Implement sanity check so we stop startup if we can't detect any malware samples.
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful

This commit is contained in:
Yvan Janssens 2023-04-07 13:45:57 +02:00
parent dbad1e4725
commit 1217a12f80
4 changed files with 92 additions and 39 deletions

2
go.mod
View File

@ -2,4 +2,4 @@ module git.cyber.gent/friedkiwi/malscan
go 1.18 go 1.18
require git.cyber.gent/friedkiwi/go-clamav v0.7.1 require git.cyber.gent/friedkiwi/go-clamav v0.7.2

2
go.sum
View File

@ -4,5 +4,7 @@ git.cyber.gent/friedkiwi/go-clamav v0.7.0 h1:d6AxgOZhC1XEoo+msrRn3CQ6T7foF5JnbAp
git.cyber.gent/friedkiwi/go-clamav v0.7.0/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg= git.cyber.gent/friedkiwi/go-clamav v0.7.0/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
git.cyber.gent/friedkiwi/go-clamav v0.7.1 h1:Xb53blnUfsqhudlqjMbbbLTY0gIdsUri+WmH5+E8ARI= git.cyber.gent/friedkiwi/go-clamav v0.7.1 h1:Xb53blnUfsqhudlqjMbbbLTY0gIdsUri+WmH5+E8ARI=
git.cyber.gent/friedkiwi/go-clamav v0.7.1/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg= git.cyber.gent/friedkiwi/go-clamav v0.7.1/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
git.cyber.gent/friedkiwi/go-clamav v0.7.2 h1:N4xp5vHxjtVBOE9C27+6cAvi6gnuVnb3cEesM7fdTPw=
git.cyber.gent/friedkiwi/go-clamav v0.7.2/go.mod h1:g/eB2nMDbD9z92r4ceCjEzXr189AD3ChiSi431iINhg=
github.com/ca110us/go-clamav v0.6.0 h1:f8h/5Z9rJbSRFrmeZsAJCpJZ+6DVGBYw1fufvuc+oQA= github.com/ca110us/go-clamav v0.6.0 h1:f8h/5Z9rJbSRFrmeZsAJCpJZ+6DVGBYw1fufvuc+oQA=
github.com/ca110us/go-clamav v0.6.0/go.mod h1:6kMDtag0KOIuKxfoArtCRCATCYr1inVLGatSXp9xm1s= github.com/ca110us/go-clamav v0.6.0/go.mod h1:6kMDtag0KOIuKxfoArtCRCATCYr1inVLGatSXp9xm1s=

View File

@ -2,9 +2,8 @@ package main
import ( import (
"fmt" "fmt"
"log"
"time" "time"
clamav "git.cyber.gent/friedkiwi/go-clamav"
) )
func banner() { func banner() {
@ -13,49 +12,29 @@ func banner() {
fmt.Println("") fmt.Println("")
} }
func sanity_check() bool {
vName, error := scan_data([]byte("X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"))
if error != nil && vName == "" {
panic(error)
}
if vName == "Win.Test.EICAR_HDB-1" {
return true
}
return false
}
func main() { func main() {
banner() banner()
// start freshclam goroutine // start freshclam goroutine
go freshclam_update() go freshclam_update()
// new clamav instance log.Println("Carrying out sanity checks...")
c := new(clamav.Clamav) if !sanity_check() {
err := c.Init(clamav.SCAN_OPTIONS{ log.Println("Sanity check failed!")
General: 0, return
Parse: clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
Heuristic: 0,
Mail: 0,
Dev: 0,
})
if err != nil {
panic(err)
} }
log.Println("Sanity check passed! Continuing startup...")
// free clamav memory
defer c.Free()
// load db
signo, err := c.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
if err != nil {
panic(err)
}
fmt.Println("db load succeed:", signo)
// compile engine
err = c.CompileEngine()
if err != nil {
panic(err)
}
c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
// fmt.Println(c.EngineGetNum(clamav.CL_ENGINE_MAX_SCANSIZE))
// scan
scanned, virusName, ret := c.ScanFile("/bin/bash")
fmt.Println(scanned, virusName, ret)
// loop forever. // loop forever.
for { for {

72
scanner.go Normal file
View File

@ -0,0 +1,72 @@
package main
import (
"errors"
"io/ioutil"
"log"
"os"
clamav "git.cyber.gent/friedkiwi/go-clamav"
)
func scan_data(data []byte) (string, error) {
log.Println("scan_data(): scanning data...")
// write data out to file to be scanned
tempFile, err := ioutil.TempFile("", "*.bin")
if err != nil {
return "", err
}
defer os.Remove(tempFile.Name())
bytesWritten, writeErr := tempFile.Write(data)
if writeErr != nil {
return "", writeErr
}
if bytesWritten != len(data) {
return "", errors.New("scan_data(): bytesWritten!= len(data)")
}
if err := tempFile.Close(); err != nil {
return "", err
}
// temporary file is now written to disk
// new clamav instance
clamavInstance := new(clamav.Clamav)
clamInitError := clamavInstance.Init(clamav.SCAN_OPTIONS{
General: 0,
Parse: clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF,
Heuristic: 0,
Mail: 0,
Dev: 0,
})
if clamInitError != nil {
return "", clamInitError
}
// free clamav memory
defer clamavInstance.Free()
// load db
_, loadDbError := clamavInstance.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY))
if loadDbError != nil {
return "", err
}
// compile engine
err = clamavInstance.CompileEngine()
if err != nil {
return "", err
}
clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40)
clamavInstance.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000)
// scan
_, virusName, ret := clamavInstance.ScanFile(tempFile.Name())
return virusName, ret
}