w <dZddlZddlZddlZddlmZddlmZddlm Z m Z ddl m Z ddl mZddlmZdd lmZdd lmZdd lmZdd lmZejeZgd ZgedddZgdZGddZdZ dZ!GddZ"GddZ#dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see Nwraps)NamedTemporaryFile)AnyDict)uuid4) HookEvent) hosting_panel)encode_filename)Malware)MalwareScanType)fill_results_owner) intensity_cpu intensity_io intensity_ram detect_elf use_filtersfollow_symlinksexclude_patterns file_patterns)rrrrrrc:eZdZdZdZd dZdZdZdZdZ dS) ScanResultcg|_d|_d|_g|_dx|_|_i|_||_||_||_ d|_ dS)Nr) scans total_fileserrorerrors _begin_time _end_time_aggregated_results_path_scan_id _scan_typeargs)selfpathscan_id scan_types U/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/scan/scan_result.py__init__zScanResult.__init__AsV   ,004>#%   # cV|jtjtjtjfvSN)r#r BACKGROUND ON_DEMANDUSERr%s r) is_detachedzScanResult.is_detachedOs(  &  %  #   r+Nc.|r||_|r ||_dSdSr-)rr)r% begin_timeend_times r)set_start_stopzScanResult.set_start_stopVs/  *)D   &%DNNN & &r+c |j|j|j|j|j|j|j|jd|rdnid}|j r|j |dd<|S)N)scanidtyper&started completedrrrsummaryresultsr=r$) r"r#r!rrrrrr2r$)r%results r)to_dict_initialzScanResult.to_dict_initial\s- +!^#/+   $//119ttr   9 2(, F9 f % r+cB|}|j|d<|S)Nr>)r@r)r%as_dicts r)to_dictzScanResult.to_dictqs$&&((!Z r+cFtt|j|_|Sr-)aggregate_resultlistrr1s r)_aggregate_resultzScanResult._aggregate_resultvs%dDJ&788  r+cfK|t|jd{V|Sr-)rGrrr1s r)getzScanResult.getzs?     ,,,,,,,,, r+)NN) __name__ __module__ __qualname__r*r2r6r@rCrGrIr+r)rr@s      &&&& * r+rc Bi}|D]}|d|d|dd|dd}|dr#td|d |h||d g|d |d |d d |dd d}|drd|d<|dr|d||dd ||S)N signature suspiciousextended_suspiciousF timestamp)matchesrPrQrRignorez%File match for %s will be ignored: %s file_namesizehashctimermodification_time)hitsrVrWrXrYcurableTrZ)rIloggerinfo setdefaultappendinsert)raggregated_resultsrecordrSrows r)rErEsT)+!+!+k* .#)::.CU#K#K ,    ::h    KK7{#     ++ ; vvGQ//%+ZZ0CQ%G%G       ::i  &!%GI  ,  + K  w ' ' ' ' K  q' * * * * r+cdfd}|S)Nc fdDS)Nc4i|]}|tv ||SrM)SCAN_HOOK_PARAMS.0optkwargss r) zAevent_hook.._extract_scan_hook_params..s*NNNSc=M6M6MVC[6M6M6Mr+rMrks`r)_extract_scan_hook_paramsz-event_hook.._extract_scan_hook_paramssNNNNFNNNNr+cFt dfd }|S)Nc K|ptj}|ptj} |}|r4tj|||||} |d{Vtj}  |f||d|d{V}nk#t j$rt$rO} t d|||d|tjt| did}Yd} ~ nd} ~ wwxYw|S)N)r'r(r&r: scan_params)r'r(zScan wrapper task failedr)r8r9r&rr:r;rr<) rhextimer MalwareScanningStartedprocess_messageasyncioCancelledError Exceptionr\ exceptionrepr) r&r'r(r:rkrqscan_started_event_started scan_resulternfsinks r)wrapperz)event_hook..wrap..wrappers,G,G33F;;K ?%.%E#'# + &&&"**+=>>>>>>>>>y{{H $%A%")Y%%BH%% )        !;<<<#* ) $'(#+%)Y[[!%a   "     sBC>/AC99C>NNNr)rrrnrs` r)wrapzevent_hook..wrapsG q8<' ' ' ' ' ' '  ' Rr+rM)rrrns` @r) event_hookrs<OOO++++++Z Kr+c\eZdZdZedZedZedZdZdS) DirectAiBolitcdSr-rM)r%___s r)r*zDirectAiBolit.__init__s r+c|Ktjr-tj|}||d<dSdS)Ndb_dir)r RAPID_SCANr HostingPanelget_rapid_scan_db_dir)home_dir scan_optionsds r) _add_db_dirzDirectAiBolit._add_db_dirsG   '*,,BB8LLA%&L " " " ' 'r+c fdDS)Nc4i|]}|tv ||SrM)DIRECT_SCAN_OPTIONSrhs r)rlz7DirectAiBolit._extract_scan_options..s1   !$#9L2L2LC2L2L2Lr+rMrms`r)_extract_scan_optionsz#DirectAiBolit._extract_scan_optionss.    (.    r+cd|vr&|dd|d|d<d|vr&|dd|d|d<|S)Nr,r)joinrms r)_update_scan_optionsz"DirectAiBolit._update_scan_optionssm & ( ()*6),&9K2L)M)MF% & f $ $)@)L&)hhvo/F&G&GF? # r+cDt dfd }|S)Nc|K|}|tjtjfvr||d{Vt |||}|| d|||d|d{V\|_|_ t|j|_|S)Nr4)r(r' scan_pathr-) rrr r0r.rrr6rrrF) r&r'r(r4rkrr}rr%s r)rz'DirectAiBolit.__call__..wrappers  44**622L_1?3MNNN&&t\:::::::::$T7I>>K  & &* & = = =9::# ::  ::444444 0K {0!%k&7 8K  r+rrr%rrs`` r)__call__zDirectAiBolit.__call__sA q;?        *r+N) rJrKrLr* staticmethodrrrrrMr+r)rrs   ''\'   \ \r+rcReZdZdZdefdZedZedZdZ dS)PrepareFileListc||_dSr-)_tmpdir)r%tmpdirs r)r*zPrepareFileList.__init__s  r+returnc6K|||}|Sr-)_write_list_to_file)r%fnamefilesrkrs r) prepare_filezPrepareFileList.prepare_files!..ue<< r+ct|d5}d}|D])}|dz }|t|*|cdddS#1swxYwYdS)Nwbr)openwriter )rrrrfiles r)rz#PrepareFileList._write_list_to_files %   !K / /q --....                   s0AAAc fdDS)Nc4i|]}|tv ||SrM) SCAN_OPTIONSrhs r)rlz9PrepareFileList._extract_scan_options..%s)JJJSc\6I6IVC[6I6I6Ir+rMrms`r)rz%PrepareFileList._extract_scan_options#sJJJJFJJJJr+cDt dfd }|S)NcK |}t|||}||t j5} j|j|fi|d{V} |f||d|d{V\|_|_dddn #1swxYwY||_ t|j|_|S)Nr)dir)r(r') rrr6rrrnamerrrrF) r&r'r(r4rkrr}tfrrr%s r)rz)PrepareFileList.__call__..wrapper(sM 55f==L$T7I>>K  & &* & = = =# 555 $5D$5bgt$N$Nv$N$NNNNNNN =>Q>"+W>>@L>>8888884 !;#4                '2K # $k&7 8K  s:BB"Brrrs`` r)rzPrepareFileList.__call__'sA q;?         r+N) rJrKrLr*intrrrrrrMr+r)rrsC\KK\Kr+r)$__doc__rvloggingrs functoolsrtempfilertypingrruuidr%defence360agent.contracts.hook_eventsr defence360agent.subsys.panelsr defence360agent.utilsr imav.contracts.configr imav.malwarelib.configr imav.malwarelib.utils.user_listr getLoggerrJr\rrrgrrErrrrMr+r)rs* '''''';;;;;;777777111111))))))222222>>>>>>  8 $ $  ========@&&&R111h22222222j''''''''''r+