public async Task FastScan(FileModel model)
{
model.ComputeHashes();
model.CreateFileInfo();
model.ScanTime = DateTime.Now;
FileModel one = _mapper.FindOne(model.Sha256Hash);
if (one != null)
{
model.IsClean = false;
model.DetectedBy = "Hash";
}
await Task.Factory.StartNew(() =>
{
IEnumerable <string> indexFile = _yara.ScanFile(model.FilePath, _index);
IEnumerable <string> customFile = _yara.ScanFile(model.FilePath, _custom);
var file = customFile as string[] ?? customFile.ToArray();
var indexArr = indexFile as string[] ?? indexFile.ToArray();
if (file.Any())
{
model.IsClean = false;
if (model.DetectedBy is null)
{
model.DetectedBy = "Custom signature";
}
}
if (indexArr.Count() > 6)
{
model.IsClean = false;
if (model.DetectedBy is null)
{
model.DetectedBy = "Common signatures";
}
}
model.MatchedSignatures.Clear();
model.MatchedSignatures.AddRange(indexArr.Concat(file));
model.Urls.Clear();
model.Urls.AddRange(ListUrls(model.FilePath));
});
bool scanRe = await _virusTotalGateway.FastScanFile(model);
if (scanRe)
{
if (model.VirusTotalReport.Positives > (double)model.VirusTotalReport.Total * 20 / 100)
{
model.IsClean = false;
if (model.DetectedBy is null)
{
model.DetectedBy = "Online scan";
}
}
}
}
