§ +…^÷T~Fãó—dZddlmZddlZddlmZddlmZddlm Z ddl mZmZddl mZdd lmZdd lmZddlmZddlmZmZmZdd lmZmZddlmZerddlm Z ee!e"e fZ#e e$¦«Z%Gd„dee¦«Z&dS)u This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.Â See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.Â If not, see . CopyrightÂ Â© 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see é)ÚannotationsN)ÚQueue)Ú ExitStack)Ú getLogger)Ú TYPE_CHECKINGÚList)Ú inactivity)ÚMalware)ÚLicenseError)ÚMessageType)ÚMessageSinkÚ MessageSourceÚexpect)Úrecurring_checkÚsafe_cancel_task)Úmalware_response)ÚMalwareMRSUploadcóè—eZdZdZejd¦«Zd„Zd„Zd„Z d„Z dd „Zee j¦«d „¦«Zed¦«d„¦«Zdd„Zee j¦«dd„¦«ZdS)ÚMRSUploaderzFailed to submit a filez-(?:suspicious\..+|[CS]MW-SUS-.+|SMW-HEUR-ELF)có,—t¦«|_dS©N)rÚ _upload_queue©Úselfs úY/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/mrs_uploader.pyÚ__init__zMRSUploader.__init__6s€Ý,1©G¬GˆÔÐÐócƒó~K—||_||_| | ¦«¦«|_dSr)Ú_sinkÚ_loopÚcreate_taskÚuploadÚ_upload_task)rÚloopÚsinks rÚ create_sourcezMRSUploader.create_source9s8èè€ØˆŒ ØˆŒ Ø ×,Ò,¨T¯[ª[©]¬]Ñ;Ô;ˆÔÐÐrcƒó K—dSr©)rr$s rÚcreate_sinkzMRSUploader.create_sink>sèè€Øˆrcƒó>K—t|j¦«ƒd{V—†dSr)rr#rs rÚshutdownzMRSUploader.shutdownAs/èè€Ý˜tÔ0Ñ1Ô1Ð1Ð1Ð1Ð1Ð1Ð1Ð1Ð1Ð1rÚreturnÚtuplec óì—g}g}g}| ¦«D]Õ\}}d}d}d} |dD]_} || dd¦«z}|t| do|j | d¦«¦«z}| | dz} Œ`tj||d¦«}|r| |¦«Œ¦|r| |¦«Œ¾| r| |¦«ŒÖ|||fS)NFÚhitsÚextended_suspiciousÚ suspiciousÚmatchesÚhash)ÚitemsÚgetÚboolÚSUSP_PATTERNÚmatchrÚHitInfoÚappend)rÚresultsÚ maliciousr1r0ÚfileÚdataÚis_extended_suspiciousÚ is_suspiciousÚis_maliciousÚhitÚhit_infos rÚ_separate_hits_by_typez"MRSUploader._separate_hits_by_typeDs;€Øˆ Øˆ Ø ÐØ!Ÿ-š-™/œ/ð +ð +‰JˆD$Ø%*Ð"Ø!ˆMØ ˆLØ˜F”|ð 6ð 6Ø&¨#¯'ª'Ð2GÈÑ*OÔ*OÑOÐ&Ø¥Ø˜Ô%ð@ØÔ)×/Ò/°°I´Ñ?Ô?ñ"ô"ñ ð C¨Ô$5Ð 5Ñ5Ý'Ô/°°d¸6´lÑCÔCˆHØ%ð +Ø#×*Ò*¨8Ñ4Ô4Ð4Ð4Øð +Ø×!Ò! (Ñ+Ô+Ð+Ð+Øð +Ø× Ò Ñ*Ô*Ð*øØ˜*Ð&9Ð9Ð9rcƒó¦K—|d}|€dStjst d¦«dS| |¦«\}}}|r4|j tj|d¬¦«¦«ƒd{V—†|r4|j tj|d¬¦«¦«ƒd{V—†|r4|j tj|d¬¦«¦«ƒd{V—†|d d¦«}|rBd „|D¦«}|j tj|d ¬¦«¦«ƒd{V—†dSdS)Nr;z"Uploading files to MRS is disabledr<)r/Ú upload_reasonr1zextended-suspiciousÚsummaryÚerrorscóP—g|]#}tj|d|d¦«‘Œ$S)r=r3)rr9©Ú.0rBs rú z,MRSUploader.process_scan..€s=€ðððàõ!Ô(¨¨V¬°c¸&´kÑBÔBðððrÚ scan_error) ÚConfigÚ SEND_FILESÚloggerÚinforDrÚprocess_messagerrr5)rÚmessager;Úmalicious_hitsÚsuspicious_hitsÚextended_suspicious_hitsrHÚ error_hitss rÚprocess_scanzMRSUploader.process_scan\sèè€à˜)Ô$ˆØˆ?ØˆFÝÔ ð ÝKŠKÐ<Ñ=Ô=Ð=ØˆFð ×'Ò'¨Ñ0Ô0ñ ØØØ$àð Ø”*×,Ò,ÝÔ,Ø'°{ðñôñôð ð ð ð ð ð ð ðð à”*×,Ò,ÝÔ,Ø(¸ðñôñôð ð ð ð ð ð ð ð $ð Ø”*×,Ò,ÝÔ,Ø1Ø"7ðñôñôð ð ð ð ð ð ð ð˜Ô#×'Ò'¨Ñ1Ô1ˆØð ððà!ðñôˆJð”*×,Ò,ÝÔ,Ø#°<ðñôñôð ð ð ð ð ð ð ð ð ð ð rrcƒó\‡ K—|j ¦«ƒd{V—†\}}|d}tj|jd„|D¦«|¦«}d}t¦«5}| |jj¦«|23d{V—†Š ˆ fd„|D¦«}|rXd} | |||¦«ƒd{V—†Œ8#tj $r%}t d|¦«Yd}~Œgd}~wwxYwŒp6 ddd¦«n#1swxYwY|rt d¦«dSdS)Nr/c3ó$K—|]}|jV—ŒdSr)r3rJs rú z%MRSUploader.upload..”s$èè€Ð2Ð2 c˜œÐ2Ð2Ð2Ð2Ð2Ð2rTcó0•—g|]}|j‰v¯|j‘ŒSr()r3r=)rKrBÚunknown_hashess €rrLz&MRSUploader.upload..šs.ø€ðððØ!$°´¸NÐ0JÐ0JC”HÐ0JÐ0JÐ0JrFzFailed to upload files: %sz1All files are known to MRS. Skipping uploading...) rr5rÚcheck_known_hashesr rÚcallbackÚ task_doneÚ _upload_filesÚ UploadFailurerPÚerrorrQ) rrFrSr/Úhashes_generatorÚ no_new_hashesÚstackÚfilesÚer]s @rr"zMRSUploader.uploadŠsøèè€ð Ô$×(Ò(Ñ*Ô*Ð*Ð*Ð*Ð*Ð*Ð*ñ ØØð07°v¬ˆå+Ô>ØŒJÐ2Ð2¨TÐ2Ñ2Ô2°Mñ ô Ððˆ Ý ‰[Œ[ð F˜EØNŠN˜4Ô-Ô7Ñ8Ô8Ð8Ø(8ð Fð Fð Fð Fð Fð Fð FnððððØ(,ðñôððFØ$)MðFØ"×0Ò0°¸ ÀwÑOÔOÐOÐOÐOÐOÐOÐOÐOÐOøÝ+Ô9ðFðFðFÝŸšÐ%AÀ1ÑEÔEÐEÐEÐEÐEÐEÐEøøøøðFøøøð Fð )9Ð(8ð Fð Fð Fñ Fô Fð Fð Fð Fð Fð Fð Føøøð Fð Fð Fð Fðð MÝKŠKÐKÑLÔLÐLÐLÐLð Mð MsHÁ#"DÂC5ÂDÂB=Âð >Øð >ð >ð >Ý*Ô>Ø¨Mðñôððððððððøõ$ðððÝ—N’NÐ#BÀGÈQÑOÔOÐOØEEEEEøøøøÝ(ð>ð>ð>Ø"Ÿ/š/¨$¬,¸¼ ÑCÔCCÝ—N’N 8¨S°!´*Ñ=Ô=Ð=Ð=Ð=Ð=Ð=Ð=øøøøð>øøøð >ð >ð >ñ >ô >ð >ð >ð >ð >ð >ð >ð >øøøð >ð >ð >ð >ð >ð >sM¢C¨AÁCÁ C ÁA1Á+CÁ1 C Á>ACÂ?CÃC Ã CÃCÃ CcƒónK—| dd¦«}|j ||f¦«dS)NrFr1)r5rÚ put_nowait)rrSrFs rÚprocess_hitszMRSUploader.process_hits·s;èè€àŸš O°\ÑBÔBˆ ØÔ×%Ò% }°gÐ&>Ñ?Ô?Ð?Ð?Ð?rN)r,r-)rgrirFrjrSr)rSr)Ú__name__Ú __module__Ú__qualname__rsÚreÚcompiler7rr&r)r+rDrrÚMalwareScanrXrr"rarryr(rrrr2s€€€€€Ø'€GØ2”:ÐNÑOÔO€Lð4ð4ð4ð<ð<ð<ð ð ð ð2ð2ð2ð:ð:ð:ð:ð0€VˆKÔ#Ñ$Ô$ð+ð+ñ%Ô$ð+ðZ€_QÑÔðMðMñÔðMð8>ð>ð>ð>ð €VˆKÔ(Ñ)Ô)ð@ð@ð@ñ*Ô)ð@ð@ð@rr)'Ú__doc__Ú __future__rr}ÚasynciorÚ contextlibrÚloggingrÚtypingrrÚdefence360agent.apir Ú defence360agent.contracts.configr rNÚ!defence360agent.contracts.licenserÚ"defence360agent.contracts.messagesrÚ!defence360agent.contracts.pluginsr rrÚdefence360agent.utilsrrÚimav.malwarelib.utilsrÚimav.contracts.messagesrr-rjÚ UploaderQueuerzrPrr(rrúrs©ðððð*#Ð"Ð"Ð"Ð"Ð"à € € € ØÐÐÐÐÐØ Ð Ð Ð Ð Ð ØÐÐÐÐÐØ&Ð&Ð&Ð&Ð&Ð&Ð&Ð&à*Ð*Ð*Ð*Ð*Ð*Ø>Ð>Ð>Ð>Ð>Ð>Ø:Ð:Ð:Ð:Ð:Ð:Ø:Ð:Ð:Ð:Ð:Ð:ððððððððððð DÐCÐCÐCÐCÐCÐCÐCØ2Ð2Ð2Ð2Ð2Ð2àð8Ø8Ð8Ð8Ð8Ð8Ð8à˜% Ð%5Ð 5Ô6Ô7€Mà ˆ8Ñ Ô €ðH@ðH@ðH@ðH@ðH@+˜}ñH@ôH@ðH@ðH@ðH@r