/// <summary> /// Сканирование файла /// </summary> /// <param name="path">Путь к файлу</param> /// <param name="clearVirusList">True для удаления всех сохраненных вирусов</param> public void ScanFile(string path, bool clearVirusList) { if (clearVirusList) { ClearVirusList(); } VirusFile fileForCheack = new VirusFile(path); bool findSignature = false; Counter.SetMaxValue(1, Enams.ResetStatus.Reset); if (SignatureM) { if (fileForCheack.Signature != null && SignatureString != string.Empty) { if (SignatureString.Contains(fileForCheack.Signature)) { if (AutoDeleteVirus) { fileForCheack.DeleteFile(); } else { AddInDangerFile(this, new FindDangerEventArgs(fileForCheack)); } findSignature = true; } } } if (EvrizmM) { if (!findSignature) { string fileSignature = File.ReadAllText(fileForCheack.Path); foreach (var signature in EvrizmSignature.signatures) { if (fileSignature.Contains(signature)) { if (AutoDeleteVirus) { fileForCheack.DeleteFile(); } else { AddInDangerFile(this, new FindDangerEventArgs(fileForCheack)); } //DangerFiles.Add(fileForCheack); break; } } } } Counter.Inc(); }
public void ScanProcess() { while (true) { Process[] processes = Process.GetProcesses().Where(x => !DangerProcess.Select(y => y.Process.ProcessName).ToArray().Contains(x.ProcessName) && !ClearProcess.Select(y => y.ProcessName).Contains(x.ProcessName)).ToArray(); //ProcessDange[] processWhitchOff = DangerProcess.Where(x => processes.Select(y => y.ProcessName).ToArray().Contains(x.Process.ProcessName)).ToArray(); ProcessDange[] processWhitchOff = DangerProcess.Where(x => !Process.GetProcesses().Select(y => y.ProcessName).Contains(x.Process.ProcessName)).ToArray(); if (processWhitchOff.Length != 0) { //DangerProcess.RemoveAll(x => !processes.Select(y => y.ProcessName).Contains(x.Process.ProcessName)); DangerProcess.RemoveAll(x => processWhitchOff.Select(y => y.Process.ProcessName).Contains(x.Process.ProcessName)); FindDangerProcessEvent?.Invoke(this, new AddDangerProcessEventArgs(false)); } if (processes.Length != 0) { foreach (var process in processes) { try { bool notFindInException = true; foreach (var exception in ExceptionFiles) { if (process.MainModule.FileName.Contains(exception.Path)) { notFindInException = false; DangerProcess.RemoveAll(x => x.Process.ProcessName == process.ProcessName); FindDangerProcessEvent?.Invoke(this, new AddDangerProcessEventArgs(false)); break; } } //if (DangerProcess.Where(x => x.Path == process.MainModule.FileName).ToArray().Length != 0) //{ // notFindInException = false; //} if (notFindInException && !FileValidater.VerifyAuthenticodeSignature(process.MainModule.FileName)) { string fileSignature = File.ReadAllText(process.MainModule.FileName); bool findSignature = false; if (SignatureM) { if (SignatureString.Contains(new ProcessDange(process).Signature)) { findSignature = true; } } if (EvrizmM) { if (!findSignature) { foreach (var signature in EvrizmSignature.signatures) { if (fileSignature.Contains(signature)) { findSignature = true; break; } } } } if (findSignature) { //DangerList.Invoke(new Action(() => DangerList.Items.Add(new FileWhichCheked(process.MainModule.FileName)))); //DialogResult dialogResult = MessageBox.Show($"Найдена угроза в процессе {process.ProcessName}.\nНажмите \"Да\" для добавления процесса в иключение \nили нажмите \"Нет\" для его завершения", // "Найдена угроза", // MessageBoxButtons.YesNo); //if (dialogResult == DialogResult.Yes) //{ // loadedFileException.Add(new FileWhichCheked(process.MainModule.FileName)); // using (FileStream stream = File.OpenWrite(Directory.GetCurrentDirectory() + "\\ExceptionFile.vih")) // { // BinaryFormatter formatter = new BinaryFormatter(); // formatter.Serialize(stream, loadedFileException); // } //} //else if (dialogResult == DialogResult.No) //{ // //process.Kill(); //} if (CloseProcessTurn) { process.Kill(); } else { AddInDangerProcessList(new ProcessDange(process)); } if (SoundTurn) { Console.Beep(); } } else if (signatureM && evrimM) { ClearProcess.Add(process); } } else if (FileValidater.VerifyAuthenticodeSignature(process.MainModule.FileName)) { ClearProcess.Add(process); } } catch (Exception) { ClearProcess.Add(process); } } } Thread.Sleep(500); } }