public async void GetReportForRecentFile() { //We ignore these fields due to unknown file IgnoreMissingJson(" / MD5", " / Permalink", " / Positives", " / scan_date", " / Scans", " / SHA1", " / SHA256", " / Total"); ScanResult result = await VirusTotal.ScanFileAsync(TestData.GetRandomFile(128, 1).First(), TestData.TestFileName); FileReport fileReport = await VirusTotal.GetFileReportAsync(result.ScanId); Assert.Equal(FileReportResponseCode.Queued, fileReport.ResponseCode); }
private static async Task Main(string[] args) { VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt"); PrintScan(fileResult); } Console.WriteLine(); string scanUrl = "http://www.google.com/"; UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl); PrintScan(urlResult); } }
/// <summary> /// Method to send file on server for scanning /// </summary> /// <returns>The scan.</returns> /// <param name="file">File.</param> static ScanResult SendScan(FileInfo file) { VirusTotal vt = new VirusTotal(File.ReadAllText(Globals.ApiKey)); System.Threading.Tasks.Task <ScanResult> report = null; try { report = vt.ScanFileAsync(file); } catch (System.AggregateException e) { WriteLine(e.Message); Exit(1); } return(report.Result); }
/// <summary> /// The submit_file /// </summary> /// <param name="filu">The filu<see cref="string"/></param> private async void submit_file(string filu = null) { listView1.Items.Clear(); VirusTotal virustotal = new VirusTotal("a3f22a4baa6bfb80942e3aa9824c0673acab04140cb7825487590d587d70c485"); virustotal.UseTLS = true; FileReport report = await virustotal.GetFileReportAsync(Eicar); bool Scancheck = report.ResponseCode == FileReportResponseCode.Present; if (Scancheck) { linkLabel2.Show(); linkLabel2.Text = report.Permalink; } else { ScanResult fileResult = await virustotal.ScanFileAsync(Eicar, filu); MessageBox.Show(@"Tiedostoa ei ole tarkistettu aikaisemmin.", @"Information", MessageBoxButtons.OK, MessageBoxIcon.Information); Process.Start(fileResult.Permalink); } if (report.ResponseCode == FileReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in report.Scans) { ListViewItem itm = new ListViewItem { Text = scan.Key }; itm.SubItems.Add(scan.Value.Result); itm.SubItems[1].ForeColor = Color.Red; itm.UseItemStyleForSubItems = false; itm.SubItems.Add(report.ScanDate.ToString(CultureInfo.CurrentCulture)); itm.SubItems.Add(report.SHA256); listView1.Items.Add(itm); } } if (report.Positives >= 3) { WbRequest.URLRequest("https://cryphic.gq/vtotal.php?id=" + LoginSplit[1] + "&sha256=" + report.SHA256 + "&date=" + report.ScanDate + "&file=" + filu); } }
/// <summary> /// We use this instead of a manifest to only elevate the user to admin when needed. /// </summary> //private static void RestartBinaryAsAdminIfRequired(string[] args) //{ // if (!UacHelper.IsProcessElevated) // { // Process p = new Process(); // p.StartInfo.FileName = Assembly.GetEntryAssembly().Location; // p.StartInfo.Arguments = string.Join(" ", args); // p.StartInfo.Verb = "runAs"; // p.Start(); // Environment.Exit(0); // } //} private static async Task VirusScanFile(string filePath) { VirusTotal virusTotal = new VirusTotal(Configuration["apikey"]); virusTotal.UseTLS = true; FileInfo fileInfo = new FileInfo(filePath); if (!fileInfo.Exists) { return; } //Check if the file has been scanned before. Console.WriteLine("Getting report for " + Path.GetFileName(filePath)); FileReport report = await virusTotal.GetFileReportAsync(fileInfo); if (report == null || report.ResponseCode != FileReportResponseCode.Present) { Console.WriteLine("No report for " + Path.GetFileName(filePath) + " - sending file to VT"); try { ScanResult result = await virusTotal.ScanFileAsync(fileInfo); Console.WriteLine("Opening " + result.Permalink); OpenUrl(result.Permalink); } catch (RateLimitException) { Console.WriteLine("Virus Total limits the number of calls you can make to 4 calls each 60 seconds."); } catch (SizeLimitException) { Console.WriteLine("Virus Total limits the filesize to 32 MB.", "File too large"); } } else { Console.WriteLine("Opening " + report.Permalink); OpenUrl(report.Permalink); } }
public async Task <ScanResponseData> ScanFileAsync(string filePath) { byte[] file = await FileToBytesAsync(filePath); return(await GetScanResultAsync(await handle.ScanFileAsync(file, filePath))); }
public async Task <KeyValuePair <bool, string> > UploadFile() { try { if (HttpContext.Current.Request.Files.AllKeys.Any()) { var httpPostedFile = HttpContext.Current.Request?.Files[0]; ScanResult fileResult = new ScanResult(); var fileSavePath = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\UploadedFiles\\"; var destinationFolder = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\DestinationFiles\\"; if (httpPostedFile != null) { //TODO: Scan the file VirusTotal virusTotal = new VirusTotal("1cc302b2a9d28a98df644cb215330e13003ea1d3bcf4bc7eaf453484d8e337a8"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Get the byte array byte[] fileByteArray = new byte[httpPostedFile.ContentLength]; httpPostedFile.InputStream.Read(fileByteArray, 0, httpPostedFile.ContentLength); var fileName = GetFileName(httpPostedFile.FileName); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(fileByteArray); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; if (hasFileBeenScannedBefore) { //Move it to the Destination Folder switch (fileReport?.Positives) { case 0: SaveFile(destinationFolder, fileName, httpPostedFile); break; default: break; } } else { fileResult = await virusTotal.ScanFileAsync(fileByteArray, fileName); if (fileResult.ResponseCode == ScanFileResponseCode.Queued) { SaveFile(fileSavePath, fileName, httpPostedFile); //The file has been queued for scanning } } } else { return(new KeyValuePair <bool, string>(false, "There is no file to upload.")); } return(new KeyValuePair <bool, string>(true, "Uploaded File")); } return(new KeyValuePair <bool, string>(false, "No file found to upload.")); } catch (Exception ex) { return(new KeyValuePair <bool, string>(false, "An error occurred while uploading the file. Error Message: " + ex.Message)); } }
protected override async Task ExecuteAsync(CancellationToken stoppingToken) { //Read configs var strCheckInterval = _conf.GetValue <string>("AnalyseService:CheckIntervalSeconds"); _l.Information($"chekinterval {strCheckInterval}"); int checkInterval = 15; try { checkInterval = System.Int32.Parse(strCheckInterval); } catch (Exception e) { _l.Error(e.Message); } // Read secrets JObject secretsConfig = JObject.Parse(File.ReadAllText(@"secrets.json")); //secrets.json file not checked in. .gitignore var vtApiKey = (string)secretsConfig["ApiKeys"]["VirusTotal"]; // Init analyserPlugins VirusTotal vt = new VirusTotal(vtApiKey); vt.UseTLS = true; _l.Debug($"Analyse Service started; will check for new entries each {checkInterval} seconds."); while (!stoppingToken.IsCancellationRequested) { var analyseItems = _asvc.getItemsToBeAnalysed(); foreach (var ac in analyseItems) { _l.Debug($"Fetched item {ac.UniqueKey} for analysing."); ac.Status = ApiActivity.ApiStatus.Analysing; ac.Message = "Analysing"; _asvc.addUpdateApiActivity(ac); //prepare filestream using (Stream fs = File.OpenRead(ac.SystemOfficeFilename)) { // new Analyser Service start e.g. VirusTotal ac.Message = $"Checking Virustotal for known file {ac.UserOfficeFilename}. This can take up to 5 Min..."; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); // first check if file already known to VT var fileReport = await vt.GetFileReportAsync(fs); _l.Information($"File Report requested for Resource {fileReport.Resource}"); if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Queued) { // file already submitted but still scanned -> not scanning again _l.Information($"File {ac.UserOfficeFilename} already submitted. Not scanning again. Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}"); ac.Status = ApiActivity.ApiStatus.QueuedAnalysis; _asvc.addUpdateApiActivity(ac); } if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.NotPresent) { ScanResult scanResult = null; // reset stream, otherwise it's posted from last position :( fs.Seek(0, SeekOrigin.Begin); //not known to VT -> start new scan ac.Message = "File not know to VT yet. Starting Scan..."; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); scanResult = await vt.ScanFileAsync(fs, ac.SystemOfficeFilename); if (scanResult.ResponseCode == VirusTotalNet.ResponseCodes.ScanFileResponseCode.Queued) { // set to result queued to be picked up by loop next time; then Results should be already known // and can be retrieved. ac.Message = $"File Queued for Analysis in VirusTotal with ScanID {scanResult.ScanId}."; ac.Status = ApiActivity.ApiStatus.QueuedAnalysis; _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message + $"Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}"); } } if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Present) { //Filereport here, check _l.Information($"Filereport retrieved successfully. Checking if file file clean.."); // how many positives are OK? int maxPositives = Int32.Parse(_conf["AnalyseService:SecurityPlugins:Virustotal:MaxPositives"]); if (fileReport.Positives < maxPositives) { //file clean ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File clean! Queued for Signing"; ac.Status = ApiActivity.ApiStatus.QueuedSigning; //send to signing service _asvc.addUpdateApiActivity(ac); _l.Information(ac.Message); } else { //file infected ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File infected!! Cancel Signing"; ac.Status = ApiActivity.ApiStatus.Error; _asvc.addUpdateApiActivity(ac); _l.Warning(ac.Message); } } } } await Task.Delay(1000 *checkInterval, stoppingToken); } }
public static async Task GetScanReportForFile() { VirusTotal virusTotal = new VirusTotal(""); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; virusTotal.Timeout = TimeSpan.FromSeconds(500); try { FileReport fileReport = await virusTotal.GetFileReportAsync(Program.fileName); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; if (!hasFileBeenScannedBefore) { Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); } //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { if (!File.Exists(Program.filePath)) { throw new FileNotFoundException("The file was not found.", Program.filePath); } Stream fs = File.OpenRead(Program.filePath); ScanResult fileResult = await virusTotal.ScanFileAsync(fs, Program.fileName); PrintScan(fileResult); } } catch (VirusTotalNet.Exceptions.SizeLimitException) { try { virusTotal.RestrictSizeLimits = false; Stream fs = File.OpenRead(Program.filePath); ScanResult fileResult = await virusTotal.ScanLargeFileAsync(fs, Program.fileName); } catch (VirusTotalNet.Exceptions.SizeLimitException) { Console.WriteLine("VirusTotalNet.Exceptions.SizeLimitException"); DBConnect.InsertnotvtscannedTable(Program.appName, Program.fileName, "", "SizeLimitException"); } catch (Exception ex) { Console.WriteLine(ex.Message); DBConnect.InsertnotvtscannedTable(Program.appName, Program.fileName, "", ex.Message); } } catch (VirusTotalNet.Exceptions.RateLimitException) { Console.WriteLine("VirusTotalNet.Exceptions.RateLimitException"); DBConnect.InsertnotvtscannedTable(Program.appName, Program.fileName, "", "RateLimitException"); } catch (Exception ex) { Console.WriteLine(ex.Message); DBConnect.InsertnotvtscannedTable(Program.appName, Program.fileName, "", ex.Message); } }
public async Task <InfoModel> ScanFile(ScanJob scanJob) { //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html //byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //If the file has been scanned before, the results are embedded inside the report. //if (hasFileBeenScannedBefore) //{ // PrintScan(fileReport); //} //else //{ FileReport fileReport = null; if (scanJob.GetSize() < 33553369 && scanJob.GetSize() > 0) { try { byte[] file = File.ReadAllBytes(scanJob.mFilePath); ScanResult fileResult = await mVirusTotal.ScanFileAsync(file, scanJob.mFilePath); int NR_ATTEMPTS = 3; while (NR_ATTEMPTS != 0) { fileReport = await mVirusTotal.GetFileReportAsync(fileResult.SHA256); if (fileReport.ResponseCode == FileReportResponseCode.Present) { break; } Thread.Sleep(1000); NR_ATTEMPTS--; } } catch (Exception ex) { } } // PrintScan(fileResult); //} //Console.WriteLine(); //string scanUrl = "http://www.google.com/"; //UrlReport urlReport = await mVirusTotal.GetUrlReportAsync(scanUrl); //bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; //Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); ////If the url has been scanned before, the results are embedded inside the report. //if (hasUrlBeenScannedBefore) //{ // PrintScan(urlReport); //} //else //{ // UrlScanResult urlResult = await mVirusTotal.ScanUrlAsync(scanUrl); // PrintScan(urlResult); //} InfoModel infoModel; if (fileReport != null && fileReport.ResponseCode == FileReportResponseCode.Present) { infoModel = new InfoModel { ScandId = fileReport.ScanId, Date = fileReport.ScanDate, SHA1 = fileReport.SHA1, SHA256 = fileReport.SHA256, FilePath = scanJob.mFilePath, Positives = fileReport.Positives, Total = fileReport.Total }; List <Scan> Scans = new List <Scan>(); try { foreach (KeyValuePair <string, ScanEngine> scan in fileReport.Scans) { var scanModel = new Scan { EngineName = scan.Key, Detected = scan.Value.Detected, Version = scan.Value.Version, Result = scan.Value.Result }; Scans.Add(scanModel); } } catch (Exception ex) { } infoModel.Scans = Scans; } else { infoModel = new InfoModel(); infoModel.Messages.Add("The file is too large for Virus Total, has 0 bytes or license limit."); } return(infoModel); }
public async Task ScanVeryLargeFileOverLimit() { //We expect it to throw a SizeLimitException because the file is above the legal limit await Assert.ThrowsAsync <SizeLimitException>(async() => await VirusTotal.ScanFileAsync(new byte[VirusTotal.LargeFileSizeLimit + 1], TestData.TestFileName)); }
public async Task ScanSmallFile() { ScanResult fileResult = await VirusTotal.ScanFileAsync(new byte[1], TestData.TestFileName); Assert.Equal(ScanFileResponseCode.Queued, fileResult.ResponseCode); }
public static void VirusTotalFileFromRepo(DbFile file) { try { if (!Context.VirusTotalEnabled) { Failed?.Invoke("VirusTotal is not usable"); return; } if (vTotal == null) { Failed?.Invoke("VirusTotal is not initalized"); } FileReport fResult = null; UpdateProgress?.Invoke("Requesting existing report to VirusTotal", null, 0, 0); #if DEBUG stopwatch.Restart(); #endif Task.Run(async() => { fResult = await vTotal.GetFileReportAsync(file.Sha256); }).Wait(); #if DEBUG stopwatch.Stop(); Console.WriteLine("Core.VirusTotalFileFromRepo({0}): VirusTotal took {1} seconds to answer for SHA256 request", file, stopwatch.Elapsed.TotalSeconds); #endif if (fResult.ResponseCode == FileReportResponseCode.NotPresent) { Failed?.Invoke(fResult.VerboseMsg); return; } if (fResult.ResponseCode != FileReportResponseCode.Queued) { if (fResult.ResponseCode == FileReportResponseCode.Present) { if (fResult.Positives > 0) { file.HasVirus = true; if (fResult.Scans != null) { foreach (KeyValuePair <string, ScanEngine> engine in fResult.Scans) { if (!engine.Value.Detected) { continue; } file.Virus = engine.Value.Result; file.VirusTotalTime = engine.Value.Update; dbCore.DbOps.UpdateFile(file); ScanFinished?.Invoke(file); return; } } } else { // If no scan has been done, mark as false. // If a positive has already existed don't overwrite it. file.HasVirus = false; file.Virus = null; file.VirusTotalTime = DateTime.UtcNow; dbCore.DbOps.UpdateFile(file); ScanFinished?.Invoke(file); return; } } string repoPath; AlgoEnum algorithm; if (File.Exists(Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".gz"))) { repoPath = Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".gz"); algorithm = AlgoEnum.GZip; } else if (File.Exists(Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".bz2"))) { repoPath = Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".bz2"); algorithm = AlgoEnum.BZip2; } else if (File.Exists(Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".lzma"))) { repoPath = Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".lzma"); algorithm = AlgoEnum.LZMA; } else if (File.Exists(Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".lz"))) { repoPath = Path.Combine(Settings.Current.RepositoryPath, file.Sha256[0].ToString(), file.Sha256[1].ToString(), file.Sha256[2].ToString(), file.Sha256[3].ToString(), file.Sha256[4].ToString(), file.Sha256 + ".lz"); algorithm = AlgoEnum.LZip; } else { Failed?.Invoke($"Cannot find file with hash {file.Sha256} in the repository"); return; } UpdateProgress?.Invoke("Uncompressing file...", null, 0, 0); var inFs = new FileStream(repoPath, FileMode.Open, FileAccess.Read); Stream zStream = null; switch (algorithm) { case AlgoEnum.GZip: zStream = new GZipStream(inFs, CompressionMode.Decompress); break; case AlgoEnum.BZip2: zStream = new BZip2Stream(inFs, CompressionMode.Decompress); break; case AlgoEnum.LZMA: byte[] properties = new byte[5]; inFs.Read(properties, 0, 5); inFs.Seek(8, SeekOrigin.Current); zStream = new LzmaStream(properties, inFs, inFs.Length - 13, file.Length); break; case AlgoEnum.LZip: zStream = new LZipStream(inFs, CompressionMode.Decompress); break; } ScanResult sResult = null; #if DEBUG stopwatch.Restart(); #endif // Cannot use zStream directly, VirusTotal.NET requests the size *sigh* string tmpFile = Path.Combine(Settings.Current.TemporaryFolder, Path.GetTempFileName()); var outFs = new FileStream(tmpFile, FileMode.Create, FileAccess.ReadWrite); zStream?.CopyTo(outFs); zStream?.Close(); outFs.Seek(0, SeekOrigin.Begin); #if DEBUG stopwatch.Stop(); Console.WriteLine("Core.VirusTotalFileFromRepo({0}): Uncompressing took {1} seconds", file, stopwatch.Elapsed.TotalSeconds); #endif UpdateProgress?.Invoke("Uploading file to VirusTotal...", null, 0, 0); #if DEBUG stopwatch.Restart(); #endif Task.Run(async() => { sResult = await vTotal.ScanFileAsync(outFs, file.Sha256); // Keep filename private, sorry! }).Wait(); #if DEBUG stopwatch.Stop(); Console.WriteLine("Core.VirusTotalFileFromRepo({0}): Upload to VirusTotal took {1} seconds", file, stopwatch.Elapsed.TotalSeconds); #endif outFs.Close(); File.Delete(tmpFile); if (sResult == null || sResult.ResponseCode == ScanFileResponseCode.Error) { if (sResult == null) { Failed?.Invoke("Cannot send file to VirusTotal"); } else { Failed(sResult.VerboseMsg); } return; } // Seems that we are faster than them, getting a lot of "not queued" responses... Thread.Sleep(2500); Task.Run(async() => { fResult = await vTotal.GetFileReportAsync(file.Sha256); }).Wait(); } UpdateProgress?.Invoke("Waiting for VirusTotal analysis...", null, 0, 0); #if DEBUG stopwatch.Restart(); #endif int counter = 0; while (fResult.ResponseCode == FileReportResponseCode.Queued) { // Timeout... if (counter == 10) { break; } // Wait 15 seconds so we fall in the 4 requests/minute Thread.Sleep(15000); Task.Run(async() => { fResult = await vTotal.GetFileReportAsync(file.Sha256); }).Wait(); counter++; } #if DEBUG stopwatch.Stop(); Console.WriteLine("Core.VirusTotalFileFromRepo({0}): VirusTotal took {1} seconds to do the analysis", file, stopwatch.Elapsed.TotalSeconds); #endif if (fResult.ResponseCode != FileReportResponseCode.Present) { Failed?.Invoke(fResult.VerboseMsg); return; } if (fResult.Positives > 0) { file.HasVirus = true; if (fResult.Scans == null) { return; } foreach (KeyValuePair <string, ScanEngine> engine in fResult.Scans) { if (!engine.Value.Detected) { continue; } file.Virus = engine.Value.Result; file.VirusTotalTime = engine.Value.Update; dbCore.DbOps.UpdateFile(file); ScanFinished?.Invoke(file); return; } } else { // If no scan has been done, mark as false. // If a positive has already existed don't overwrite it. file.HasVirus = false; file.Virus = null; file.VirusTotalTime = DateTime.UtcNow; dbCore.DbOps.UpdateFile(file); ScanFinished?.Invoke(file); } } catch (Exception ex) { Failed?.Invoke($"Exception {ex.InnerException.Message} when calling VirusTotal"); #if DEBUG Console.WriteLine("Exception {0}\n{1}", ex.Message, ex.InnerException); #endif } }
//private static async Task RunExample(string test) private async Task <List <VTScanResult> > RunExample(string strfile, ScanFileLog scanFileinfo) { List <VTScanResult> log = new List <VTScanResult>(); Debug.WriteLine(DateTime.Now + ": RunExample Task Started "); ScanFileLog scanFileLog = ScanFileLogRepo.GetbyId(scanFileinfo.ScanId); scanFileLog.StartTime = DateTime.Now.ToString(); scanFileLog.Status = ScanStatus.Started; try { VirusTotal virusTotal = new VirusTotal("86c775d4d351a9a180f798b3957d51cf9bd838b80f88cd226f28dbaa6a4d3102"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html //byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. //FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); FileReport fileReport = await virusTotal.GetFileReportAsync(new System.IO.FileInfo(strfile)); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; Debug.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { scanFileLog.Status = ScanStatus.Completed; scanFileLog.Message = (fileReport.Positives > 0) ? string.Format("Virus Found {0}", fileReport.Positives) : fileReport.VerboseMsg; if (fileReport.ResponseCode == FileReportResponseCode.Present) { foreach (KeyValuePair <string, ScanEngine> scan in fileReport.Scans) { Debug.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected); log.Add(new VTScanResult { ScanId = scan.Key, VirusFound = scan.Value.Detected, Result = scan.Value.Result }); } } } else { //ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt"); scanFileLog.Status = ScanStatus.Queued; ScanResult fileResult = await virusTotal.ScanFileAsync(new System.IO.FileInfo(strfile)); scanFileLog.Message = fileResult.VerboseMsg; log.Add(new VTScanResult { ScanId = fileResult.ScanId, Result = fileResult.VerboseMsg }); } } catch (Exception ex) { scanFileLog.Status = ScanStatus.Error; scanFileLog.Message = ex.Message; //throw new; } finally { scanFileLog.FinishTime = DateTime.Now.ToString(); scanFileLog.ScanResults = log; // ScanFileLogRepo.Record(scanFileLog); } return(log as List <VTScanResult>); }
public static async Task <AV_Report> ScanFile(string filepath, string key, List <string> active_avs, bool queued, bool ispremium, Scan scanform) { AV_Report avreport = new AV_Report(); VirusTotal virusTotal = new VirusTotal(key); List <AV_Result> results = new List <AV_Result>(); virusTotal.UseTLS = true; byte[] filebytes = File.ReadAllBytes(filepath); string filehash; bool report_fail; using (SHA256 sha256obj = SHA256.Create()) { filehash = BytesToHexString(sha256obj.ComputeHash(filebytes)); } FileReport obj_report = null; dynamic json_report = null; while (true) { try { if (ispremium) { obj_report = await virusTotal.GetFileReportAsync(filebytes); report_fail = obj_report.ResponseCode != FileReportResponseCode.Present; } else { string response_str = await GetReportData(filehash); if (response_str != null) { json_report = JsonConvert.DeserializeObject(response_str); } report_fail = response_str == null || json_report.error != null; } if (report_fail) { if (queued) { await Task.Delay(bigtimeout); continue; } else { await virusTotal.ScanFileAsync(filepath); return(null); } } avreport.file = filepath; avreport.hash = filehash; var culture = new CultureInfo("ro-RO"); DateTime localDate = DateTime.Now; avreport.time = localDate.ToString(culture); if (ispremium) { foreach (var item in active_avs) { ScanEngine scan = obj_report.Scans[item]; AV_Result result = new AV_Result(); result.av_name = item; if (scan.Detected) { result.result = scan.Result; } else { result.result = "Clean"; } results.Add(result); } } else { dynamic scanresults = json_report.data.attributes.last_analysis_results; foreach (var item in active_avs) { dynamic avresult = scanresults[item]; AV_Result result = new AV_Result(); result.av_name = item; if (avresult.category == "malicious" && avresult.result != null) { result.result = avresult.result; } else { result.result = "Clean"; } results.Add(result); } } avreport.av_results = results; return(avreport); } catch (Exception) { bool res = await Settings.IsInternetAvailable(); if (!res) { if (scanform.net_msg != null) { scanform.net_msg.Close(); } scanform.net_msg = new TotalMessage("Scan Error", "No internet connection :( ", MessageBoxButtons.OK); scanform.net_msg.ShowDialog(); scanform.net_msg = null; } await Task.Delay(bigtimeout); continue; } } }
private static async Task Main(string[] args) { Console.WriteLine("Hello, what do you want to scan?\n"); Console.WriteLine("for url press 1, for file presss 2, for ip press 3"); //int choice; String temp = Console.ReadLine(); //choice=int.Parse(temp); Console.WriteLine(temp); VirusTotal virusTotal = new VirusTotal("50c1c91e9bfc7cb858022a0cbeaf1ba0f8782dbbd506be82f71b1e3f243000cf"); //Use HTTPS instead of HTTP virusTotal.UseTLS = true; //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"); //Check if the file has been scanned before. FileReport fileReport = await virusTotal.GetFileReportAsync(eicar); bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present; Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No")); //If the file has been scanned before, the results are embedded inside the report. if (hasFileBeenScannedBefore) { PrintScan(fileReport); } else { ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt"); PrintScan(fileResult); } Console.WriteLine(); string scanUrl = "http://www.google.com/"; UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl); bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present; Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No")); //If the url has been scanned before, the results are embedded inside the report. if (hasUrlBeenScannedBefore) { PrintScan(urlReport); } else { UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl); PrintScan(urlResult); } }