class McAfeeVSCLPlugin(PluginBase, McAfeeVSCL, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "McAfeeVSCL"
_plugin_display_name_ = McAfeeVSCL._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for McAfee VirusScan Command Line " \
"(VSCL) scanner on Linux"
_plugin_dependencies_ = [PlatformDependency('linux')]
@classmethod
def verify(cls):
# create an instance
module = McAfeeVSCL()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"McAfeeVSCL executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = McAfeeVSCL()
class ZonerPlugin(PluginBase, Zoner, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "Zoner"
_plugin_display_name_ = Zoner._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Zoner for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'zavcli', help='zavcli executable is provided by Zoner antivirus'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Zoner()
class FSecurePlugin(PluginBase, FSecure, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "FSecure"
_plugin_display_name_ = FSecure._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for FSecure for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'fsav',
help='fsav executable is provided by FSecure antivirus'
),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = FSecure()
class VirusBlokAdaPlugin(PluginBase, VirusBlokAda, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "VirusBlokAda"
_plugin_display_name_ = VirusBlokAda._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for VirusBlokAda for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency('vbacl',
help='vbacl executable is provided by VirusBlokAda'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = VirusBlokAda()
class SymantecPlugin(PluginBase, Symantec, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "Symantec"
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Symantec Antivirus on Windows"
_plugin_dependencies_ = [PlatformDependency('win32')]
@classmethod
def verify(cls):
module = Symantec()
if not module.scan_path or not os.path.exists(module.scan_path):
del module
raise PluginLoadError("Unable to find Symantec executable")
del module
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Symantec()
class AviraPlugin(PluginBase, Avira, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "Avira"
_plugin_display_name_ = Avira._name
_plugin_author_ = "y0ug"
_plugin_version_ = "0.0.1"
_plugin_category_ = "antivirus"
_plugin_description_ = "Plugin for Avira on Windows"
_plugin_dependencies_ = [
PlatformDependency('win32')
]
@classmethod
def verify(cls):
# create an instance
module = Avira()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"Avira executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Avira()
class EsetNod32Plugin(PluginBase, EsetNod32, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "EsetNod32"
_plugin_display_name_ = EsetNod32._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for ESET NOD32 Antivirus Business " \
"Edition for Linux Desktop"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency('/opt/eset/esets/sbin/esets_scan')
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = EsetNod32()
class ClamAntivirusPlugin(PluginBase, Clam, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "ClamAV"
_plugin_display_name_ = Clam._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Clam Antivirus"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'clamdscan',
help='clamdscan is provided by clamav-daemon debian package.'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Clam()
class EscanPlugin(PluginBase, Escan, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "EScan"
_plugin_display_name_ = Escan._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Escan for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'escan', help='escan executable is provided by eScan antivirus'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Escan()
class KasperskyWinPlugin(PluginBase, KasperskyWin, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "KasperskyWin"
_plugin_display_name_ = KasperskyWin._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Kaspersky Antivirus on Windows"
_plugin_dependencies_ = [PlatformDependency('win32')]
@classmethod
def verify(cls):
# create an instance
module = KasperskyWin()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"Kaspersky executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = KasperskyWin()
class BitdefenderForUnicesPlugin(PluginBase, BitdefenderForUnices,
AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "BitdefenderForUnices"
_plugin_display_name_ = BitdefenderForUnices._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Bitdefender Antivirus Scanner " \
"for Unices"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency('bdscan',
help='bdscan executable is provided by '
'Bitdefender Antivirus Scanner for Unices.'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = BitdefenderForUnices()
class AvastCoreSecurityPlugin(PluginBase, AvastCoreSecurity,
AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "AvastCoreSecurity"
_plugin_display_name_ = AvastCoreSecurity._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Avast Core Security"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'scan',
help='scan executable is provided by Avast Core Security For Linux'
),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = AvastCoreSecurity()
class SophosPlugin(PluginBase, Sophos, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "Sophos"
_plugin_display_name_ = Sophos._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Sophos on GNU/Linux and Windows"
_plugin_dependencies_ = [PlatformDependency('linux')]
@classmethod
def verify(cls):
# check if sophos is available
module = Sophos()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"Sophos executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = Sophos()
class DrWebPlugin(PluginBase, DrWeb, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "DrWeb"
_plugin_display_name_ = DrWeb._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for DrWeb for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'drweb-ctl',
help='drweb-ctl executable is provided by Dr Web antivirus'),
FileDependency('/etc/opt/drweb.com/drweb32.key',
help='Missing drweb32.key licence key file')
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = DrWeb()
class AVGAntiVirusFreePlugin(PluginBase, AVGAntiVirusFree,
AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "AVGAntiVirusFree"
_plugin_display_name_ = AVGAntiVirusFree._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for AVG AntiVirus Free for Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency(
'avgscan',
help='avgscan is provided by AVG AntiVirus Free for Linux.'),
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = AVGAntiVirusFree()
class McAfeeDaemonPlugin(PluginBase, McAfeeDaemon, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "McAfee-Daemon"
_plugin_display_name_ = McAfeeDaemon._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for McAfee (VSCL) daemon version"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency('mcafee-daemon'),
FileDependency(McAfeeDaemon._daemon_config)
]
@classmethod
def verify(cls):
# create an instance
module = McAfeeDaemon()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"McAfeeVSCL executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
config = SafeConfigParser()
config.read(McAfeeDaemon._daemon_config)
path = config.get('server', 'socket_path')
self.module = McAfeeDaemon(socket_path=path)
class TrIDPlugin(PluginBase):
class TrIDResults:
ERROR = -1
FAILURE = 0
SUCCESS = 1
_plugin_name_ = "TrID"
_plugin_display_name_ = "TrID File Identifier"
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = "metadata"
_plugin_description_ = "Plugin to determine file type"
_plugin_dependencies_ = [
PlatformDependency('linux'),
FileDependency(os.path.join('/opt/trid/', 'trid'),
help='Make sure you have downloaded trid binary'),
FileDependency(os.path.join('/opt/trid/', 'triddefs.trd'),
help='Make sure to have downloaded trid definitions'),
]
def __init__(self):
module = sys.modules['modules.metadata.trid.trid'].TrID
self.module = module()
def run(self, paths):
results = PluginResult(name=type(self).plugin_display_name,
type=type(self).plugin_category,
version=None)
# launch file analysis
try:
started = timestamp(datetime.utcnow())
results.status, results.results = self.module.analyze(paths)
stopped = timestamp(datetime.utcnow())
results.duration = stopped - started
except Exception as e:
results.status = self.TrIDResults.ERROR
results.error = str(e)
return results
class FProtPlugin(PluginBase, FProt, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "FProt"
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for FProt Antivirus for Linux"
_plugin_dependencies_ = [
PlatformDependency("linux"),
BinaryDependency("/usr/local/f-prot/fpscan")
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = FProt()
class ComodoCAVLPlugin(PluginBase, ComodoCAVL, AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "ComodoCAVL"
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Comodo Antivirus for Linux (CAVL)"
_plugin_dependencies_ = [
PlatformDependency('linux'),
BinaryDependency('/opt/COMODO/cmdscan',)
]
# =============
# constructor
# =============
def __init__(self):
# load default configuration file
self.module = ComodoCAVL()
class KasperskyFileServerPlugin(PluginBase, KasperskyFileServer,
AntivirusPluginInterface):
# =================
# plugin metadata
# =================
_plugin_name_ = "Kaspersky"
_plugin_display_name_ = KasperskyFileServer._name
_plugin_author_ = "IRMA (c) Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = IrmaProbeType.antivirus
_plugin_description_ = "Plugin for Kaspersky Antivirus for File Server" \
"for File Server on Linux"
_plugin_dependencies_ = [
PlatformDependency('linux'),
]
_mimetype_regexp = None
@classmethod
def verify(cls):
# create an instance
module = KasperskyFileServer()
path = module.scan_path
del module
# perform checks
if not path or not os.path.exists(path):
raise PluginLoadError("{0}: verify() failed because "
"Kaspersky executable was not found."
"".format(cls.__name__))
# =============
# constructor
# =============
def __init__(self):
self.module = KasperskyFileServer()
class UnarchivePlugin(PluginBase):
class UnarchiveResult:
ERROR = -1
OK = 0
# =================
# plugin metadata
# =================
_plugin_name_ = "Unarchive"
_plugin_display_name_ = "Unarchive"
_plugin_author_ = "Quarkslab"
_plugin_version_ = "1.0.0"
_plugin_category_ = "tools" # TODO add an IrmaProbetype
_plugin_description_ = "Plugin to unarchive files"
_plugin_dependencies_ = [
PlatformDependency('linux'),
ModuleDependency('pyunpack',
help='See requirements.txt for needed dependencies'),
BinaryDependency(
'patool',
help='unarchiver frontend required to support various formats'),
]
_plugin_mimetype_regexp = 'archive'
# =============
# constructor
# =============
def __init__(self):
pass
def unarchive(self, filename, dst_dir):
Archive = sys.modules['pyunpack'].Archive
Archive(filename).extractall(dst_dir, auto_create_dir=True)
path_list = []
# Make sure dst_dir ends with a '/'
# useful when removing from filepath
if len(dst_dir) > 1 and dst_dir[-1] != '/':
dst_dir += '/'
for (dirname, _, filenames) in os.walk(dst_dir):
for filename in filenames:
relative_dirname = dirname.replace(dst_dir, "")
path = os.path.join(relative_dirname, filename)
path_list.append(path)
return path_list
# ==================
# probe interfaces
# ==================
def run(self, paths):
results = PluginResult(name=type(self).plugin_name,
type=type(self).plugin_category,
version=None)
try:
started = timestamp(datetime.utcnow())
output_dir = tempfile.mkdtemp()
file_list = self.unarchive(paths, output_dir)
results.output_files = {}
results.output_files['output_dir'] = output_dir
results.output_files['file_list'] = file_list
stopped = timestamp(datetime.utcnow())
results.duration = stopped - started
results.status = self.UnarchiveResult.OK
results.results = None
except Exception as e:
results.status = self.UnarchiveResult.ERROR
results.error = str(e)
return results