[fX]CdZddlZddlZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z mZmZmZddlmZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlm Z ddl!m"Z"m#Z#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*m+Z+m,Z,m-Z-m.Z.ddl/m0Z0ddl1m2Z2m3Z3m4Z4ddl5m6Z6ddl7m8Z8m9Z9m:Z:ddl;mZ>m?Z?m@Z@ddlAmBZBmCZCddlDmEZEddlFmGZGddlHmIZImJZJddlKmLZLddlMmNZNmOZOddlPmQZQdd lRmSZSmTZTdd!lAmUZUe eVZWd"ZXe(d#e*jYZZeeCj[d$%Z\eeCj[d&%Z]e4e2eWj^'eWj_Z`d(eeCd)efd*ZaGd+d,e"e#ZbGd-d.e"e#ZcGd/d0e"Zdd1ZeGd2d3ecZfGd4d5e"ZgGd6d7e"ZhdS)8u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)partial) getLogger)Path)DictIterableListTuple)utils) inactivity)Malware)MyImunifyConfig) HookEvent) LicenseCLN) MessageType)myimunify_protection_enabled) MessageSink MessageSourceexpect)g)register_lock_file)Scope nice_iteratorrecurring_checksafe_cancel_tasksplit_for_chunk) check_lock)DAYMINUTE rate_limit)MalwareDatabaseRestoreTask) CleanupResultMalwareCleanerMalwareCleanupProxy)CleanupStorage)MalwareHitStatusMalwareScanResourceTypeMalwareScanType)MalwareHistory MalwareHit)ScanAlreadyCompleteError)MalwareDatabaseCleaner)MDSDetachedCleanupMDSDetachedRestore)MalwareDatabaseRestore)HackerTrapHitsSaver MalwareAction)malware_response)get_username_by_uidis_uid)MalwareIgnorePathcleanupstatus) attributeowner)periodon_drophitsreturncd|DS)Nc3DK|]}|jtjk|VdSN)r7r%FOUND.0hits T/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/cleanup.py z#filter_cleanable..fs2 H HC3:1A1G#G#GC#G#G#G#G H Hr<s rEfilter_cleanablerJes H H4 H H HHrGc VeZdZdZdZdZdZeej de fdZ e de deed ee e ffd Ze de d ed ed e fd Zde d e fdZde d e fdZdZdZe dZdZdZ ddZdZeddZdS)Cleanupchd|_d|_d|_d|_d|_d|_d|_dS)NF) _cleanup_task_store_original_task_running_loop_sink_proxy_cleanerselfs rE__init__zCleanup.__init__js9!$(!     rGcK||_||_t|_t |||_|||_dS)N)loopsink) rQrRr#rSr"rT create_taskr6rNrVrYrZs rE create_sourcezCleanup.create_sourcessY  )++ &Dt<<< !--dllnn==rGc KdSr@rHrVrYs rE create_sinkzCleanup.create_sinkz  rGcPK|jrt|jd{VdSdSr@)rNrrUs rEshutdownzCleanup.shutdown}sD   7"4#566 6 6 6 6 6 6 6 6 6 7 7rGmessagec K|d}|d}|d}|d}|d}|du}t|d}tj|d| } t | } d| D} |sh|| t jt jg\} } | | d{V} | | | d{Vz} |t| z x} rt d | ||j || ||||||_dS) Ncause initiator post_actionscan_id standard_onlyr<)include_scan_infocFg|]}|jtjjk|SrH) resource_typer&FILEvaluerBs rE z0Cleanup.process_cleanup_task..s7    $;$@$FFF FFFrGz"%s/%s hits filtered before cleanup)getlenr) refresh_hitsrJ_split_hits_by_scan_typer'RESCANRESCAN_OUTDATED_filter_rescan_hits_filter_failed_to_cleanup_hitsloggerinforQr[_store_originalrO) rVrdrfrgrhrirjmanual_cleanuporigin_hits_numr< rescan_hitsfiltereds rEprocess_cleanup_taskzCleanup.process_cleanup_tasks G$$KK ,, kk-00 ++i(( O44 $gfo..& FO>/A    %%       !% = =-/NO!! K!% 8 8 E EEEEEEEKt'J'J((""""""D'T2 28  KK4    %)J$:$:  eY Wm  % % !!!rGr< scan_typesr=cgg}}|D];}|jj|vr||&||<||fSr@)scanidtypeappend)r<r target_hits other_hitsrDs rErtz Cleanup._split_hits_by_scan_typesd#%bZ  ' 'Cz*,,""3''''!!#&&&&J&&rG time_rangeallowed_attemptsc Kg}|rtj|z }i}t|dD]\}|tt jd|D|t jdd{V]|D]P}||j d}||krtd|j ||;| |Q|S)N chunk_sizecg|] }|j SrH orig_filerBs rErpz5Cleanup._filter_failed_to_cleanup..sAAAsS]AAArG)sincerzVSkip cleanup file '%s', since there are too many attempts to cleanup it in %s sec [%s]) timerupdatedictr(get_failed_cleanup_events_countasynciosleeprqrthrottled_log_errorr) r<rr hits_to_cleanrfailed_cleanup_count hits_chunkrDfailuress rE_filter_failed_to_cleanupz!Cleanup._filter_failed_to_cleanups3  *IKK*,E#% -dsCCC ' ' $++&FAAjAAA"'mA&&&&&&&&&& * */33CM1EE///'@ " $$S))))rGcRK||dtzdd{VS)Nrr)rrrVr<s rErwzCleanup._filter_rescan_hitssL33 QZ!4         rGcVK||ttd{VS)zl Don't try to cleanup the same hit more than *COUNT_OF_ATTEMPTS_TO_CLEANUP_PER_DAY* rN)rr$COUNT_OF_ATTEMPTS_TO_CLEANUP_PER_DAYrs rErxz&Cleanup._filter_failed_to_cleanup_hitssL 33 A4         rGc Ktj|tjt |}g}g} |D]} t j| jd{Vr| | n|| N#t$r@} t d| j| || Yd} ~ d} ~ wwxYw| r!tj| tj |}tjd5t!j|d{V\} } }dddn #1swxYwY| D]w} |jt)jd| jt jt1t3jd{Vx|| ||||||D]&\}tjfd| D|'tj|t;j|||d{VdS)Nz3Ignore re-check failed for file %s: %s; keeping hitcleanup_storagez*Failed to store the original from {} to {})rd timestampcg|]}|v| SrHrH)rChhit_lists rErpz+Cleanup._store_original..s"F"F"FX 1 rGrfrg)r) set_statusr%CLEANUP_STARTED_group_by_statusr4is_path_ignoredrr Exceptionry exceptionrAr tracktaskr$ store_allrRprocess_messager CleanupFailedformatpathintr _add_to_proxyitemsdelete_instancesr0cleanup_failed)rVr<rfrgrhrirjoriginal_status hits_to_keep ignored_hitsrDexc succeededfailed not_existr7rs @rEr{zCleanup._store_originals3 d$4$DEEE*400   ) )C )*:3=IIIIIIII- '',,,, '',,, ) ) )  IM ##C(((((((( )   !,0@0F G G GD   " "#4 5 5 P P1?1I$1O1O+O+O+O+O+O+O (Ivy P P P P P P P P P P P P P P P  C*,,)DKKM>+>"$)++..             uig}   !0 5 5 7 7 P P FH  !"F"F"F"Ff"F"F"F O O O O#I...* Ui            s*A B C6C  CEEEcg}g}|D]?} t||} | r|| *|| @|j||||d||j||||||dS)NT)"decide_if_standard_signatures_onlyrrSadd) rVr<rfrgrhrirjstandard_only_hits advanced_hitsrDstandard_only_users rErzCleanup._add_to_proxys   * *C!C="" " *"))#....$$S))))                        rGc$t|}|Sr@)_group_by_user)r< user_hitss rE _user_hitszCleanup._user_hits;s"4(( rGc# K|j}|D].\}}}}}}d|D fd|D}| |||||fV/dS)NcFg|]}tjd|j|S)z\w+-BLKH-|cloudhash\.|cld-)rematchrrBs rErpz0Cleanup._cloud_assisted_hits..Ks=8938DDrGcg|]}|v| SrHrH)rCrD blacklists rErpz0Cleanup._cloud_assisted_hits..Ps#LLLCs)7K7KC7K7K7KrG)rSflush) rV action_hitsrfrgrhrirjall_hits regular_hitsrs @rE_cloud_assisted_hitszCleanup._cloud_assisted_hits@sk''))         #I MLLL8LLLL      rGcKd|D}tj||t||}|j|d{VdS)Nc6g|]}|SrH)as_dictrBs rErpz'Cleanup._start_hook..\s ...# ...rG) cleanup_idstarted total_filesDUMP)rMalwareCleanupStartedrrrRr)rVrrr<dumpcleanup_starteds rE _start_hookzCleanup._start_hook[sr.....#9!D      j((99999999999rGNcK||}||pg} h|| D]} || g} | | g} | | z} g}| D]} tj|jd{Vr!t j|gtjn| |Y#t$r@}t d|j|| |Yd}~d}~wwxYwg}| D]} tj|jd{Vr!t j|gtjn| |Y#t$r@}t d|j|| |Yd}~d}~wwxYw|} |} d| | zD}|rjt|fd| D} fd| D} t j|tj|||d{Vfd| D} | s| s d| D}d| D}td ||zt%jj}t+j}t-| r| }t/js\td |d |jt9j| i||d ||||g d{Vt=|d{Vx}s td|d%|} | ||| d{V|j!"| |tFj$||d{V\}}}|jt9j| ||||||||| d{VdS)Nz0Ignore check failed for file %s: %s; keeping hitcDg|]}|j|SrH)orig_file_pathexistsrCrs rErpz(Cleanup._clean_files..s=###'..00####rGcg|]}|v| SrHrHrCr preflight_sets rErpz(Cleanup._clean_files..s*   q /E/EA/E/E/ErGcg|]}|v| SrHrHrs rErpz(Cleanup._clean_files..s#NNNAq 7M7Ma7M7M7MrGrcg|]}|v| SrHrHrs rErpz(Cleanup._clean_files..s*!!!0F0FA0F0F0FrGcg|] }|j SrHrrBs rErpz(Cleanup._clean_files..s;;;sS];;;rGcg|] }|j SrHrrBs rErpz(Cleanup._clean_files..s999sS]999rGzCleaning files: %sz)Can't clean files for non panel user uid=z, since license is limitedz#Cleanup failed. License restriction) r<resultrrerrorrfrgrhriargszCan't find username for uid=z. Skip cleanup)softrrj)%rrqr4rrr)rr%rArrryrsetrr0rdebuguuiduuid4hexrr3r is_unlimitedrrRrrMalwareCleanupr2warningrrTstartConfig CLEANUP_TRIM)rVr<rrfrgrhrirjruser_hits_blackuser hits_regular hits_black user_hits_allfiltered_hits_regularrDrfiltered_hits_blackpreflight_not_existfilesblackrruidusernamerrcmdrs @rE _clean_fileszCleanup._clean_filesesOOD)) //)/r::2i2/2{ { D$==r22L(,,T266J(:5M%' !# 6 6 6.>s}MMMMMMMM:"-se5E5KLLLL-44S999 666$$J  *00555555556#% ! 4 4 4.>s}MMMMMMMM8"-se5E5KLLLL+223777 444$$J  (..s33333333 41L,J##% 2###  #  #$7 8 8     +    ONNNNNN +,?@@@#-'' !!!!,!!!     ;;l;;;E99j999E LL-uu} = = =)JikkGd|| !.00LL3333*44#2!.#%'1$+"G"'&/(3$+!#            *=c*B*B$B$B$B$B$B$BBNNG3GGG"":w FF F F F F F F F'+}':':(+ (;(("""""" FE3*,,*&!)#' +#             ]{ { s21AC D6D  DAE11 F;;6F66F;c K|jrdS|jjs|jdSd|_tjd5 |}|D],\}}}}}}}||||||||d{V- d|_n #d|_wxYw ddddS#1swxYwYdS)NTr6)rrfrgrhrirjF) rPrSr<resetr rrrr ) rVdatarrrfrgrhrirjs rE_cleanupzCleanup._cleanupsv =  F{  K      F   " "9 - - & & &0022!++ "+#"+$/ '&3,&!&  %%%% - & & & & & & & & & & & & & & & & & &s+CAB'C' B00CCCc>K|d{VdSr@)rrUs rEr6zCleanup.cleanups,mmoorG)NNNNNN) __name__ __module__ __qualname__rWr]r`rcrrMalwareCleanupTaskrr staticmethodlistrr'r rtfloatrrrwrxr{rrrrr rrr6rHrGrErLrLis >>>   777 VK *++( $( ( ( ,+( T ' ' $_ 5 ' tTz  ' ' '\ '#( d t       $     2 2 2 h   >\6:::HHHHT&&&B_QrGrLceZdZejZdZdZed de e de fdZ e ejdZdZdS) ResultProcessorc KdSr@rHr_s rEr`zResultProcessor.create_sinkrarGcK||_dSr@)rRr\s rEr]zResultProcessor.create_sources rGNr<r7cXtj||||D]}||_||_dSr@)r)rr7 cleaned_at)r<r7r rDs rE_set_hit_statuszResultProcessor._set_hit_statuss@dFJ777 ( (CCJ'CNN ( (rGcK|d}|d|d}|d}tj}fd|D}fd|D}|d}|rLd|dd D} td t |t ||| |r+r)td |t g} t |d 23d{V} | rD| jr| | P| | f6g} |D]F} | js| | 1| | G| }tj |||d{Vfd|D} tj | ||d{V| | tj|fd|D}tj|||d{Vfd|D}tj|||d{V| |tj|fd|D}tj|||d{V| |tj|t+j| tj| ||d{Vt/||D]\}}| ||||d{V|S)Nr<rrfrgcg|]}|v| SrHrHrCrDrs rErpz0ResultProcessor.store_result..-s:::SC6MMSMMMrGcg|]}|v| SrHrHr$s rErpz0ResultProcessor.store_result...s#@@@sc.?.?s.?.?.?rGrcg|] }|j SrHrrs rErpz0ResultProcessor.store_result..2s;;;aak;;;rGz=Cleanup: %d/%d hits unmatched in result (error=%r, sample=%s)uCCleanup: partial failure — error=%r but %d result entries presentdrrcHg|]}||SrH)requires_myimunify_protectionr$s rErpz0ResultProcessor.store_result..]s?) ) ) c{88::) ) ) ) rGcHg|]}||SrH) is_failedr$s rErpz0ResultProcessor.store_result..ks.FFF#fSk.C.C.E.EF#FFFrGcHg|]}||SrH) is_cleanedr$s rErpz0ResultProcessor.store_result..p.HHH3vc{/E/E/G/GH3HHHrGcHg|]}||SrH) is_removedr$s rErpz0ResultProcessor.store_result..vr/rG)rqrryrrrrrrrrr0cleanup_unable%cleanup_requires_myimunify_protectionr!r%%CLEANUP_REQUIRES_MYIMUNIFY_PROTECTIONr cleanup_done CLEANUP_DONEcleanup_removedCLEANUP_REMOVEDr)rrr"send_failed_to_cleanup_hits_to_mrs)rVrdr<rfrgnow processed unprocessedrsamplerrDstill_unprocessedr*rcleanedremovedr7rrs @rE store_resultzResultProcessor.store_result%s!( ' 1 G$$KK ,, ikk::::D::: @@@@d@@@  G$$  ;;;rr?;;;F NN)K  D       V  NN1F     &ySAAA * * * * * * *#c{$$&& *%,,..*&&s++++$$S)))B . .C%,,.. .  %%%%!((----' * u           ) ) ) )  ) ) ) % A ))            )  B    GFFFFFF* %9          IHHH)HHH( 5I           W&6&CSIIIHHHH)HHH+ 5I           W&6&FLLL#I...% Ui          !1f E E K K M M 3 3 FH  6 2 2 2 255f=========sE6c K|r~|jtjd|Ddd{V|jtjd|Ddd{VdSdS)NcLg|]!}tj|j|j"SrH)r1HitInforhashrBs rErpzFResultProcessor.send_failed_to_cleanup_hits_to_mrs..s9)0IIrGcleanup_failure_current)r< upload_reasonc g|];}tjttj||j.sR  )0 A# F FGGHrGcleanup_failure_original)rRrrMalwareMRSUpload)rVfailed_to_cleanup_hitss rEr9z2ResultProcessor.send_failed_to_cleanup_hits_to_mrss ! *,,,#9#<        *,,, $: #=                rGr@)rrrrAVSCOPEr`r]rrr)rIr!rrrrAr9rHrGrErrs HE   ((d:.((((\(  VK &''``('`DrGrceZdZdZdZdZdZdZee j e j dZ eedeed Zd S) StorageControllerz'Remove old backed up files from storagec6d|_tj|_dSr@) _clear_taskr CLEANUP_KEEP_keeprUs rErWzStorageController.__init__s( rGcbK|||_dSr@)r[ daily_clearrSr_s rEr`zStorageController.create_sinks.++D,<,<,>,>??rGcPK|jrt|jd{VdSdSr@)rSrrUs rErczStorageController.shutdownsD   5"4#344 4 4 4 4 4 4 4 4 4 5 5rGc|Ktj}||jtzz }||jdztzz }tjtj|ktj |d{V}|rt d|dSdS)Nrz/Cleanup storage have cleaned. Files removed: %s) rrUrr)deletewherer executer$clearryrz)rVr: keep_hits keep_origcleareds rE_clearzStorageController._clearsikk$*s** 4:>S00 !!*"7)"CDDLLNNN&,Y77777777   KKA7       rGcK|jtjkr-tj|_|d{VdSdSr@)rUrrTra)rV_s rEconfig_updatedz StorageController.config_updatedsP :, , ,,DJ++--          - ,rGT)check_period_firstcheck_lock_period lock_filec>K|d{VdSr@)rarUs rErWzStorageController.daily_clears.kkmmrGN)rrr__doc__rWr`rcrarr ConfigUpdater log_error_and_ignorerdrrr LOCK_FILErWrHrGrErQrQs11)))@@@555    VK $%%U!!  "!&% _    rGrQcTtjsdS||dkst|r|SdS)z.sZ   U  "" ',&6&6&8&8 II   rGr)superrArr/update_sa_hits)rVrd to_remove __class__s rErAz!ResultProcessorIm360.store_results,,W55555555  %h/5577   "0Y???????????rG) rrrrirIM360rOrrrrA __classcell__)rxs@rErqrqsl KE VK &''@@@@('@@@@@rGrqc^eZdZejZdZedZdZ dZ e e j dZe e jdZe e jde jfdZe e jd Ze e jde jfd Zd S) CleanupDbcd|_dSr@)rQrUs rErWzCleanupDb.__init__s  rGcKtjj}t|||d{VdSr@)rrrr+r)rapp_namers rE_start_cleanerzCleanupDb._start_cleanersJZ\\% $Zx@@FFHHHHHHHHHHHrGcKtjsWtjtjx} dSt d|j |j |j tj |gtj||j |j d{VdS)NzCleaning hit: (%s::%s::%s))r)db_hits_under_cleanuprdb_hits_pending_cleanuporder_byrascfirstryrzrrrrr%rr)rVnext_hits rE _cleanup_nextzCleanupDb._cleanup_nexts  , . . 5 5 7 7 '>@@*.224455  F (     M    xj*:*JKKK!!("4h6GHHHHHHHHHHHrGcLK||_|d{VdSr@)rQrr_s rEr`zCleanupDb.create_sinks7   """""""""""rGcKtj|d}t|}d|D}|sdStj|tj|d{VdS)Nr<cFg|]}|jtjjk|SrH)rmr&DBrorBs rErpz2CleanupDb.process_cleanup_task..s7    $;$>$DDD DDDrG)r)rsrJrr%CLEANUP_PENDINGr)rVrdr<rdb_hitss rErzCleanupDb.process_cleanup_task s&wv77(..   $      Fg'7'GHHH  """""""""""rGcK|d}t|} |d{V}nT#t$rGtd|Yt jt|jddSwxYw t jt|jdn-#t jt|jdwxYwtj |d{VdS)Nriz;Cannot complete cleanup %s, assuming it is already completeT ignore_errors) r,completer*ryrshutilrmtreerI detached_dirrrZr)rVrdclean_iddetached_cleanupcleanup_outcomes rEparse_cleanup_resultszCleanupDb.parse_cleanup_resultssP9%-h77 $4$=$=$?$???????OO'    NNM     M$122$         M$122$     FM$122$     f$$_55555555555&6B4%BB4BB44*CrdcBKtj|j}tj|j}tj|t jtjtj|t j| d{VdSr@) r)db_hits_under_cleanup_inrrrr%r6rrAr)rVrd cleaned_hits failed_hitss rEupdate_cleaned_hits_statusz$CleanupDb.update_cleaned_hits_status.s":7;LMM  9'.II  *7    k+;+ABBB  """""""""""rGcKtj}tj|tj|d{VdS)zc Clear the queue when the cleanup fails, set hits' status back to infected N)r)rrr%rArrVrdr<s rEupdate_failed_hits_statusz#CleanupDb.update_failed_hits_status:sW/11d$4$:;;;  """""""""""rGcKd}d}tj|j}tj|||d{Vtj|j}tj|||d{VdS)Nr)r) get_db_hitsrr0r5rr)rVrdrfrgrrs rEsave_cleanup_events_in_historyz(CleanupDb.save_cleanup_events_in_historyFs !-g.?@@ (           !,W^<< * u             rGN)rrrrryrOrWrrrr`rrrrMalwareCleanCompleterMalwareDatabaseCleanuprMalwareDatabaseCleanupFailedrrrHrGrEr|r|sV KEII\IIII(### VK *++ # #,+ # VK ,--66.-6$ VK .// #"9 # # #0/ # VK 455 # #65 # VK .//  "9    0/    rGr|cveZdZejZdZedZdZ ede e de e fdZ e ejdefdZe ejd Ze ejd Ze ejd Ze ejd Zd S)RestoreOriginalDbcd|_dSr@)rYrUs rErWzRestoreOriginalDb.__init__Ys  rGc8KtjsWtjtjx} dS|jtj kr|j nd}t d|j|j|t!|j|j|d{Vtj|gtjdS)Nz(Restoring from cleanup hit: (%s::%s::%s))rr signature_id)r)db_hits_under_cleanup_restorerdb_hits_pending_cleanup_restorerrrrr7r%CLEANUP_REMOTE_RESTORE_PENDINGrryrzrrr.restorerCLEANUP_RESTORE_STARTED)hit_to_restorers rE _restore_nextzRestoreOriginalDb._restore_next\sE  4 6 6 = = ? ? >@@Xj2668899UWW  F$>??  ' '   6  $  #     %)#,%    '))           .F     rGcLK||_|d{VdSr@)rYrr_s rEr`zRestoreOriginalDb.create_sinks7   """""""""""rGr<r=cd|DS)Nc3DK|]}|jtjk|VdSr@)r7r%rrBs rErFz:RestoreOriginalDb._filter_under_restore..s?  z-EEE EEEE  rGrHrIs rE_filter_under_restorez'RestoreOriginalDb._filter_under_restores#      rGrdcKtjtj|jktj|jk}t j}|jr4|tj |jk}t j }tj ||| d{VdSr@) r)rr[rrrr%CLEANUP_RESTORE_PENDINGrrrrr)rVrdqueryrestore_statuss rEqueue_db_restorez"RestoreOriginalDb.queue_db_restores   U:'7<7 8 8 U:&'*:: ; ;  *A   MKK 73G GHHE-LN       """""""""""rGcK|d}t|} |d{V}nT#t$rGtd|Yt jt|jddSwxYw t jt|jdn-#t jt|jdwxYwtj |d{VdS)Nriz;Cannot complete restore %s, assuming it is already completeTr) r-rr*ryrrrrIrrrZr)rVrd restore_iddetached_restorerestore_messages rEparse_restore_resultsz'RestoreOriginalDb.parse_restore_resultssPY' -j99 $4$=$=$?$???????OO'    NNM     M$122$         M$122$     FM$122$     f$$_55555555555rcKtj|j}tj||t j|d{VdSr@)r)rrrrr%rAr)rVrd restored_hitss rEupdate_restored_hits_statusz-RestoreOriginalDb.update_restored_hits_statussq".w/@AA   & &} 5 57G7M     """""""""""rGcFK|d}|d}tj|j}|D]^}t j|j|jtj j |j |j |||j |j|j|j d{V_tj|j}|D]^}t j|j|jtj j |j |j |||j |j|j|j d{V_dS)Nrfrg) rrrm file_owner file_userrgrfdb_hostdb_portdb_namer)rqr)rrr0cleanup_restored_originalrrr&rror9rrrrrrcleanup_failed_restore)rVrdrfrgrrDrs rEsave_restore_events_in_historyz0RestoreOriginalDb.save_restore_events_in_historysc G$$KK ,, ".w/@AA    C 9]58>9(#    -           !,W^<<   C6]58>9(#    -             rGcKtj}tj|tj|d{VdS)zg Clear the queue when the restore fails, set hits' status back to cleanup_done N)r)db_hits_under_restorationrr%r6rrs rErz+RestoreOriginalDb.update_failed_hits_statussW 355d$4$ABBB  """""""""""rGN)rrrrryrOrWrrr`rr)rrrr rMalwareRestoreCompleterr.rrMalwareDatabaseRestoreFailedrrHrGrErrVsj KE# # \# J### z" *    \  VK 233#.H###43#" VK .//660/6( VK .//##0/# VK .//""0/"H VK 455##65###rGr)irirrrrr functoolsrloggingrpathlibrtypingrrrr defence360agentr defence360agent.apir defence360agent.contracts.configr rr %defence360agent.contracts.hook_eventsr!defence360agent.contracts.licenser"defence360agent.contracts.messagesr%defence360agent.contracts.permissionsr!defence360agent.contracts.pluginsrrr&defence360agent.internals.global_scoper'defence360agent.subsys.persistent_staterdefence360agent.utilsrrrrr defence360agent.utils.check_lockrdefence360agent.utils.commonrrrimav.contracts.messagesr imav.malwarelib.cleanup.cleanerr!r"r#imav.malwarelib.cleanup.storager$imav.malwarelib.configr%r&r'imav.malwarelib.modelr(r)imav.malwarelib.scanr* imav.malwarelib.scan.mds.cleanerr+!imav.malwarelib.scan.mds.detachedr,r- imav.malwarelib.scan.mds.restorer.imav.malwarelib.subsys.malwarer/r0imav.malwarelib.utilsr1imav.malwarelib.utils.user_listr2r3r4rryrAV_IM360rlgroup_by_attributerrrrrrJrLrrQrrqr|rrHrGrErsq* ............!!!!!!******<;;;;;888888::::::NNNNNN 544444FFFFFF877777@@@@@@@@@@>>>>>> ;::::: =<<<<<<<999999CCCCCCDCCCCCMMMMMMMM222222433333 8  '($  y%. 9 9 7:8HMMM6'JJJDjjV^DDD L I8J/IHIIIIiiiiik=iiiX IIIIIk=IIIX''''' '''T   @@@@@?@@@$j j j j j j j j ZV#V#V#V#V# V#V#V#V#V#rG