public FileAnalysisStatus Analyze() { FileAnalysisStatus status = SubmitFile(); TakeAction(status); return(status); }
private void OnFileEvent(object sender, FileEventArgs e) { RemoveInvalidClients(); SendNotificationToAllClients(e); // Analyze each file on a separate Thread var _fileAnalyzerThread = new Thread(new ThreadStart(() => { try { Logger.WriteToLog("Starting a new FileAnalyzerThread."); FileAnalyzer fileAnalyzer = new FileAnalyzer(_cloudAnalyzerURL, e); FileAnalysisStatus analysisStatus = fileAnalyzer.Analyze(); e.AnalysisStatus = analysisStatus; SendNotificationToAllClients(e); } catch (Exception ex) { Logger.WriteToLog("Exception caught in FileAnalyzerThread."); Logger.WriteToLog(ex); } })) { Priority = ThreadPriority.AboveNormal, IsBackground = true }; _fileAnalyzersThreads.Add(_fileAnalyzerThread); _fileAnalyzerThread.Start(); }
public static string ToString(this FileAnalysisStatus status) { switch (status) { case FileAnalysisStatus.Unknown: return("Unknown"); case FileAnalysisStatus.Malicious: return("Malicious"); case FileAnalysisStatus.Benign: return("Benign"); case FileAnalysisStatus.Aborted: return("Aborted"); default: return("Unknown"); } }
public void ShowNotification(string Info, FileAnalysisStatus status) { // Shows a notification with specified message and title switch (status) { case FileAnalysisStatus.Unknown: _notifyIcon.ShowBalloonTip(2000, String.Format("Scanning \"{0}\"", Info), "File is blocked. Waiting for results.", ToolTipIcon.Info); return; case FileAnalysisStatus.Aborted: _notifyIcon.ShowBalloonTip(2000, String.Format("Aborted scanning \"{0}\"", Info), "You are on your own :(", ToolTipIcon.Error); return; case FileAnalysisStatus.Malicious: _notifyIcon.ShowBalloonTip(2000, String.Format("Malicious \"{0}\"", Info), "File was removed.", ToolTipIcon.Warning); return; case FileAnalysisStatus.Benign: _notifyIcon.ShowBalloonTip(2000, String.Format("Benign \"{0}\"", Info), "You can open it :)", ToolTipIcon.None); return; } }
private void TakeAction(FileAnalysisStatus analysisStatus) { Logger.WriteToLog(String.Format("Taking corresponding action on file: '{0}' with status '{1}'.", _fileToBeAnalyzed, FileAnalysisStatusExtension.ToString(analysisStatus))); // -------- DEPRECATED ------ //string adminUserName = Environment.UserName; //FileSecurity fs = File.GetAccessControl(fileToBeAnalyzed); //FileSystemAccessRule fsa = new FileSystemAccessRule(adminUserName, FileSystemRights.FullControl, AccessControlType.Deny); //fs.RemoveAccessRule(fsa); //File.SetAccessControl(fileToBeAnalyzed, fs); if (analysisStatus == FileAnalysisStatus.Malicious) { Logger.WriteToLog(String.Format("File: '{0}' is malicious. Deleting it.", _fileToBeAnalyzed)); File.Delete(_fileToBeAnalyzed); } else { Logger.WriteToLog(String.Format("Unblocking file: '{0}'.", _fileToBeAnalyzed)); FileAttributes attr = File.GetAttributes(_fileToBeAnalyzed) & ~FileAttributes.Hidden; File.SetAttributes(_fileToBeAnalyzed, attr); } }
private FileAnalysisStatus SubmitFile() { FileAnalysisStatus fileStatus = FileAnalysisStatus.Aborted; Logger.WriteToLog(String.Format("Creating submit request for file: '{0}'.", _fileToBeAnalyzed)); try { using (var httpClient = new HttpClient(new HttpClientHandler() { UseDefaultCredentials = true })) { httpClient.Timeout = Timeout.InfiniteTimeSpan; // Open fileStream by blocking share of file to other processes var fileStream = File.Open(_fileToBeAnalyzed, FileMode.Open, FileAccess.Read, FileShare.None); var fileInfo = new FileInfo(_fileToBeAnalyzed); var content = new MultipartFormDataContent(); content.Headers.Add("filePath", _fileToBeAnalyzed); content.Add(new StreamContent(fileStream), "\"file\"", String.Format("{0}", _fileToBeAnalyzed)); BlockFile(); Logger.WriteToLog(String.Format("Submitting file: '{0}' to '{1}'.", _fileToBeAnalyzed, _analyzerURL)); Logger.WriteToLog(String.Format("Content: '{0}' to '{1}'.", content.Headers.ToString(), content.ToString())); var task = httpClient.PostAsync(_analyzerURL, content) .ContinueWith(t => { if (t.Status == TaskStatus.RanToCompletion) { var response = t.Result; Logger.WriteToLog(String.Format("Response of the submit request: '{0}'.", response.ToString())); if (response.StatusCode == System.Net.HttpStatusCode.OK) { string rawResponse = response.Content.ReadAsStringAsync().Result; Logger.WriteToLog(String.Format("Server response for file: '{0}' : '{1}'.", _fileToBeAnalyzed, rawResponse)); string statusFromServer = rawResponse.Split(':')[1]; if (statusFromServer.Contains(Constants.StatusFromServerBenign)) { fileStatus = FileAnalysisStatus.Benign; } else if (statusFromServer.Contains(Constants.StatusFromServerMalicious)) { fileStatus = FileAnalysisStatus.Malicious; } else { fileStatus = FileAnalysisStatus.Aborted; } } else { fileStatus = FileAnalysisStatus.Aborted; } } else if (t.Status == TaskStatus.Faulted) { Logger.WriteToLog("Server unreachable."); fileStream.Close(); fileStream.Dispose(); fileStatus = FileAnalysisStatus.Aborted; } fileStream.Close(); fileStream.Dispose(); }); task.Wait(); } } catch (Exception ex) { Logger.WriteToLog("Unable to submit file."); Logger.WriteToLog(ex); return(FileAnalysisStatus.Aborted); } return(fileStatus); }