def __init__(self,
debug=False,
config_path=None,
file_list=None,
vt_api_key=None):
"""
Initialize Scanner.
Args:
debug (bool): Log on terminal or not
config_path (str): Configuration JSON file path
file_list (list): List of files to scan
vt_api_key (str): Virus Total API Key
Raises:
None
Returns:
None
"""
# Initialize logger
self.logger = AntiVirusLogger(__name__, debug=debug)
if config_path is not None:
self._CONFIG_PATH = config_path
else:
self.logger.log("Configuration file path not found.",
logtype="error")
sys.exit(0)
# Load Configuration
self.config_dict = utils.json_to_dict(self._CONFIG_PATH)
# Categorize OS
self.os_name = utils.categorize_os()
if self.os_name:
# Load malicious-file log path
self._MAL_FILE_PATH = self.config_dict[
self.os_name]["scanner"]["malicious_file_log_path"]
if file_list is not None:
self.file_list = file_list
else:
self.file_list = []
# List of malicious files detected
try:
self.malicious_file_list = [file_path.strip("\n") \
for file_path in utils.open_file(self._MAL_FILE_PATH)]
except FileNotFoundError:
# Initialize empty list
self.malicious_file_list = list()
self.vt_api_key = vt_api_key
if self.vt_api_key and self.vt_api_key != "XXXX":
# If VirusTotal API Key is provided & valid
self.vt_obj = VirusTotal(debug=debug, api_key=self.vt_api_key)
def clean(self):
"""
Clean the found malicious files manually.
Args:
None
Raises:
None
Returns:
None
"""
# List of malicious files detected
print("\n[!] List of possible malicious files found: ")
try:
self.malicious_file_list = [file_path.strip("\n") \
for file_path in utils.open_file(self._MAL_FILE_PATH)]
except FileNotFoundError:
# Initialize empty list
self.malicious_file_list = list()
for index, mal_file in enumerate(self.malicious_file_list):
print("[{0}] {1}".format(index, mal_file))
to_clean = input("Enter the index of the file to delete ('e' to exit): ")
if to_clean == "e":
return
else:
to_clean = int(to_clean)
file_path = self.malicious_file_list[to_clean]
print("Removing: ", file_path)
try:
os.remove(file_path)
self.malicious_file_list.remove(file_path)
except FileNotFoundError:
pass
except Exception as e:
self.logger.log(
"Error occurred: " + str(e),
logtype="error"
)
with open(self._MAL_FILE_PATH, "w") as wf:
for mal_file in self.malicious_file_list:
wf.write(mal_file)
self.clean()
def auto_delete(self):
"""
Auto-delete (clean) the found malicious files.
Args:
None
Raises:
None
Returns:
None
"""
self.logger.log(
"Auto-cleaning the malicious files",
logtype="info"
)
print("[!] Auto-cleaning the malicious files")
try:
self.malicious_file_list = [file_path.strip("\n") \
for file_path in utils.open_file(self._MAL_FILE_PATH)]
except FileNotFoundError:
# Initialize empty list
self.malicious_file_list = list()
for mal_file in self.malicious_file_list:
try:
os.remove(mal_file)
self.logger.log(
"Removing: " + mal_file,
logtype="info"
)
self.malicious_file_list.remove(mal_file)
except FileNotFoundError:
pass
except Exception as e:
self.logger.log(
"Error occurred: " + str(e),
logtype="error"
)
with open(self._MAL_FILE_PATH, "w") as wf:
for mal_file in self.malicious_file_list:
wf.write(mal_file)
def get_initial_uid(self):
"""
Return the list of verified UIDs using
the password log files.
Args:
None
Raises:
None
Returns:
temp_list (list): List of extracted UIDs
"""
temp_list = []
log_file_data = utils.open_file(self._PASSWORD_LOG)
for line in log_file_data:
line = line.strip("\n")
data = line.split(":")
uid = data[2]
temp_list.append(int(uid))
return temp_list
def scan_file(self, file_path):
"""
Scan file by comparing it's hash with the
pre-stored bad hashes.
Args:
file_path (str): Path of the file to scan
Raises:
None
Returns:
None
"""
# Calculate MD5 hash value of the file
file_hash_value = utils.get_md5_hash(file_path=file_path)
# List the files in MD5 hashes rule directory
hash_files_list = os.listdir(self._HASH_STORAGE)
# Iterate over the found files
for hash_file in hash_files_list:
if "VirusShare_" in hash_file:
hash_rule_path = os.path.join(self._HASH_STORAGE, hash_file)
hash_rule_data = utils.open_file(hash_rule_path)
for hash_val in hash_rule_data:
hash_val = hash_val.strip("\n").strip(" ")
if file_hash_value == hash_val:
self.logger.log(
"Possible malicious file detected: {0}".format(file_path),
logtype="warning"
)
if file_path not in self.malicious_file_list:
self.malicious_file_list.append(file_path)
super().check_virus_total(file_path)
return
return
def test_open_file(mck_open):
"""
Test open_file.
"""
utils.open_file("random_path")
mck_open.assert_called_with("random_path")