private static void AntiVirusToBit9(FidoReturnValues lFidoReturnValues)
{
var lBit9ReturnValues = new Bit9ReturnValues();
var sFileInfo = lFidoReturnValues.Antivirus.FilePath.Split('\\');
if ((sFileInfo != null) && (sFileInfo.Length != 0))
{
Console.WriteLine(@"Antivirus detector found! Cross-referencing with Bit9.");
lBit9ReturnValues.FileName = sFileInfo[sFileInfo.Length - 1];
lFidoReturnValues.Antivirus.FileName = lBit9ReturnValues.FileName;
for (var i = 0; i < sFileInfo.Length - 1; i++)
{
if (i == sFileInfo.Length - 2)
{
lBit9ReturnValues.FilePath += sFileInfo[i];
}
else
{
if (!sFileInfo[i].Contains("'"))
{
lBit9ReturnValues.FilePath += sFileInfo[i] + "\\";
}
else
{
break;
}
}
}
lBit9ReturnValues.HostName = lFidoReturnValues.Hostname;
var lBit9Info = Detect_Bit9.GetFileInfo(null, lBit9ReturnValues);
}
}
public static List <string> GetFileInfo(IEnumerable <string> lFileHash, Bit9ReturnValues lBit9ReturnValues)
{
var lBit9Info = new List <string>();
var oBit9Return = new object[69];
var sAcekDecode = Object_Fido_Configs.GetAsString("fido.detectors.bit9.acek", null);
sAcekDecode = Aes_Crypto.DecryptStringAES(sAcekDecode, "1");
var sUserID = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.userid", null), sAcekDecode);
var sPwd = Aes_Crypto.DecryptStringAES(Object_Fido_Configs.GetAsString("fido.detectors.bit9.pwd", null), sAcekDecode);
var sBit9Server = Object_Fido_Configs.GetAsString("fido.detectors.bit9.server", null);
var sDb = Object_Fido_Configs.GetAsString("fido.detectors.bit9.db", null);
try
{
//todo: take connection string and encrypt to put in XML config
var vConnection = new SqlConnection("user id=" + sUserID + ";password="******";Server=" + sBit9Server + ",1433;Integrated Security=sspi;Database=" + sDb + ";connection timeout=60");
if (lFileHash != null)
{
//todo: SQL injection. Store query in database and fill variables when retrieving
foreach (var CMD in lFileHash.Select(sFileHash => "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE MD5 = '" + sFileHash + "'").Select(sQuery => new SqlCommand(sQuery, vConnection)))
{
CMD.CommandType = CommandType.Text;
ReadBit9Info(vConnection, CMD, oBit9Return, lBit9Info);
}
}
else if (lBit9ReturnValues != null)
{
//todo: SQL injection. Store query in database and fill values when retrieving
var sQuery = "SELECT * FROM [das].[dbo].[Fido_FileInstanceInfo] WHERE FILE_NAME = '" + lBit9ReturnValues.FileName.ToLower() + "' AND Path_Name = '" + lBit9ReturnValues.FilePath.ToLower() + "' AND Computer_Name = '" + lBit9ReturnValues.HostName + "'";
var CMD = new SqlCommand(sQuery, vConnection)
{
CommandType = CommandType.Text
};
ReadBit9Info(vConnection, CMD, oBit9Return, lBit9Info);
}
//if no count then no hash information exists
if (lBit9Info.Count != 0)
{
}
}
catch (Exception e)
{
Fido_EventHandler.SendEmail("Fido Error", "Fido Failed: {0} Exception caught retrieving file information from Bit9:" + e);
}
return(lBit9Info);
}
