Example #1
0
class McAfeeVSCLPlugin(PluginBase, McAfeeVSCL, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "McAfeeVSCL"
    _plugin_display_name_ = McAfeeVSCL._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for McAfee VirusScan Command Line " \
                           "(VSCL) scanner on Linux"
    _plugin_dependencies_ = [PlatformDependency('linux')]

    @classmethod
    def verify(cls):
        # create an instance
        module = McAfeeVSCL()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "McAfeeVSCL executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = McAfeeVSCL()
Example #2
0
class ZonerPlugin(PluginBase, Zoner, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "Zoner"
    _plugin_display_name_ = Zoner._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Zoner for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'zavcli', help='zavcli executable is provided by Zoner antivirus'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Zoner()
Example #3
0
class FSecurePlugin(PluginBase, FSecure, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "FSecure"
    _plugin_display_name_ = FSecure._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for FSecure for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'fsav',
            help='fsav executable is provided by FSecure antivirus'
        ),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = FSecure()
Example #4
0
class VirusBlokAdaPlugin(PluginBase, VirusBlokAda, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "VirusBlokAda"
    _plugin_display_name_ = VirusBlokAda._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for VirusBlokAda for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency('vbacl',
                         help='vbacl executable is provided by VirusBlokAda'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = VirusBlokAda()
Example #5
0
class SymantecPlugin(PluginBase, Symantec, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "Symantec"
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Symantec Antivirus on Windows"
    _plugin_dependencies_ = [PlatformDependency('win32')]

    @classmethod
    def verify(cls):
        module = Symantec()
        if not module.scan_path or not os.path.exists(module.scan_path):
            del module
            raise PluginLoadError("Unable to find Symantec executable")
        del module

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Symantec()
Example #6
0
class AviraPlugin(PluginBase, Avira, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "Avira"
    _plugin_display_name_ = Avira._name
    _plugin_author_ = "y0ug"
    _plugin_version_ = "0.0.1"
    _plugin_category_ = "antivirus"
    _plugin_description_ = "Plugin for Avira on Windows"
    _plugin_dependencies_ = [
        PlatformDependency('win32')
    ]

    @classmethod
    def verify(cls):
        # create an instance
        module = Avira()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "Avira executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Avira()
Example #7
0
class EsetNod32Plugin(PluginBase, EsetNod32, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "EsetNod32"
    _plugin_display_name_ = EsetNod32._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for ESET NOD32 Antivirus Business " \
                           "Edition for Linux Desktop"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency('/opt/eset/esets/sbin/esets_scan')
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = EsetNod32()
Example #8
0
class ClamAntivirusPlugin(PluginBase, Clam, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "ClamAV"
    _plugin_display_name_ = Clam._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Clam Antivirus"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'clamdscan',
            help='clamdscan is provided by clamav-daemon debian package.'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Clam()
Example #9
0
class EscanPlugin(PluginBase, Escan, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "EScan"
    _plugin_display_name_ = Escan._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Escan for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'escan', help='escan executable is provided by eScan antivirus'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Escan()
Example #10
0
class KasperskyWinPlugin(PluginBase, KasperskyWin, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "KasperskyWin"
    _plugin_display_name_ = KasperskyWin._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Kaspersky Antivirus on Windows"
    _plugin_dependencies_ = [PlatformDependency('win32')]

    @classmethod
    def verify(cls):
        # create an instance
        module = KasperskyWin()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "Kaspersky executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = KasperskyWin()
Example #11
0
class BitdefenderForUnicesPlugin(PluginBase, BitdefenderForUnices,
                                 AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "BitdefenderForUnices"
    _plugin_display_name_ = BitdefenderForUnices._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Bitdefender Antivirus Scanner " \
                           "for Unices"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency('bdscan',
                         help='bdscan executable is provided by '
                         'Bitdefender Antivirus Scanner for Unices.'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = BitdefenderForUnices()
Example #12
0
class AvastCoreSecurityPlugin(PluginBase, AvastCoreSecurity,
                              AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "AvastCoreSecurity"
    _plugin_display_name_ = AvastCoreSecurity._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Avast Core Security"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'scan',
            help='scan executable is provided by Avast Core Security For Linux'
        ),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = AvastCoreSecurity()
Example #13
0
class SophosPlugin(PluginBase, Sophos, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "Sophos"
    _plugin_display_name_ = Sophos._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Sophos on GNU/Linux and Windows"
    _plugin_dependencies_ = [PlatformDependency('linux')]

    @classmethod
    def verify(cls):
        # check if sophos is available
        module = Sophos()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "Sophos executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = Sophos()
Example #14
0
class DrWebPlugin(PluginBase, DrWeb, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "DrWeb"
    _plugin_display_name_ = DrWeb._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for DrWeb for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'drweb-ctl',
            help='drweb-ctl executable is provided by Dr Web antivirus'),
        FileDependency('/etc/opt/drweb.com/drweb32.key',
                       help='Missing drweb32.key licence key file')
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = DrWeb()
Example #15
0
class AVGAntiVirusFreePlugin(PluginBase, AVGAntiVirusFree,
                             AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "AVGAntiVirusFree"
    _plugin_display_name_ = AVGAntiVirusFree._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for AVG AntiVirus Free for Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency(
            'avgscan',
            help='avgscan is provided by AVG AntiVirus Free for Linux.'),
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = AVGAntiVirusFree()
Example #16
0
class McAfeeDaemonPlugin(PluginBase, McAfeeDaemon, AntivirusPluginInterface):
    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "McAfee-Daemon"
    _plugin_display_name_ = McAfeeDaemon._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for McAfee (VSCL) daemon version"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency('mcafee-daemon'),
        FileDependency(McAfeeDaemon._daemon_config)
    ]

    @classmethod
    def verify(cls):
        # create an instance
        module = McAfeeDaemon()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "McAfeeVSCL executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        config = SafeConfigParser()
        config.read(McAfeeDaemon._daemon_config)
        path = config.get('server', 'socket_path')
        self.module = McAfeeDaemon(socket_path=path)
Example #17
0
class TrIDPlugin(PluginBase):
    class TrIDResults:
        ERROR = -1
        FAILURE = 0
        SUCCESS = 1

    _plugin_name_ = "TrID"
    _plugin_display_name_ = "TrID File Identifier"
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = "metadata"
    _plugin_description_ = "Plugin to determine file type"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        FileDependency(os.path.join('/opt/trid/', 'trid'),
                       help='Make sure you have downloaded trid binary'),
        FileDependency(os.path.join('/opt/trid/', 'triddefs.trd'),
                       help='Make sure to have downloaded trid definitions'),
    ]

    def __init__(self):
        module = sys.modules['modules.metadata.trid.trid'].TrID
        self.module = module()

    def run(self, paths):
        results = PluginResult(name=type(self).plugin_display_name,
                               type=type(self).plugin_category,
                               version=None)
        # launch file analysis
        try:
            started = timestamp(datetime.utcnow())
            results.status, results.results = self.module.analyze(paths)
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started
        except Exception as e:
            results.status = self.TrIDResults.ERROR
            results.error = str(e)
        return results
Example #18
0
class FProtPlugin(PluginBase, FProt, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "FProt"
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for FProt Antivirus for Linux"
    _plugin_dependencies_ = [
        PlatformDependency("linux"),
        BinaryDependency("/usr/local/f-prot/fpscan")
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = FProt()
Example #19
0
class ComodoCAVLPlugin(PluginBase, ComodoCAVL, AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "ComodoCAVL"
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Comodo Antivirus for Linux (CAVL)"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        BinaryDependency('/opt/COMODO/cmdscan',)
    ]

    # =============
    #  constructor
    # =============

    def __init__(self):
        # load default configuration file
        self.module = ComodoCAVL()
Example #20
0
class KasperskyFileServerPlugin(PluginBase, KasperskyFileServer,
                                AntivirusPluginInterface):

    # =================
    #  plugin metadata
    # =================
    _plugin_name_ = "Kaspersky"
    _plugin_display_name_ = KasperskyFileServer._name
    _plugin_author_ = "IRMA (c) Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = IrmaProbeType.antivirus
    _plugin_description_ = "Plugin for Kaspersky Antivirus for File Server" \
                           "for File Server on Linux"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
    ]
    _mimetype_regexp = None

    @classmethod
    def verify(cls):
        # create an instance
        module = KasperskyFileServer()
        path = module.scan_path
        del module
        # perform checks
        if not path or not os.path.exists(path):
            raise PluginLoadError("{0}: verify() failed because "
                                  "Kaspersky executable was not found."
                                  "".format(cls.__name__))

    # =============
    #  constructor
    # =============

    def __init__(self):
        self.module = KasperskyFileServer()
Example #21
0
class UnarchivePlugin(PluginBase):
    class UnarchiveResult:
        ERROR = -1
        OK = 0

    # =================
    #  plugin metadata
    # =================

    _plugin_name_ = "Unarchive"
    _plugin_display_name_ = "Unarchive"
    _plugin_author_ = "Quarkslab"
    _plugin_version_ = "1.0.0"
    _plugin_category_ = "tools"  # TODO add an IrmaProbetype
    _plugin_description_ = "Plugin to unarchive files"
    _plugin_dependencies_ = [
        PlatformDependency('linux'),
        ModuleDependency('pyunpack',
                         help='See requirements.txt for needed dependencies'),
        BinaryDependency(
            'patool',
            help='unarchiver frontend required to support various formats'),
    ]
    _plugin_mimetype_regexp = 'archive'

    # =============
    #  constructor
    # =============

    def __init__(self):
        pass

    def unarchive(self, filename, dst_dir):
        Archive = sys.modules['pyunpack'].Archive
        Archive(filename).extractall(dst_dir, auto_create_dir=True)
        path_list = []
        # Make sure dst_dir ends with a '/'
        # useful when removing from filepath
        if len(dst_dir) > 1 and dst_dir[-1] != '/':
            dst_dir += '/'
        for (dirname, _, filenames) in os.walk(dst_dir):
            for filename in filenames:
                relative_dirname = dirname.replace(dst_dir, "")
                path = os.path.join(relative_dirname, filename)
                path_list.append(path)
        return path_list

    # ==================
    #  probe interfaces
    # ==================

    def run(self, paths):
        results = PluginResult(name=type(self).plugin_name,
                               type=type(self).plugin_category,
                               version=None)
        try:
            started = timestamp(datetime.utcnow())
            output_dir = tempfile.mkdtemp()
            file_list = self.unarchive(paths, output_dir)
            results.output_files = {}
            results.output_files['output_dir'] = output_dir
            results.output_files['file_list'] = file_list
            stopped = timestamp(datetime.utcnow())
            results.duration = stopped - started
            results.status = self.UnarchiveResult.OK
            results.results = None
        except Exception as e:
            results.status = self.UnarchiveResult.ERROR
            results.error = str(e)
        return results