public async Task <string> VirusTotalScan(IFormFile formfile, string fileName)
{
var virusTotal = new VirusTotal(_configuration["VTKey"]);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Check if the file has been scanned before.
byte[] file = ConvertToBytes(formfile);
FileReport fileReport = await virusTotal.GetFileReportAsync(file);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
var jsonReport = "";
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
jsonReport = JsonConvert.SerializeObject(fileReport);
}
else
{
// scan file and return results as json
await virusTotal.ScanFileAsync(file, fileName);
FileReport fileResult = await virusTotal.GetFileReportAsync(file);
jsonReport = JsonConvert.SerializeObject(fileResult);
}
return(jsonReport);
}
private static async Task <FileReport> GetVirusTotalFileReport(string dllPath)
{
await Console.Out.WriteLineAsync($"Checking file: {dllPath} on VirusTotal");
var virusTotal =
new VirusTotal(VirusTotalApiKey)
{
UseTLS = true
};
//Check if the file has been scanned before.
var fileToScan = new FileInfo(dllPath);
var fileReport = await virusTotal.GetFileReportAsync(fileToScan);
var hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
//If the file has been scanned before, the results are embedded inside the report.
if (!hasFileBeenScannedBefore)
{
ScanResult fileResult = await virusTotal.ScanFileAsync(fileToScan);
fileReport = await virusTotal.GetFileReportAsync(fileToScan);
}
return(fileReport);
}
/// <summary>
/// Method to get report report
/// </summary>
/// <returns>The report.</returns>
/// <param name="sha256">Sha256.</param>
static FileReport Report(string sha256)
{
VirusTotal virus = new VirusTotal(File.ReadAllText(Globals.ApiKey));
var report = virus.GetFileReportAsync(sha256);
return(report.Result);
}
public async Task GetReportForKnownFile()
{
FileReport fileReport = await VirusTotal.GetFileReportAsync(TestData.EICARMalware);
//It should always be in the VirusTotal database.
Assert.Equal(FileReportResponseCode.Present, fileReport.ResponseCode);
}
public static bool InitVirusTotal(string key)
{
VirusTotal vt = null;
FileReport report = null;
try
{
Task.Run(async() =>
{
vt = new VirusTotal(key);
report =
await vt.GetFileReportAsync("b82758fc5f737a58078d3c60e2798a70d895443a86aa39adf52dec70e98c2bed");
}).Wait();
}
catch (Exception ex)
{
Failed?.Invoke(ex.InnerException?.Message);
return(false);
}
if (report == null ||
report.MD5 != "0bf60adb1435639a42b490e7e80d25c7")
{
return(false);
}
vTotal = vt;
Context.VirusTotalEnabled = true;
return(true);
}
public async Task <FileReport> GetFileReportAsync(string sha256)
{
VirusTotalNET.Results.FileReport fr = await virusTotal.GetFileReportAsync(sha256);
if (fr.ResponseCode == VirusTotalNET.ResponseCodes.FileReportResponseCode.Present)
{
Dictionary <string, ScanEngine> scans = new Dictionary <string, ScanEngine>();
foreach (KeyValuePair <string, VirusTotalNET.Objects.ScanEngine> scan in fr.Scans)
{
scans.Add(scan.Key,
new ScanEngine
{
Detected = scan.Value.Detected,
Version = scan.Value.Version,
Malware = scan.Value.Result
});
}
return(new FileReport
{
SHA256 = sha256,
Scans = scans
});
}
return(null);
}
private async Task <FileReport> ScanBytesAsync(byte[] bytes)
{
VirusTotal virusTotal = new VirusTotal("571adb9ec9c3d0614f1cf16ef8da0429b901eca6aeed8c84653b0e7f6ddf5da4");
virusTotal.UseTLS = true;
FileReport report = await virusTotal.GetFileReportAsync(bytes);
bool hasFileBeenScannedBefore = report.ResponseCode == FileReportResponseCode.Present;
if (hasFileBeenScannedBefore)
{
metroLabel3.ForeColor = Color.Green;
metroLabel3.Text = "успешно";
return(report);
}
else
{
ScanResult fileResult = await virusTotal.ScanFileAsync(bytes, "Eicar.txt");
metroLabel3.ForeColor = Color.Green;
metroLabel3.Text = "идет сканирование. Подождите приблизительно 2 минуты и сканируйте снова!";
report = null;
return(report);
}
}
private async Task <FileReport> ScanFileAsync(string path)
{
FileInfo info = new FileInfo(path);
VirusTotal vt = new VirusTotal("571adb9ec9c3d0614f1cf16ef8da0429b901eca6aeed8c84653b0e7f6ddf5da4");
vt.UseTLS = true;
FileReport fileReport = await vt.GetFileReportAsync(info);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
if (!hasFileBeenScannedBefore)
{
ScanResult fileResult = await vt.ScanFileAsync(info);
metroLabel3.ForeColor = Color.Green;
metroLabel3.Text = "идет сканирование. Подождите приблизительно 2 минуты и сканируйте снова!";
return(null);
}
else
{
metroLabel3.ForeColor = Color.Green;
metroLabel3.Text = "успешно";
return(fileReport);
}
}
public static FileReport UploadToVirusTotal(string APIKEY)
{
VirusTotal virusTotal = new VirusTotal(APIKEY);
virusTotal.UseTLS = true;
byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
FileReport report = await virusTotal.GetFileReportAsync(eicar);
return(report);
}
public async Task GetReportForUnknownFile()
{
//Reports for unknown files do not have these fields
IgnoreMissingJson(" / MD5", " / Permalink", " / Positives", " / scan_date", " / scan_id", " / Scans", " / SHA1", " / SHA256", " / Total");
FileReport fileReport = await VirusTotal.GetFileReportAsync(TestData.GetRandomSHA1s(1).First());
//It should not be in the VirusTotal database already, which means it should return error.
Assert.Equal(FileReportResponseCode.NotPresent, fileReport.ResponseCode);
}
public async void GetReportForRecentFile()
{
//We ignore these fields due to unknown file
IgnoreMissingJson(" / MD5", " / Permalink", " / Positives", " / scan_date", " / Scans", " / SHA1", " / SHA256", " / Total");
ScanResult result = await VirusTotal.ScanFileAsync(TestData.GetRandomFile(128, 1).First(), TestData.TestFileName);
FileReport fileReport = await VirusTotal.GetFileReportAsync(result.ScanId);
Assert.Equal(FileReportResponseCode.Queued, fileReport.ResponseCode);
}
public async Task <VirusReport> ScanForVirus(byte[] hostile)
{
VirusTotal virusTotal = new VirusTotal("1bab2d79f1076e459758fca49c07dd74ae912faf8de9e08d2569387c3cab968f"); // Maximum of 4 requests per minute for scrub api key. :(
virusTotal.UseTLS = true;
FileReport report = await virusTotal.GetFileReportAsync(hostile);
return(new VirusReport()
{
Positives = report.Positives, ReportLink = report.Permalink
});
}
static async void Submit(String file)
{
VirusTotal vt = new VirusTotal("Insert Api Key Here");
FileStream f = File.Open(file, FileMode.Open, FileAccess.Read);
byte[] fileBytes = null;
f.Read(fileBytes, 0, (int)f.Length);
FileReport report = await vt.GetFileReportAsync(fileBytes);
Console.WriteLine("Scan ID: " + report.ScanId);
Console.WriteLine("Message: " + report.VerboseMsg);
}
public static async Task <bool> IsKeyValid(string key, bool premium)
{
try
{
VirusTotal virusTotal = new VirusTotal(key);
virusTotal.UseTLS = true;
byte[] virus = new byte[1];
virus[0] = 0x20;
FileReport report = await virusTotal.GetFileReportAsync(virus);
if (premium == true)
{
FileReport report1 = await virusTotal.GetFileReportAsync(virus);
FileReport report2 = await virusTotal.GetFileReportAsync(virus);
FileReport report3 = await virusTotal.GetFileReportAsync(virus);
FileReport report4 = await virusTotal.GetFileReportAsync(virus);
FileReport report5 = await virusTotal.GetFileReportAsync(virus);
}
return(true);
}
catch (Exception)
{
return(false);
}
}
async System.Threading.Tasks.Task GetReportsAsync()
{
VirusTotal virusTotal = new VirusTotal(api)
{
UseTLS = true
};
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport report = await virusTotal.GetFileReportAsync(eicar);
}
private static async Task Main(string[] args)
{
VirusTotal virusTotal = new VirusTotal("YOUR API KEY HERE");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html
byte[] eicar = Encoding.ASCII.GetBytes(@"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReportAsync(eicar);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));
//If the file has been scanned before, the results are embedded inside the report.
if (hasFileBeenScannedBefore)
{
PrintScan(fileReport);
}
else
{
ScanResult fileResult = await virusTotal.ScanFileAsync(eicar, "EICAR.txt");
PrintScan(fileResult);
}
Console.WriteLine();
string scanUrl = "http://www.google.com/";
UrlReport urlReport = await virusTotal.GetUrlReportAsync(scanUrl);
bool hasUrlBeenScannedBefore = urlReport.ResponseCode == UrlReportResponseCode.Present;
Console.WriteLine("URL has been scanned before: " + (hasUrlBeenScannedBefore ? "Yes" : "No"));
//If the url has been scanned before, the results are embedded inside the report.
if (hasUrlBeenScannedBefore)
{
PrintScan(urlReport);
}
else
{
UrlScanResult urlResult = await virusTotal.ScanUrlAsync(scanUrl);
PrintScan(urlResult);
}
}
public async Task OnHTTPResponse()
{
bool completedRaised = false;
VirusTotal.OnHTTPResponseReceived += response =>
{
Assert.NotNull(response);
completedRaised = true;
};
await VirusTotal.GetFileReportAsync(TestData.KnownHashes.First());
Assert.True(completedRaised);
}
public async Task OnHTTPRequest()
{
bool completedRaised = false;
VirusTotal.OnHTTPRequestSending += request =>
{
Assert.NotNull(request);
completedRaised = true;
};
await VirusTotal.GetFileReportAsync(TestData.KnownHashes.First());
Assert.True(completedRaised);
}
private async void ScanButton_Click(object sender, EventArgs e)
{
try
{
if (!(fileLocator.Text.EndsWith("png") || fileLocator.Text.EndsWith("jpg") || fileLocator.Text.EndsWith("gif") || fileLocator.Text.EndsWith("svg") || fileLocator.Text.EndsWith("txt")))
{
fileBytes = File.ReadAllBytes(fileLocator.Text);
if (fileBytes != null)
{
string API_KEY = System.Environment.GetEnvironmentVariable("API_KEY", EnvironmentVariableTarget.Machine);
VirusTotal virusTotal = new VirusTotal(API_KEY);
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
if (fileBytes.Length > 0)
{
//Check if the file has been scanned before.
FileReport report = await virusTotal.GetFileReportAsync(fileBytes);
if (report.ResponseCode == FileReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in report.Scans)
{
Console.WriteLine("{0,-25} Detected: {1}", scan.Key, scan.Value.Detected);
}
Console.WriteLine("Scan ID: " + report.ScanId);
Console.WriteLine("Message: " + report.VerboseMsg);
Console.WriteLine("Seen before: " + (report.ResponseCode == FileReportResponseCode.Present ? "Yes" : "No"));
}
addResultRecord(fileLocator.Text, report);
}
else
{
MessageBox.Show("Please Select a file having valid size");
}
}
}
else
{
MessageBox.Show("Sorry We Currently Don't Support This Format, Next Release Will incorporat These Features");
fileLocator.Text = "";
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
private async Task <FileReport> GetFileReportAsyncWithRetries(string itemName, int sleepTime = 0, int timeAddition = 0)
{
FileReport fileReport = null;
try
{
fileReport = await virusTotal.GetFileReportAsync(itemName);
}
catch
{
Thread.Sleep(sleepTime);
fileReport = await GetFileReportAsyncWithRetries(itemName, sleepTime + timeAddition);
}
return(fileReport);
}
public static List <string> CheckVT(string file)
{
List <string> result = new List <string>();
try
{
VirusTotal virusTotal = new VirusTotal(File.ReadLines(HttpContext.Current.Server.MapPath(vtKey)).First());
virusTotal.UseTLS = true;
byte[] filetobyte = File.ReadAllBytes(file);
FileReport fileReport = Task.Run(async() => await virusTotal.GetFileReportAsync(filetobyte)).Result;
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
FileInfo vtfile = new FileInfo(file);
if (hasFileBeenScannedBefore)
{
if (fileReport.ResponseCode == FileReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in fileReport.Scans)
{
StringBuilder scanString = new StringBuilder();
scanString.Append(scan.Key);
scanString.Append("*");
scanString.Append(scan.Value.Detected.ToString());
scanString.Append("*");
scanString.Append(scan.Value.Result);
result.Add(scanString.ToString());
}
}
}
else
{
result.Add("Unknown.");
}
}
catch
{
result.Add("Error.");
}
return(result);
}
/// <summary>
/// The submit_file
/// </summary>
/// <param name="filu">The filu<see cref="string"/></param>
private async void submit_file(string filu = null)
{
listView1.Items.Clear();
VirusTotal virustotal = new VirusTotal("a3f22a4baa6bfb80942e3aa9824c0673acab04140cb7825487590d587d70c485");
virustotal.UseTLS = true;
FileReport report = await virustotal.GetFileReportAsync(Eicar);
bool Scancheck = report.ResponseCode == FileReportResponseCode.Present;
if (Scancheck)
{
linkLabel2.Show();
linkLabel2.Text = report.Permalink;
}
else
{
ScanResult fileResult = await virustotal.ScanFileAsync(Eicar, filu);
MessageBox.Show(@"Tiedostoa ei ole tarkistettu aikaisemmin.", @"Information", MessageBoxButtons.OK,
MessageBoxIcon.Information);
Process.Start(fileResult.Permalink);
}
if (report.ResponseCode == FileReportResponseCode.Present)
{
foreach (KeyValuePair <string, ScanEngine> scan in report.Scans)
{
ListViewItem itm = new ListViewItem {
Text = scan.Key
};
itm.SubItems.Add(scan.Value.Result);
itm.SubItems[1].ForeColor = Color.Red;
itm.UseItemStyleForSubItems = false;
itm.SubItems.Add(report.ScanDate.ToString(CultureInfo.CurrentCulture));
itm.SubItems.Add(report.SHA256);
listView1.Items.Add(itm);
}
}
if (report.Positives >= 3)
{
WbRequest.URLRequest("https://cryphic.gq/vtotal.php?id=" + LoginSplit[1] + "&sha256=" + report.SHA256 + "&date=" + report.ScanDate +
"&file=" + filu);
}
}
/// <summary>
/// We use this instead of a manifest to only elevate the user to admin when needed.
/// </summary>
//private static void RestartBinaryAsAdminIfRequired(string[] args)
//{
// if (!UacHelper.IsProcessElevated)
// {
// Process p = new Process();
// p.StartInfo.FileName = Assembly.GetEntryAssembly().Location;
// p.StartInfo.Arguments = string.Join(" ", args);
// p.StartInfo.Verb = "runAs";
// p.Start();
// Environment.Exit(0);
// }
//}
private static async Task VirusScanFile(string filePath)
{
VirusTotal virusTotal = new VirusTotal(Configuration["apikey"]);
virusTotal.UseTLS = true;
FileInfo fileInfo = new FileInfo(filePath);
if (!fileInfo.Exists)
{
return;
}
//Check if the file has been scanned before.
Console.WriteLine("Getting report for " + Path.GetFileName(filePath));
FileReport report = await virusTotal.GetFileReportAsync(fileInfo);
if (report == null || report.ResponseCode != FileReportResponseCode.Present)
{
Console.WriteLine("No report for " + Path.GetFileName(filePath) + " - sending file to VT");
try
{
ScanResult result = await virusTotal.ScanFileAsync(fileInfo);
Console.WriteLine("Opening " + result.Permalink);
OpenUrl(result.Permalink);
}
catch (RateLimitException)
{
Console.WriteLine("Virus Total limits the number of calls you can make to 4 calls each 60 seconds.");
}
catch (SizeLimitException)
{
Console.WriteLine("Virus Total limits the filesize to 32 MB.", "File too large");
}
}
else
{
Console.WriteLine("Opening " + report.Permalink);
OpenUrl(report.Permalink);
}
}
// Insert logic for processing found files here.
private async Task ProcessFile(string fileName)
{
try
{
//var virusTotalKey = ConfigurationManager.AppSettings["VirusTotalKey"];
var virusTotalKey = Properties.Settings.Default.VirusTotalKey;
VirusTotal virusTotal = new VirusTotal(virusTotalKey);
virusTotal.UseTLS = true;
var fileByteArray = GetFileData(fileName);
FileReport fileReport = await virusTotal.GetFileReportAsync(fileByteArray);
bool hasFileBeenScannedBefore = fileReport?.ResponseCode == FileReportResponseCode.Present;
if (hasFileBeenScannedBefore && fileReport?.ResponseCode == FileReportResponseCode.Present)
{
switch (fileReport.Positives)
{
case 0:
MoveFile(fileName);
SaveFileInDb(fileName, fileByteArray, "1", "223");
break;
default:
//eventLog1.WriteEntry("File was detected with a virus" + fileName);
break;
}
}
else
{
//eventLog1.WriteEntry("This file has not been submited for scanning yet..." + fileName);
}
}
catch (Exception ex)
{
}
Console.WriteLine("Processed file '{0}'.", fileName);
}
public static bool TestVirusTotal(string key)
{
VirusTotal vt;
FileReport report = null;
try
{
Task.Run(async() =>
{
vt = new VirusTotal(key);
report =
await vt.GetFileReportAsync("b82758fc5f737a58078d3c60e2798a70d895443a86aa39adf52dec70e98c2bed");
}).Wait();
}
catch (Exception ex)
{
Failed?.Invoke(ex.InnerException?.Message);
return(false);
}
return(report != null && report.MD5 == "0bf60adb1435639a42b490e7e80d25c7");
}
public async Task processVirusTotal(string filepath, MailItem Items, string scanurl, MatchCollection matches)
{
VirusTotal virusTotal = new VirusTotal(ConfigurationSettings.AppSettings["Apikey"]);
virusTotal.UseTLS = true;
if (filepath != "") //For Attatchment
{
byte[] eicar = Encoding.ASCII.GetBytes(filepath);
FileReport fileReport = await virusTotal.GetFileReportAsync(eicar);
AttachmentScan(fileReport, filepath, Items, scanurl, matches);
Console.WriteLine();
}
else if (filepath == "" && scanurl != "") //For Url
{
Task <UrlReport> urlReport = virusTotal.GetUrlReportAsync(scanurl);
UrlScan(urlReport.Result, Items);
}
else
{
//To be Code for Body.
}
Console.WriteLine();
}
public async Task UnauthorizedScan()
{
VirusTotal virusTotal = new VirusTotal("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"); //64 characters
await Assert.ThrowsAsync <AccessDeniedException>(async() => await virusTotal.GetFileReportAsync(TestData.KnownHashes.First()));
}
public async Task <ReportResponseData> ReportFileAsync(string resource)
{
return(await GetScanReportAsync(await handle.GetFileReportAsync(resource)));
}
public async Task <KeyValuePair <bool, string> > UploadFile()
{
try
{
if (HttpContext.Current.Request.Files.AllKeys.Any())
{
var httpPostedFile = HttpContext.Current.Request?.Files[0];
ScanResult fileResult = new ScanResult();
var fileSavePath = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\UploadedFiles\\";
var destinationFolder = Environment.GetFolderPath(Environment.SpecialFolder.MyPictures) + "\\DestinationFiles\\";
if (httpPostedFile != null)
{
//TODO: Scan the file
VirusTotal virusTotal = new VirusTotal("1cc302b2a9d28a98df644cb215330e13003ea1d3bcf4bc7eaf453484d8e337a8");
//Use HTTPS instead of HTTP
virusTotal.UseTLS = true;
//Get the byte array
byte[] fileByteArray = new byte[httpPostedFile.ContentLength];
httpPostedFile.InputStream.Read(fileByteArray, 0, httpPostedFile.ContentLength);
var fileName = GetFileName(httpPostedFile.FileName);
//Check if the file has been scanned before.
FileReport fileReport = await virusTotal.GetFileReportAsync(fileByteArray);
bool hasFileBeenScannedBefore = fileReport.ResponseCode == FileReportResponseCode.Present;
if (hasFileBeenScannedBefore)
{
//Move it to the Destination Folder
switch (fileReport?.Positives)
{
case 0:
SaveFile(destinationFolder, fileName, httpPostedFile);
break;
default:
break;
}
}
else
{
fileResult = await virusTotal.ScanFileAsync(fileByteArray, fileName);
if (fileResult.ResponseCode == ScanFileResponseCode.Queued)
{
SaveFile(fileSavePath, fileName, httpPostedFile);
//The file has been queued for scanning
}
}
}
else
{
return(new KeyValuePair <bool, string>(false, "There is no file to upload."));
}
return(new KeyValuePair <bool, string>(true, "Uploaded File"));
}
return(new KeyValuePair <bool, string>(false, "No file found to upload."));
}
catch (Exception ex)
{
return(new KeyValuePair <bool, string>(false, "An error occurred while uploading the file. Error Message: " + ex.Message));
}
}
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
//Read configs
var strCheckInterval = _conf.GetValue <string>("AnalyseService:CheckIntervalSeconds");
_l.Information($"chekinterval {strCheckInterval}");
int checkInterval = 15;
try
{
checkInterval = System.Int32.Parse(strCheckInterval);
}
catch (Exception e)
{
_l.Error(e.Message);
}
// Read secrets
JObject secretsConfig = JObject.Parse(File.ReadAllText(@"secrets.json")); //secrets.json file not checked in. .gitignore
var vtApiKey = (string)secretsConfig["ApiKeys"]["VirusTotal"];
// Init analyserPlugins
VirusTotal vt = new VirusTotal(vtApiKey);
vt.UseTLS = true;
_l.Debug($"Analyse Service started; will check for new entries each {checkInterval} seconds.");
while (!stoppingToken.IsCancellationRequested)
{
var analyseItems = _asvc.getItemsToBeAnalysed();
foreach (var ac in analyseItems)
{
_l.Debug($"Fetched item {ac.UniqueKey} for analysing.");
ac.Status = ApiActivity.ApiStatus.Analysing;
ac.Message = "Analysing";
_asvc.addUpdateApiActivity(ac);
//prepare filestream
using (Stream fs = File.OpenRead(ac.SystemOfficeFilename))
{
// new Analyser Service start e.g. VirusTotal
ac.Message = $"Checking Virustotal for known file {ac.UserOfficeFilename}. This can take up to 5 Min...";
_asvc.addUpdateApiActivity(ac);
_l.Information(ac.Message);
// first check if file already known to VT
var fileReport = await vt.GetFileReportAsync(fs);
_l.Information($"File Report requested for Resource {fileReport.Resource}");
if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Queued)
{
// file already submitted but still scanned -> not scanning again
_l.Information($"File {ac.UserOfficeFilename} already submitted. Not scanning again. Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}");
ac.Status = ApiActivity.ApiStatus.QueuedAnalysis;
_asvc.addUpdateApiActivity(ac);
}
if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.NotPresent)
{
ScanResult scanResult = null;
// reset stream, otherwise it's posted from last position :(
fs.Seek(0, SeekOrigin.Begin);
//not known to VT -> start new scan
ac.Message = "File not know to VT yet. Starting Scan...";
_asvc.addUpdateApiActivity(ac);
_l.Information(ac.Message);
scanResult = await vt.ScanFileAsync(fs, ac.SystemOfficeFilename);
if (scanResult.ResponseCode == VirusTotalNet.ResponseCodes.ScanFileResponseCode.Queued)
{
// set to result queued to be picked up by loop next time; then Results should be already known
// and can be retrieved.
ac.Message = $"File Queued for Analysis in VirusTotal with ScanID {scanResult.ScanId}.";
ac.Status = ApiActivity.ApiStatus.QueuedAnalysis;
_asvc.addUpdateApiActivity(ac);
_l.Information(ac.Message + $"Resetting result to {ApiActivity.ApiStatus.QueuedAnalysis}");
}
}
if (fileReport.ResponseCode == VirusTotalNet.ResponseCodes.FileReportResponseCode.Present)
{
//Filereport here, check
_l.Information($"Filereport retrieved successfully. Checking if file file clean..");
// how many positives are OK?
int maxPositives = Int32.Parse(_conf["AnalyseService:SecurityPlugins:Virustotal:MaxPositives"]);
if (fileReport.Positives < maxPositives)
{
//file clean
ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File clean! Queued for Signing";
ac.Status = ApiActivity.ApiStatus.QueuedSigning; //send to signing service
_asvc.addUpdateApiActivity(ac);
_l.Information(ac.Message);
}
else
{
//file infected
ac.Message = $"File scanned by VT: File has {fileReport.Positives} of max {maxPositives} Positives. File infected!! Cancel Signing";
ac.Status = ApiActivity.ApiStatus.Error;
_asvc.addUpdateApiActivity(ac);
_l.Warning(ac.Message);
}
}
}
}
await Task.Delay(1000 *checkInterval, stoppingToken);
}
}
