/// <summary>
/// Initialize new instance of <see cref="FileEntry"/>.
/// </summary>
/// <param name="filePath">Fullpath to file.</param>
/// <returns><see cref="FileEntry"/> object from specified file.</returns>
public static FileEntry Open(string filePath)
{
ArgValidate.NotEmptyString(filePath, nameof(filePath));
ArgValidate.FileExist(filePath, nameof(filePath));
return(new FileEntry(filePath));
}
/// <summary>
/// Scans a file for viruses.
/// </summary>
/// <param name="path">Full path to file to be scanned.</param>
/// <returns><see cref="ScanResult"/> object containing scan information.</returns>
public ScanResult ScanFile(string path)
{
ArgValidate.NotEmptyString(path, nameof(path));
ArgValidate.FileExist(path, nameof(path));
return(ScanFile(FileEntry.Open(path)));
}
/// <summary>
/// Load a single database file or a directory with database inside to current instance of <see cref="ClamEngine"/>.
/// </summary>
/// <param name="path">Fullpath to a file or directory containing the database file(s).</param>
/// <param name="flags">Database loading options (default <see cref="DatabaseFlags.Standard"/>.</param>
public void Load(string path, DatabaseFlags flags = DatabaseFlags.Standard)
{
ArgValidate.NotEmptyString(path, nameof(path));
ThrowIfCompiled();
NativeMethods.cl_load(path, _handle.Handle, ref _signatureCount, (uint)flags).ThrowIfError();
}
/// <summary>
/// Scans a file for viruses.
/// </summary>
/// <param name="file">File to be scanned.</param>
/// <returns><see cref="ScanResult"/> object containing scan information.</returns>
public ScanResult ScanFile(FileEntry file)
{
ArgValidate.NotNull(file, nameof(file));
ThrowIsNotCompiled();
var fscaned = 0;
var vname = IntPtr.Zero;
int retv;
ScanResult result;
retv = NativeMethods.cl_scandesc(file.FileDescriptor, ref vname, ref fscaned, _handle.Handle, (uint)Flags);
result = new ScanResult
{
FullPath = file.FilePath,
Scanned = fscaned,
};
switch (retv)
{
case (int)cl_error_t.CL_VIRUS:
result.IsVirus = true;
result.MalwareName = Marshal.PtrToStringAnsi(vname);
break;
case (int)cl_error_t.CL_CLEAN:
result.IsVirus = false;
break;
default:
throw new ClamException(retv);
}
return(result);
}
/// <summary>
/// Initialize new instance of <see cref="HashDatabaseWriter"/> with specified hash type.
/// </summary>
/// <param name="outputPath">Fullpath output directory.</param>
/// <param name="fileName">Database file name (without extension, the extension will selected automatically).</param>
/// <param name="type">Hash type.</param>
/// <param name="append">Specifies that this writer is appending not overwriting.</param>
public HashDatabaseWriter(string outputPath, string fileName, DatabaseType type, bool append)
{
ArgValidate.NotEmptyString(outputPath, nameof(outputPath));
ArgValidate.DirectoryExist(outputPath, nameof(outputPath));
ArgValidate.NotEmptyString(fileName, nameof(fileName));
ArgValidate.FileExist(fileName, nameof(fileName));
var fname = string.Copy(fileName);
switch (type)
{
case DatabaseType.Sha1Hash:
fname += ".hsb";
break;
case DatabaseType.Sha256Hash:
fname += ".hsb";
break;
case DatabaseType.Md5Hash:
fname += ".hdb";
break;
case DatabaseType.PeSectionHash:
fname += ".msb";
break;
}
_type = type;
_writer = new StreamWriter(Path.Combine(outputPath, fname), append)
{
NewLine = "\n"
};
}
/// <summary>
/// Initialize new instance of <see cref="DatabaseStateChecker"/> using specified directory to watch.
/// </summary>
/// <param name="dirPath">Full path to database directory.</param>
public DatabaseStateChecker(string dirPath)
{
ArgValidate.NotEmptyString(dirPath, nameof(dirPath));
ArgValidate.DirectoryExist(dirPath, nameof(dirPath));
_dirPath = dirPath;
}
internal ClamavDatabaseFile(string file, cl_cvd data)
{
ArgValidate.NotNull(data, nameof(data));
ArgValidate.NotNull(file, nameof(file));
ArgValidate.FileExist(file, nameof(file));
FullPath = file;
_data = data;
}
/// <summary>
/// Checks for database update from specified local database and remote database.
/// </summary>
/// <param name="cvdPath">Full path to local CVD file.</param>
/// <param name="url">URI path to remote CVD file.</param>
/// <returns><c>True</c> when update is availiable, otherwise <c>False</c>.</returns>
public bool HasUpdate(string cvdPath, string url)
{
ArgValidate.NotEmptyString(cvdPath, nameof(cvdPath));
ArgValidate.FileExist(cvdPath, nameof(cvdPath));
var remoteTime = GetRemoteVersion(url);
var local = SigtoolMain.GetCvdMetadata(cvdPath);
return(remoteTime > local.Version);
}
/// <summary>
/// Write specified entry to database.
/// </summary>
/// <param name="entry">Entry to be added.</param>
public void Write(HashDatabaseEntry entry)
{
ArgValidate.NotNull(entry, nameof(entry));
if (_type == DatabaseType.Md5Hash || _type == DatabaseType.Sha1Hash || _type == DatabaseType.Sha256Hash)
{
WriteFileHashEntry(entry);
}
else
{
WritePeHashEntry(entry);
}
}
/// <summary>
/// Sets engine field parameter value.
/// </summary>
/// <param name="field">Engine field.</param>
/// <param name="value">Value to change.</param>
public void SetField(EngineField field, object value)
{
ArgValidate.NotNull(value, nameof(value));
ThrowIfCompiled();
if (value is string || value is char)
{
var val = Marshal.StringToCoTaskMemAnsi(value.ToString());
NativeMethods.cl_engine_set_str(_handle.Handle, field, val).ThrowIfError();
}
else
{
NativeMethods.cl_engine_set_num(_handle.Handle, field, Convert.ToInt16(value));
}
}
/// <summary>
/// Write specified entry to database.
/// </summary>
/// <param name="hash">File hash (same as database hash type).</param>
/// <param name="size">Hash size (-1 to use variable size).</param>
/// <param name="name">Malware name.</param>
public void Write(string hash, int size, string name)
{
ArgValidate.NotEmptyString(hash, nameof(hash));
ArgValidate.NotEmptyString(name, nameof(name));
if (!(size == -1 || size > 0))
{
throw new ArgumentOutOfRangeException(nameof(size));
}
Write(new HashDatabaseEntry
{
Hash = hash,
MalwareName = name,
Size = size
});
}
/// <summary>
/// Gets remote CVD file version.
/// </summary>
/// <param name="url">URI path to remote CVD file.</param>
/// <returns>Version number.</returns>
public uint GetRemoteVersion(string url)
{
ArgValidate.NotEmptyString(url, nameof(url));
var head = GetRemoteResponse(url);
var meta = NativeMethods.cl_cvdparse(head);
if (meta == IntPtr.Zero)
{
throw new Exception("Malformed CVD header.");
}
var data = (cl_cvd)Marshal.PtrToStructure(meta, typeof(cl_cvd));
NativeMethods.cl_cvdfree(meta);
return(data.version);
}
