 	banner()
 	// start freshclam goroutine
 	go freshclam_update()
 
-	// new clamav instance
+	log.Println("Carrying out sanity checks...")
-	c := new(clamav.Clamav)
+	if !sanity_check() {
-	err := c.Init(clamav.SCAN_OPTIONS{
+		log.Println("Sanity check failed!")
-		General:   0,
+		return
-		Parse:     clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
-		Heuristic: 0,
-		Mail:      0,
-		Dev:       0,
-	})
-
-	if err != nil {
-		panic(err)
 	}
-
+	log.Println("Sanity check passed! Continuing startup...")
-	// free clamav memory
-	defer c.Free()
-
-	// load db
-	signo, err := c.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
-	if err != nil {
-		panic(err)
-	}
-	fmt.Println("db load succeed:", signo)
-
-	// compile engine
-	err = c.CompileEngine()
-	if err != nil {
-		panic(err)
-	}
-
-	c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
-	c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
-	// fmt.Println(c.EngineGetNum(clamav.CL_ENGINE_MAX_SCANSIZE))
-
-	// scan
-	scanned, virusName, ret := c.ScanFile("/bin/bash")
-	fmt.Println(scanned, virusName, ret)
 
 	// loop forever.
 	for {

scanner.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"errors"
+	"io/ioutil"
+	"log"
+	"os"
+
+	clamav "git.cyber.gent/friedkiwi/go-clamav"
+)
+
+func scan_data(data []byte) (string, error) {
+	log.Println("scan_data(): scanning data...")
+
+	// write data out to file to be scanned
+	tempFile, err := ioutil.TempFile("", "*.bin")
+	if err != nil {
+		return "", err
+	}
+	defer os.Remove(tempFile.Name())
+
+	bytesWritten, writeErr := tempFile.Write(data)
+	if writeErr != nil {
+		return "", writeErr
+	}
+
+	if bytesWritten != len(data) {
+		return "", errors.New("scan_data(): bytesWritten!= len(data)")
+	}
+
+	if err := tempFile.Close(); err != nil {
+		return "", err
+	}
+	// temporary file is now written to disk
+
+	// new clamav instance
+	clamavInstance := new(clamav.Clamav)
+	clamInitError := clamavInstance.Init(clamav.SCAN_OPTIONS{
+		General:   0,
+		Parse:     clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
+		Heuristic: 0,
+		Mail:      0,
+		Dev:       0,
+	})
+
+	if clamInitError != nil {
+		return "", clamInitError
+	}
+
+	// free clamav memory
+	defer clamavInstance.Free()
+
+	// load db
+	_, loadDbError := clamavInstance.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
+	if loadDbError != nil {
+		return "", err
+	}
+
+	// compile engine
+	err = clamavInstance.CompileEngine()
+	if err != nil {
+		return "", err
+	}
+
+	clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
+	clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
+
+	// scan
+	_, virusName, ret := clamavInstance.ScanFile(tempFile.Name())
+
+	return virusName, ret
+}