static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction) { try { if (!Firewall.Apps.Contains(app)) { if (!SettingsManager.Silence) { Firewall.Apps.Add(app); KavprotVoice.SpeakAsync("Would you like to allow this network access"); DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo(); inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No; inf.Title = "Firewall Rule"; inf.Text = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?"; inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation; inf.Header = "Application Connection"; inf.FooterText = "Kavprot smart security"; inf.DialogColor = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver; DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf); if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes) { Firewall.Add("AllowAll", app); } else { Firewall.Add("DenyAll", app); } } else { Firewall.Apps.Add(app); if (!Scanner.CheckReputation(app)) { Firewall.Add("AllowAll", app); } else { Firewall.Add("DenyAll", app); } } } } catch (Exception ex) { AntiCrash.LogException(ex); } finally { } }
static void FilterData(Session session) { if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com")) { object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString())); if (v != null) { KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString()); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); } } }
static object VoiceCommand(string text) { // add more if (text.StartsWith("run process ")) { Process.Start(text.Replace("run process", "")); return("Process started"); } else if (text.StartsWith("kill process ")) { foreach (Process p in Process.GetProcessesByName(text.Replace("kill process", ""))) { p.Kill(); } return("Process killed"); } else if (text.StartsWith("say ")) { KavprotVoice.SpeakAsync(text.Replace("say", "")); return("text said"); } else if (text.StartsWith("shutdown computer in ")) { KAVE.Windows.WindowsControl.Shutdown(Int32.Parse(text.Replace("shutdown computer in ", "").Replace("seconds", ""))); return("shuting down computer"); } else if (text.StartsWith("reboot computer in ")) { KAVE.Windows.WindowsControl.Reboot(Int32.Parse(text.Replace("rboot computer in ", "").Replace("seconds", ""))); return("rebooting computer"); } else { KavprotVoice.SpeakAsync("Unknow command, try again"); return("Unknown command"); } }
static bool SafeBrowse(Session session) { // WBSD if (SettingsManager.WebAgentSmartDetection) { foreach (string word in Blockers) { if (session.fullUrl.Contains(word)) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("This url contains a blocked word."); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } } } // filter data if (SettingsManager.ParentalControl) { BlackListResult result = CheckUrl(session.fullUrl); if (result == BlackListResult.MalwareAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A malware website access was blocked."); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.PhishingAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A phishing website access was blocked"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Phishing Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Phishing Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PhishMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.PornAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A pornographic website access was blocked"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a P**n Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a P**n Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PornMSG)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.Undetermined) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("Kavprot blocked this website for unknown reason"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Proxy Error") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart securityProxy ERROR") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.UnderterminedMSG)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } } return(false); }