/// <summary>
/// Сканирование файла
/// </summary>
/// <param name="path">Путь к файлу</param>
/// <param name="clearVirusList">True для удаления всех сохраненных вирусов</param>
public void ScanFile(string path, bool clearVirusList)
{
if (clearVirusList)
{
ClearVirusList();
}
VirusFile fileForCheack = new VirusFile(path);
bool findSignature = false;
Counter.SetMaxValue(1, Enams.ResetStatus.Reset);
if (SignatureM)
{
if (fileForCheack.Signature != null && SignatureString != string.Empty)
{
if (SignatureString.Contains(fileForCheack.Signature))
{
if (AutoDeleteVirus)
{
fileForCheack.DeleteFile();
}
else
{
AddInDangerFile(this, new FindDangerEventArgs(fileForCheack));
}
findSignature = true;
}
}
}
if (EvrizmM)
{
if (!findSignature)
{
string fileSignature = File.ReadAllText(fileForCheack.Path);
foreach (var signature in EvrizmSignature.signatures)
{
if (fileSignature.Contains(signature))
{
if (AutoDeleteVirus)
{
fileForCheack.DeleteFile();
}
else
{
AddInDangerFile(this, new FindDangerEventArgs(fileForCheack));
}
//DangerFiles.Add(fileForCheack);
break;
}
}
}
}
Counter.Inc();
}
public void ScanProcess()
{
while (true)
{
Process[] processes = Process.GetProcesses().Where(x => !DangerProcess.Select(y => y.Process.ProcessName).ToArray().Contains(x.ProcessName) && !ClearProcess.Select(y => y.ProcessName).Contains(x.ProcessName)).ToArray();
//ProcessDange[] processWhitchOff = DangerProcess.Where(x => processes.Select(y => y.ProcessName).ToArray().Contains(x.Process.ProcessName)).ToArray();
ProcessDange[] processWhitchOff = DangerProcess.Where(x => !Process.GetProcesses().Select(y => y.ProcessName).Contains(x.Process.ProcessName)).ToArray();
if (processWhitchOff.Length != 0)
{
//DangerProcess.RemoveAll(x => !processes.Select(y => y.ProcessName).Contains(x.Process.ProcessName));
DangerProcess.RemoveAll(x => processWhitchOff.Select(y => y.Process.ProcessName).Contains(x.Process.ProcessName));
FindDangerProcessEvent?.Invoke(this, new AddDangerProcessEventArgs(false));
}
if (processes.Length != 0)
{
foreach (var process in processes)
{
try
{
bool notFindInException = true;
foreach (var exception in ExceptionFiles)
{
if (process.MainModule.FileName.Contains(exception.Path))
{
notFindInException = false;
DangerProcess.RemoveAll(x => x.Process.ProcessName == process.ProcessName);
FindDangerProcessEvent?.Invoke(this, new AddDangerProcessEventArgs(false));
break;
}
}
//if (DangerProcess.Where(x => x.Path == process.MainModule.FileName).ToArray().Length != 0)
//{
// notFindInException = false;
//}
if (notFindInException && !FileValidater.VerifyAuthenticodeSignature(process.MainModule.FileName))
{
string fileSignature = File.ReadAllText(process.MainModule.FileName);
bool findSignature = false;
if (SignatureM)
{
if (SignatureString.Contains(new ProcessDange(process).Signature))
{
findSignature = true;
}
}
if (EvrizmM)
{
if (!findSignature)
{
foreach (var signature in EvrizmSignature.signatures)
{
if (fileSignature.Contains(signature))
{
findSignature = true;
break;
}
}
}
}
if (findSignature)
{
//DangerList.Invoke(new Action(() => DangerList.Items.Add(new FileWhichCheked(process.MainModule.FileName))));
//DialogResult dialogResult = MessageBox.Show($"Найдена угроза в процессе {process.ProcessName}.\nНажмите \"Да\" для добавления процесса в иключение \nили нажмите \"Нет\" для его завершения",
// "Найдена угроза",
// MessageBoxButtons.YesNo);
//if (dialogResult == DialogResult.Yes)
//{
// loadedFileException.Add(new FileWhichCheked(process.MainModule.FileName));
// using (FileStream stream = File.OpenWrite(Directory.GetCurrentDirectory() + "\\ExceptionFile.vih"))
// {
// BinaryFormatter formatter = new BinaryFormatter();
// formatter.Serialize(stream, loadedFileException);
// }
//}
//else if (dialogResult == DialogResult.No)
//{
// //process.Kill();
//}
if (CloseProcessTurn)
{
process.Kill();
}
else
{
AddInDangerProcessList(new ProcessDange(process));
}
if (SoundTurn)
{
Console.Beep();
}
}
else if (signatureM && evrimM)
{
ClearProcess.Add(process);
}
}
else if (FileValidater.VerifyAuthenticodeSignature(process.MainModule.FileName))
{
ClearProcess.Add(process);
}
}
catch (Exception)
{
ClearProcess.Add(process);
}
}
}
Thread.Sleep(500);
}
}