/// <summary>
/// Performs a file scan.
/// First checks if there is an existing file report.
/// If no existing file report found at VT requests a new file report.
/// Then checks every thirty seconds for a result.
/// Doesn't return until VT results come in. Can take up to five minutes
/// </summary>
/// <param name="fileInfo"></param>
/// <param name="delayBetweenRequestsMs">Virus Total only allows up to 4 request per minute. This delay adds a pause between each api call. Avoids exceptions. Defaults to 30.5 seconds.</param>
/// <returns>A Tuple. Item 1 is a detection ratio (a float derived from positives divided by total). Item 2 is Virus Total permalink for scan.</returns>
public async Task <Tuple <float, string> > ScanFileComplete(FileInfo fileInfo, int delayBetweenRequestsMs = 30500)
{
Console.WriteLine($"Getting File Report: {fileInfo.FullName}");
var fileReport = await _virusTotal.GetFileReport(fileInfo);
var scanId = string.Empty;
while (fileReport.ResponseCode != ResponseCodes.ReportResponseCode.Present)
{
if (string.IsNullOrEmpty(scanId))
{
Console.WriteLine($"Waiting {delayBetweenRequestsMs} ms");
await Task.Delay(delayBetweenRequestsMs);
var scanResult = await _virusTotal.ScanFile(fileInfo);
scanId = scanResult.ScanId;
Console.WriteLine($"scanId: {scanId}");
}
Console.WriteLine($"Waiting {delayBetweenRequestsMs} ms");
await Task.Delay(delayBetweenRequestsMs);
fileReport = await _virusTotal.GetFileReport(scanId);
}
var detectionRatio = fileReport.Positives / (float)fileReport.Total;
Console.WriteLine($"Detection Ratio: {fileReport.Positives} / {fileReport.Total} = {detectionRatio}");
return(new Tuple <float, string>(detectionRatio, fileReport.Permalink));
}
public static Report Scan(string file, int timeout)
{
int time = 0;
Report rep = null;
VirusTotal v = new VirusTotal("2f26e8512174ab034b2df8dc1a58b56c773102a7aa61c2fd78179b0ae8e9647b");
v.UseTLS = true;
ScanResult result = v.ScanFile(file);
//nao tem na base de dados
if (result.ResponseCode == 0)
{
}
//esta na lista de analise
else if (result.ResponseCode == -2)
{
}
//ja tem na base de dados
else if (result.ResponseCode == 1)
{
rep = v.GetFileReport(result.Resource)[0];
if (rep.ScanDate.Substring(0, 10) != DateTime.Today.ToString("yyyy-MM-dd"))
{
int error = 0;
//tenta mandaaar 3 vezes se der erro
while (error < 3)
{
result = v.Rescan(result.Resource)[0];
if (result.ResponseCode != 0)
{
break;
}
error++;
}
if (error == 3)
{
throw new Exception("Error on rescan file SHA256:" + result.Sha256);
}
}
}
while (time <= timeout)
{
rep = v.GetFileReport(result.Resource)[0];
//ja terminou scan
if (rep.ResponseCode == 1)
{
return(rep);
}
time += 60000;
}
Thread.Sleep(60000);
throw new Exception("Timeout on get scan report");
}
private void WorkOnNextItem(FileInfo fileInfo)
{
if (!fileInfo.Exists)
{
return;
}
var hash = HashHelper.GetSHA256(fileInfo);
if (_recentScanHashes.Contains(hash))
{
return;
}
OnStateChanged(ScannerState.Scanning);
var report = _virusTotal.GetFileReport(fileInfo);
_recentScanHashes.Add(hash);
if (report.ResponseCode == ReportResponseCode.Present)
{
if (report.Scans.Any(s => s.Detected))
{
TriggerVirusFound(fileInfo, report);
}
}
_waitTime -= 1000;
OnNewDefinition(new VirusDefinition
{
FileName = fileInfo.FullName,
Hash = hash,
ScanResults = report.Scans != null ? report.Scans.Select(ConvertScanEngineToScanResult).ToList() : new List <ScanResult>()
});
}
public static async Task ScanFile(string path, RichTextBox richtextbox, DataGridView datagridview)
{
try
{
VirusTotalNET.VirusTotal virusTotal = new VirusTotalNET.VirusTotal(APIKey);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
////Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
//////test
//FileInfo fileInfo = new FileInfo("EICAR.txt");
//File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
FileInfo fileInfo = new FileInfo(path);
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReport(fileInfo);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport, path, hasFileBeenScannedBefore, richtextbox, datagridview);
}
else
{
ScanResult fileResult = await virusTotal.ScanFile(fileInfo);
PrintScan(fileResult, path, hasFileBeenScannedBefore, richtextbox, datagridview);
}
}
catch (Exception e)
{
MessageBox.Show(e.Message, "Something went wrong!");
}
}
