def check(self): # Check the Clam Daemon is alive and well try: clamd = pyclamd.ClamdAgnostic() if not clamd.ping(): raise error.CommandError('clamav daemon not running') except Exception: raise error.CommandError('clamav daemon not running')
def clamAV(mountDir): cd = pyclamd.ClamdAgnostic() for root, dirs, files in os.walk(mountDir): for name in files: if os.path.isfile(os.path.join(root, name)): result = cd.scan_file(os.path.join(root, name)) print result pass
def __init__(self): # Calculate prime numbers self.primes_table = primes(16384 * 4) self.db = open_db() self.db.printing = False self.clamd = None if pyclamd is not None: self.clamd = pyclamd.ClamdAgnostic() self.clamd.ping()
def __init__(self): self.logger = self.initLoggerFormat() self.currentcommand = "" self.clamav = pyclamd.ClamdAgnostic() self.portpassif = -1 self.file_filename = None self.file_data = "" self.file_command = "" self.file_ip = ""
def scan(filepath): if not os.path.exists(filepath): return 2, filepath + " not exist" cd = pyclamd.ClamdAgnostic() result = cd.scan_file(filepath) if (result is not None): return 1, result else: return 0, "No virus found"
def init(): engine = pyclamd.ClamdAgnostic() if (engine.ping()): print(engine.version()) sys.stdout.flush() print(engine.reload()) sys.stdout.flush() print(engine.stats()) sys.stdout.flush() else: print('Connection failed (Not able to connect to Clamd)') sys.stdout.flush()
def scan(self, args, file, opts): try: clamd = pyclamd.ClamdAgnostic() res = clamd.scan_file(file.file_path) except Exception: raise error.CommandWarning('scanning file with clamav failed. check apparmor permissions?') if res is None: return {'hits': 'no hits with clamav'} elif res[file.file_path][0] == 'FOUND': return {'hits': str(res[file.file_path][1])} else: raise error.CommandWarning('unknown error occurred scanning file with clamav failed.')
def search_malware_signatures(self): results = [] using_clamv = False # Check is ClamAV daemon is running to include its support to scan files try: clamav = pyclamd.ClamdAgnostic() using_clamv = True print_blue("Using ClamAV engine") except: print_red("ClamAV not found. Using only checksum and YARA rule databases") for entry in self.entry_list: if not entry.is_file(): continue # Get the checkum of each file to compare with the signatures file = open(entry.path, "rb") file_data = file.read() hash = hashlib.md5() hash.update(file_data) checksum = hash.hexdigest() # Search each checksum in the database # Currently there is no results using OWASP samples # TODO try to get more samples if checksum in Dictionary.signatures_db: malware = str(Dictionary.signatures_db[checksum]) results.append(self.add_result(entry, malware)) # Check for files applying yara rules if entry.is_plain_text(): for rules in Dictionary.yara_rules: try: result = rules.match(data=file_data) if result: for rule in result: results.append(self.add_result(entry, str(rule).replace("_", " "))) except: # FIXME I don't know but some rules are not readable for me print_red("Some error applying rules") # Check for files using ClamAV binding if using_clamv: result = clamav.scan_file(entry.path) if result: malware = result[entry.path][1] results.append(self.add_result(entry, malware)) return results
def __init__(self, root): # caminho do moutpoint super().__init__() self._inode_path_map = { pyfuse3.ROOT_INODE: root } self._lookup_cnt = defaultdict(lambda : 0) self._fd_inode_map = dict() self._inode_fd_map = dict() self._fd_open_count = dict() # variavel que indica que user esta autenticado self.autenticadoB = False # tempo em que foi requisitado o codigo self.tinicial = time.time() self.safenumber = 0 self.lastContextt = None self.clamav = pyclamd.ClamdAgnostic()
def test_no_clamav_eicar(self, *args): body = pyclamd.ClamdAgnostic().EICAR() url = URL('http://www.w3af.com/') headers = Headers([('content-type', 'text/html')]) response = HTTPResponse(200, body, headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') # Simulate that we don't have clamd running self.plugin._connection_test = Mock(return_value=False) self.plugin._scan_http_response = Mock() self.plugin.grep(request, response) findings = kb.kb.get('clamav', 'malware') self.assertEqual(len(findings), 0) self.assertEqual(self.plugin._scan_http_response.call_count, 0)
def get_description(self, buf): try: self.clamd = pyclamd.ClamdAgnostic() self.clamd.ping() ret = self.clamd.scan_stream(buf) if ret is None: return None # Answer format is in the following form: # >>> cd.scan_stream(buf) # >>> {u'stream': ('FOUND', 'Win.Trojan.Miniduke-3')} ret = ret["stream"][1] ida_log("Found malware name %s" % repr(ret)) return ret except: ida_log("Clamd error: %s" % str(sys.exc_info()[1])) return None
def cluster_code(): if request.method == 'POST': f = request.files['file'] #[email protected] #basepath = os.path.dirname(__file__)+'\\static\\user\\'+session.get('email')+"\\user_code" # 文件所要放入的路径 basepath = os.path.join( "/home/ubuntu/dagoo", 'static', 'user', '*****@*****.**', 'user_code' ) #+ '\\static\\user\\[email protected]\\user_code' # 文件所要放入的路径 #upload_path = os.path.join(basepath, '', secure_filename('User_cluster.zip')) if (request.form.get('label') == 'zip'): filename = os.path.join(basepath, 'User_cluster.zip') # 要解压的文件 filedir = basepath # 解压后放入的目录 #如果他是压缩文件,就对它进行解压,不是的话就不进行操作 f.save(basepath + '\\User_cluster.zip') fz = zipfile.ZipFile(filename, 'r') for file in fz.namelist(): #print(file) # 打印zip归档中目录 fz.extract(file, filedir) return 'upload the cluster code file successfully !' else: if (request.form.get('label') == 'py'): # python user_cluster_url = os.path.join(basepath, 'User_cluster.py') if (request.form.get('label') == 'jar'): # java user_cluster_url = os.path.join(basepath, 'User_cluster.jar') if (request.form.get('label') == 'so'): # c/c++ user_cluster_url = os.path.join(basepath, 'User_cluster.so') if user_cluster_url is not None: f.save(user_cluster_url) cd = pyclamd.ClamdAgnostic() is_virus = cd.scan_file(user_cluster_url) if is_virus is None: # return redirect(url_for('cluster_code')) return 'upload the cluster code file successfully !' else: os.remove(user_cluster_url) return 'virus!!!'
def test_clamav_eicar(self, *args): body = pyclamd.ClamdAgnostic().EICAR() url = URL('http://www.w3af.com/') headers = Headers([('content-type', 'text/html')]) response = HTTPResponse(200, body, headers, url, url, _id=1) request = FuzzableRequest(url, method='GET') self.plugin.grep(request, response) # Let the worker pool wait for the clamd response, this is done by # the core when run in a real scan self.plugin.worker_pool.close() self.plugin.worker_pool.join() findings = kb.kb.get('clamav', 'malware') self.assertEqual(len(findings), 1) finding = findings[0] self.assertEqual(finding.get_name(), 'Malware identified') self.assertIn('ClamAV identified malware', finding.get_desc()) self.assertEqual(finding.get_url().url_string, url.url_string)
def create_entries(self, args) -> None: self.args = args if not os.path.exists(self.args.dir): logging.error("Can't find root folder \"%s\"" % self.args.dir) raise FileNotFoundError logging.info("Walking filesystem found in \"%s\"" % self.args.dir) valid_file_paths = [] for dir_path, subdirList, file_list in os.walk(self.args.dir): for file_name in file_list: file_path = os.path.join(dir_path, file_name) if os.path.getsize(file_path) > 0: valid_file_paths.append(os.path.abspath(file_path)) self.count = len(valid_file_paths) logging.info("Found %d files" % self.count) if self.args.clamav: try: cd = pyclamd.ClamdAgnostic() if cd.ping(): logging.info("ClamAV - Ping service success") except Exception as e: logging.error("ClamAV - Can't connect to service: %s" % (e)) self.args.clamav = False with multiprocessing.Pool() as pool: fps = pool.map(self.create_default_fields, valid_file_paths) for fp in fps: fp.check_extension_vs_content() self.flist[fp.fpath] = fp
def __init__(self,parent): import pyclamd self.av = pyclamd.ClamdAgnostic() print( "clam_scan on_part plugin initialized" )
def __init__(self,parent): self.clamd=pyclamd.ClamdAgnostic() _basevirusscanner.__init__(self,parent)
def __init__(self): self.cd = pyclamd.ClamdAgnostic() if self.cd.ping(): print("Connected to ClamAV daemon") else: sys.exit("Clamd not running")
def import_catalog(request): """For scanning file streams, ClamAV should be installed and clamd should be running in Powershell. Also pip install pyclamd for using Clam daemon in python ( https://www.clamav.net/documents/installing-clamav-on-windows & https://pypi.org/project/pyClamd/ ) Note: There is another python module (clamd) which I tried first. It opens a UNIX socket which was not working with my Windows """ try: import pyclamd cd = pyclamd.ClamdAgnostic() clamd_running = True except Exception as e: logging.debug(str(e)) clamd_running = False if request.method == 'POST': form = ImportCatalogForm(request.POST, request.FILES) if form.is_valid(): catalog = form.save(commit=False) """Uploaded JSON files will be saved without being scanned when ClamAV daemon is down""" if len(request.FILES) != 0: if clamd_running: scan_results = cd.scan_stream(request.FILES['file']) # scan_results = cd.scan_stream(cd.EICAR()) This is a test to see behavir when virus found if scan_results is None: catalog.file = request.FILES['file'] else: catalog.file = request.FILES['file'] if form.cleaned_data['file_url']: result = urllib.request.urlretrieve( form.cleaned_data['file_url']) if clamd_running: scan_results = cd.scan_stream(File(open(result[0], 'rb'))) if scan_results is None: catalog.file.save( os.path.basename(form.cleaned_data['file_url']), File(open(result[0], 'rb'))) else: catalog.file.save( os.path.basename(form.cleaned_data['file_url']), File(open(result[0], 'rb'))) if (clamd_running and scan_results is None) or not clamd_running: if request.user.is_authenticated: catalog.user = request.user.username catalog_control_baseline, created = control_baseline.objects.get_or_create( title=catalog.title, short_name=catalog.title) catalog.control_baseline = catalog_control_baseline if catalog.file_url: catalog_link, created = link.objects.update_or_create( href=catalog.file_url, defaults={ 'text': catalog.title, 'href': catalog.file_url }) catalog_control_baseline.link = catalog_link catalog_control_baseline.save() print("----file info----") print(catalog.file.name, catalog.file.path) print("-----------------") catalog.save() # form.save() if form.cleaned_data['file']: file_path = str(catalog.file) catalog_name = str(form.cleaned_data['file']) else: file_path = form.cleaned_data['file_url'] file_path_list = file_path.split('/') catalog_name = file_path_list[-1] # Uploaded files are in \uploads\catalog (\uploads is MEDIA_ROOT) added, updated = run(catalog.control_baseline, catalog.file.path, catalog_name) catalog.added_controls = added catalog.updated_controls = updated catalog.save() if clamd_running: scan_news = "Virus scan accepted this file. " else: scan_news = "Virus scan is down. " messages.success( request, scan_news + 'Imported NIST Catalog successfully. Added ' + str(added) + ' and updated ' + str(updated) + ' NIST Controls.') return render(request, 'ssp/import_catalog.html', {'form': form}) # return HttpResponse("data submitted successfully") elif scan_results is not None: messages.success( request, 'Virus scan rejected this file: ' + str(scan_results['stream'])) return render(request, 'ssp/import_catalog.html', {'form': form}) else: return render(request, 'ssp/import_catalog.html', {'form': form}) else: form = ImportCatalogForm() return render(request, 'ssp/import_catalog.html', {'form': form})
def _connect_clamd(): try: return pyclamd.ClamdAgnostic() except ValueError: LOG.warning('Unable to connect to clamd') return None
def clamd_main(queue_log: Queue[Any], recvq: Queue[str], sendq: Queue[Union[str, bool]], org_path: str): worker_configurer(queue_log, logger) # clamAVのデーモンが動いているか確認 while True: try: logger.info('Clamd Process connect...') cd = pyclamd.ClamdAgnostic() pin = cd.ping() logger.info('Clamd Process connected!!!') break except ValueError: logger.info('Clamd Process waiting for clamd start....') sleep(3) except Exception as err: pin = False logger.exception(f'Exception has occur: {err}') break sendq.put(pin) # 親プロセスにclamdに接続できたかどうかの結果を送る if pin is False: os._exit(0) # type: ignore # 接続できなければ終わる # EICARテスト eicar = cd.EICAR() # type: ignore cd.scan_stream(eicar) # type: ignore t = Thread(target=receive, args=(recvq,)) # クローリングプロセスからのデータを受信するスレッド t.setDaemon(True) t.start() while True: if not data_list: if end: break # クローリングプロセスからデータが送られていなければ、3秒待機 sleep(3) continue temp = data_list.popleft() url = temp[0] url_src = temp[1] byte = temp[2] # clamdでスキャン if len(byte) < 25 * 1000000: # Max filesize 25MB try: result = cd.scan_stream(byte) # type: ignore except Exception as err: logger.exception(f'Exception has occur, URL={url}, {err}') clamd_error.append(url + '\n' + str(err)) else: # 検知されると結果を記録 if result is not None: w_file(org_path + '/alert/warning_clamd.txt', "{}\n\tURL={}\n\tsrc={}\n".format(result, url, url_src), mode="a") if not os.path.exists(org_path + '/clamd_files'): os.mkdir(org_path + '/clamd_files') w_file(org_path + '/clamd_files/b_' + str(len(listdir(org_path + '/clamd_files'))+1) + '.clam', url + '\n' + str(byte), mode="a") logger.info('clamd have scanned: %s', url) else: logger.info("big file... save to log file") clamd_error.append(url + '\n' + "Over 25.0MB file") # エラーログが一定数を超えると外部ファイルに書き出す if len(clamd_error) > 100: text = '' for i in clamd_error: text += i + '\n' w_file('error_clamd.txt', text, mode="a") clamd_error.clear() text = '' for i in clamd_error: text += i + '\n' if clamd_error: w_file('error_clamd.txt', text, mode="a") clamd_error.clear() logger.debug("Clamd end") sendq.put('end') # 親にendを知らせる
def __init__(self): try: self.cd = pyclamd.ClamdAgnostic() self.cd.ping() except pyclamd.ConnectionError: print "clamav initialize error"
def save(self, author): """ Saves the submission, taking care of BagIt creation and any other necessary ingest behavior. author is the User who submitted the request. return value is the name of the bag directory created, or None. """ # Generate a submission ID. Must be unique. datestamp = datetime.now().strftime("%Y%m%d-%H%M%S") etd_id = "%s-%s" % (datestamp, author.username) # Set up staging directory for this bag (e.g. "STAGING_20140326-160532_lbroglie") staging_name = "STAGING_%s" % etd_id staging_path = os.path.abspath(os.path.join(settings.ETD_STORAGE_DIRECTORY, staging_name)) try: # Create the staging directory os.makedirs(staging_path) # Move the main document to the staging area document_path = os.path.join(staging_path, "etd.pdf") with open(document_path, 'wb+') as destination: for chunk in self.cleaned_data['document_file']: destination.write(chunk) # Perform a virus scan on the staged file if CLAMD: clam_daemon = pyclamd.ClamdAgnostic() result = clam_daemon.scan_file(document_path) if result is not None: logger.debug("Virus detected in file %s" % document_path) raise ScanException("Error: Virus detected in uploaded ETD file") # Move the license document to the staging area, if provided if self.cleaned_data['license_file']: document_path = os.path.join(staging_path, "license.pdf") with open(document_path, 'wb+') as destination: for chunk in self.cleaned_data['license_file']: destination.write(chunk) # Try to process the supplemental file as a ZipFile, if provided if self.cleaned_data['supplemental_file']: supplemental_path = os.path.join(staging_path, "supplemental") supplemental_zip = zipfile.ZipFile(self.cleaned_data['supplemental_file'], 'r') supplemental_zip.extractall(supplemental_path) supplemental_zip.close() # Create a dict representing all the form data form_record = { 'document_file': { 'original_filename': self.cleaned_data['document_file'].name, 'size': self.cleaned_data['document_file'].size, 'content_type': self.cleaned_data['document_file'].content_type }, } for name in ('title', 'author', 'subject', 'date', 'abstract'): if self.cleaned_data[name]: form_record[name] = str(self.cleaned_data[name]) if self.cleaned_data['supplemental_file']: form_record['supplemental_file'] = { 'original_filename': self.cleaned_data['supplemental_file'].name, 'size': self.cleaned_data['supplemental_file'].size, 'content_type': self.cleaned_data['supplemental_file'].content_type } if self.cleaned_data['license_file']: form_record['license_file'] = { 'original_filename': self.cleaned_data['license_file'].name, 'size': self.cleaned_data['license_file'].size, 'content_type': self.cleaned_data['license_file'].content_type } form_record_json_path = os.path.join(staging_path, "form.json") with open(form_record_json_path, 'w') as form_record_file: json.dump(form_record, form_record_file, skipkeys=True, indent=2 ) form_record_xml_path = os.path.join(staging_path, "form.xml") with open(form_record_xml_path, 'w') as form_record_file: xml_string = parseString(dicttoxml(form_record)).toprettyxml() form_record_file.write(xml_string) # Turn the staging directory into a bag bag_info = {} if self.cleaned_data['title']: bag_info['Internal-Sender-Identifier'] = self.cleaned_data['title'].replace('\n', ' ').replace('\r', '') bagit.make_bag(staging_path, bag_info) # Remove "STAGING_" from the name of the directory to signify completion final_path = os.path.abspath(os.path.join(settings.ETD_STORAGE_DIRECTORY, etd_id)) os.rename(staging_path, final_path) # Perform optional DAITSS Format Description Service metadata generation try: description_url = getattr(settings, 'DESCRIPTION_SERVICE_URL', None) if description_url: bag_describe(description_url, final_path) except Exception as e: # Log this failure of the description service # TODO if settings.DEBUG: raise e # Fire any emails/notifications/webhooks the institution wants to receive try: recipients = getattr(settings, 'SUBMISSION_EMAIL_RECIPIENTS', None) if recipients: subject = "[ETD Drop] New ETD submission" body = render_to_string( 'etd_drop_app/email_staff_submission.txt', { 'submission_time': datestamp, 'username': author.username, 'identifier': etd_id, } ) sender = settings.SUBMISSION_EMAIL_FROM_ADDRESS send_mail(subject, body, sender, recipients) except Exception as e: # Log this email failure # TODO if settings.DEBUG: raise e # Return the id to signify success to the caller return etd_id except Exception as e: # Log this event # TODO # Clean up the staging directory if it exists if os.path.isdir(staging_path): shutil.rmtree(staging_path) if settings.DEBUG: raise e return None
""" Created on Sun May 9 07:37:55 2021 """ import pyclamd import os import psutil import tkinter from tkinter import * from tkinter import filedialog import sys import threading from queue import Queue cd = pyclamd.ClamdAgnostic() viruses = [] global q def threadScan(): t = threading.Thread(target = ScanPath) t.start() def threadProcess(): t = threading.Thread(target = ScanProcesses) t.start() def ScanPath(): viruses.clear() path = filedialog.askdirectory()
import pyclamd import os import sys import re engine = pyclamd.ClamdAgnostic() def init(): if (engine.ping()): print(engine.version()) sys.stdout.flush() print(engine.reload()) sys.stdout.flush() print(engine.stats()) sys.stdout.flush() else: print('Connection failed (Not able to connect to Clamd)') sys.stdout.flush() def scan_file(path): result = engine.scan_file(path) print('Detecting File: ' + path) sys.stdout.flush() if (result is None): print('No Virus Found In This File') sys.stdout.flush() else: print(result) sys.stdout.flush()
def setup_module(): global cd cd = pyclamd.ClamdAgnostic() return
"1", (width, height)) # Make sure to create image with mode '1' for 1-bit color. draw = ImageDraw.Draw(image) # Get drawing object to draw on image. draw.rectangle((0, 0, width, height), outline=0, fill=0) # Draw a black filled box to clear the image. padding = -2 top = padding bottom = height - padding x = 0 y = 0 # ------------------------------------------ # ATTACHE INIT # ------------------------------------------ printLarge1306(0, 0, "loading...") clamavDaemon = pyclamd.ClamdAgnostic() # configFilePresent = checkFilePresence(configFile) printSmall1306(0, 14, str(clamavDaemon.version())) checkMountedDevices(mountedVolumesOnStart) printSmall1306(0, 22, str(sorted(mountedVolumesOnStart))) # TODO: Add check wheter ClamAV database is loaded into memory and daemon is ready printLarge1306(0, 30, "ok.") time.sleep(secondsToWait) clear1306() printLarge1306(0, 0, "Ready") progressDot(2, 2) # ------------------------------------------ # Main loop # ------------------------------------------
def create_default_fields(self, file_path) -> FileProperty: fp = FileProperty() fp.fpath = file_path try: fp.fhash = self.get_SHA256(file_path) hasher = hashlib.sha256() hasher.update(bytes(file_path, 'utf-8')) fp.fphash = hasher.hexdigest() except Exception as e: logging.error("Failed to create SHA256 hash for {} - {}".format( file_path, e)) fp.fmime_type = self.get_file_type(file_path) fp.fkind = self.get_file_kind(fp.fmime_type) if self.args.anon: fp.fname = fp.fphash else: fp.fname = file_path if fp.fmime_type in FILE_KINDS[EXE_KIND]: try: fp.fdetails += self.check_file_is_binary(file_path) except Exception as e: logging.error( "Failed to check if file is binary for {} - {}".format( file_path, e)) elif fp.fmime_type in FILE_KINDS[PDF_KIND]: result = pdf_inspector.inspect_pdf(file_path, fp.fname) if result: fp.fdetails += fp.check_invalid_format(result['details']) fp.fmal_score += result['mal_score'] if not self.args.anon: metadata = pdf_inspector.extract_pdf_metadata(file_path) fp.fmetadata += fp.check_invalid_format(metadata) elif fp.fmime_type in FILE_KINDS[DOC_KIND]: #if self.args.anon: # logging.disable(level=logging.CRITICAL) result = doc_inspector.check_macros(file_path, fp.fname) #if self.args.anon: # logging.disable(logging.NOTSET) if result: fp.fdetails += fp.check_invalid_format(result['details']) fp.fmal_score += result['mal_score'] if not self.args.anon: metadata = doc_inspector.extract_doc_metadata(file_path) fp.fmetadata += fp.check_invalid_format(metadata) if self.args.clamav: try: cd = pyclamd.ClamdAgnostic() if cd.ping(): logging.debug("Scanning \"%s\" with %s" % (fp.fname, cd.version().split()[0:2])) scan_result = cd.scan_file(file_path) if scan_result and scan_result.get(abs_path)[0] == "ERROR": logging.error(scan_result) elif scan_result: f_result = "ClamAV: %s for %s" % ( scan_result.get(abs_path), fp.fname) fp.fmal_score += 50 fp.fdetails += "\n" + f_result fp.fclamav_detect = True logging.warning(f_result) except Exception as e: logging.error("%s") if (fp.fmal_score >= 10) and (self.args.vtotal): try: with open(self.args.vtotal, "r") as api_key_file: api_key = api_key_file.readline().strip() except Exception as e: logging.error( "Could not read vtotal api key file: {}\n\t- {}".format( self.args.vtotal, e)) return fp if api_key: result = virus_total.check_hash(api_key, fp.fhash, fp.fname) if result: fp.fdetails += result['details'] fp.fmal_score += result['mal_score'] fp.fvtotal_matches = result['vtotal_matches'] return fp