From dc8d463f532e8835e31d56afd620b894dbf05c3b Mon Sep 17 00:00:00 2001 From: Yvan Janssens Date: Thu, 6 Apr 2023 10:27:37 +0200 Subject: [PATCH] Initial commit. --- .gitignore | 1 + .woodpecker.yml | 13 ++++++++++++ Dockerfile | 38 ++++++++++++++++++++++++++++++++++ config/freshclam.conf | 2 ++ env.osx | 2 ++ go.mod | 5 +++++ malscan.go | 47 +++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 108 insertions(+) create mode 100644 .gitignore create mode 100644 .woodpecker.yml create mode 100644 Dockerfile create mode 100644 config/freshclam.conf create mode 100644 env.osx create mode 100644 go.mod create mode 100644 malscan.go diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..395bb0f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +eicar.com diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..605b23e --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,13 @@ +pipeline: + publish-docker-image: + image: plugins/kaniko + settings: + dockerfile: Dockerfile + repo: git.cyber.gent/friedkiwi/malscan + tags: latest,v0-${CI_COMMIT_SHA:0:8} + username: ${CI_REPO_OWNER} + registry: git.cyber.gent + password: + from_secret: gitea_access_token + when: + event: push \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..72baf4a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,38 @@ +FROM ubuntu:22.04 + + +# Deal with ClamAV installation +RUN apt update -y && apt upgrade -y && apt install -y \ + gcc make pkg-config python3 python3-pip python3-pytest valgrind \ + check libbz2-dev libcurl4-openssl-dev libjson-c-dev libmilter-dev \ + libncurses5-dev libpcre2-dev libssl-dev libxml2-dev zlib1g-dev \ + cmake cargo rust-all wget + +RUN mkdir -p /work/clamav && \ + wget https://www.clamav.net/downloads/production/clamav-1.0.1.tar.gz && \ + tar xf clamav-1.0.1.tar.gz && \ + mkdir clamav-build && \ + cd clamav-build && \ + cmake ../clamav-1.0.1 && \ + make -j4 && \ + make install && \ + rm -Rf /work/clamav + +# Add at least basic (but out of date) ClamAV DB as a fallback for testing purposes +COPY config/freshclam.conf /usr/local/etc/freshclam.conf +RUN freshclam --foreground -v + +# Deal with Golang installation + +RUN apt update -y && apt upgrade -y && apt install -y \ + golang + +RUN mkdir -p /work/malscan +COPY . /work/malscan + +RUN cd /work/malscan && \ + CGO_LDFLAGS='-lclamav' go build malscan.go && \ + cp malscan /usr/local/bin/malscan + +# Entrypoint +CMD /usr/local/bin/malscan \ No newline at end of file diff --git a/config/freshclam.conf b/config/freshclam.conf new file mode 100644 index 0000000..6ee1a92 --- /dev/null +++ b/config/freshclam.conf @@ -0,0 +1,2 @@ +DatabaseMirror database.clamav.net +DatabaseOwner root \ No newline at end of file diff --git a/env.osx b/env.osx new file mode 100644 index 0000000..8258f35 --- /dev/null +++ b/env.osx @@ -0,0 +1,2 @@ +export CGO_LDFLAGS="-L/opt/homebrew/opt/openssl@1.1/lib -L/usr/local/lib -lclamav" +export CGO_CPPFLAGS="-I/opt/homebrew/opt/openssl@1.1/include" \ No newline at end of file diff --git a/go.mod b/go.mod new file mode 100644 index 0000000..4167515 --- /dev/null +++ b/go.mod @@ -0,0 +1,5 @@ +module git.cyber.gent/friedkiwi/malscan + +go 1.18 + +require git.cyber.gent/friedkiwi/go-clamav v0.7.1 // indirect diff --git a/malscan.go b/malscan.go new file mode 100644 index 0000000..8d1085b --- /dev/null +++ b/malscan.go @@ -0,0 +1,47 @@ +package main + +import ( + "fmt" + + clamav "git.cyber.gent/friedkiwi/go-clamav" +) + +func main() { + // new clamav instance + c := new(clamav.Clamav) + err := c.Init(clamav.SCAN_OPTIONS{ + General: 0, + Parse: clamav.CL_SCAN_PARSE_ARCHIVE | clamav.CL_SCAN_PARSE_ELF, + Heuristic: 0, + Mail: 0, + Dev: 0, + }) + + if err != nil { + panic(err) + } + + // free clamav memory + defer c.Free() + + // load db + signo, err := c.LoadDB("/usr/local/share/clamav", uint(clamav.CL_DB_DIRECTORY)) + if err != nil { + panic(err) + } + fmt.Println("db load succeed:", signo) + + // compile engine + err = c.CompileEngine() + if err != nil { + panic(err) + } + + c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANSIZE, 1024*1024*40) + c.EngineSetNum(clamav.CL_ENGINE_MAX_SCANTIME, 9000) + // fmt.Println(c.EngineGetNum(clamav.CL_ENGINE_MAX_SCANSIZE)) + + // scan + scanned, virusName, ret := c.ScanFile("/bin/bash") + fmt.Println(scanned, virusName, ret) +}