public object ScanM(string filename) { FileInfo fi = new FileInfo(filename); if (fi.Length < MaximumSize) { object x = null; FileStream fileStream = new FileStream(filename, FileMode.Open, FileAccess.Read); using (StreamReader sr = new StreamReader(fileStream)) { StringBuilder sb = new StringBuilder(); string hex = Security.DumpHex(sr, sb); x = VDB.GetScript(hex); } if (x != null) { return(x); } else { return(AVEngine.HashScanner.ScanHS(filename)); } } else { return(null); } }
static void FilterData(Session session) { if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com")) { object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString())); if (v != null) { KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString()); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); } } }
public object Scan(string filename, System.Windows.Forms.Label lb) { FileInfo fi = new FileInfo(filename); if (fi.Length < MaximumSize) { object x = null; FileStream fileStream = new FileStream(filename, FileMode.Open, FileAccess.Read); using (StreamReader sr = new StreamReader(fileStream)) { StringBuilder sb = new StringBuilder(); string hex = Security.DumpHex(sr, sb); x = VDB.GetScript(hex); } return(x); } else { return(null); } }