/// <summary> /// Initialize new instance of <see cref="FileEntry"/>. /// </summary> /// <param name="filePath">Fullpath to file.</param> /// <returns><see cref="FileEntry"/> object from specified file.</returns> public static FileEntry Open(string filePath) { ArgValidate.NotEmptyString(filePath, nameof(filePath)); ArgValidate.FileExist(filePath, nameof(filePath)); return(new FileEntry(filePath)); }
/// <summary> /// Scans a file for viruses. /// </summary> /// <param name="path">Full path to file to be scanned.</param> /// <returns><see cref="ScanResult"/> object containing scan information.</returns> public ScanResult ScanFile(string path) { ArgValidate.NotEmptyString(path, nameof(path)); ArgValidate.FileExist(path, nameof(path)); return(ScanFile(FileEntry.Open(path))); }
/// <summary> /// Load a single database file or a directory with database inside to current instance of <see cref="ClamEngine"/>. /// </summary> /// <param name="path">Fullpath to a file or directory containing the database file(s).</param> /// <param name="flags">Database loading options (default <see cref="DatabaseFlags.Standard"/>.</param> public void Load(string path, DatabaseFlags flags = DatabaseFlags.Standard) { ArgValidate.NotEmptyString(path, nameof(path)); ThrowIfCompiled(); NativeMethods.cl_load(path, _handle.Handle, ref _signatureCount, (uint)flags).ThrowIfError(); }
/// <summary> /// Scans a file for viruses. /// </summary> /// <param name="file">File to be scanned.</param> /// <returns><see cref="ScanResult"/> object containing scan information.</returns> public ScanResult ScanFile(FileEntry file) { ArgValidate.NotNull(file, nameof(file)); ThrowIsNotCompiled(); var fscaned = 0; var vname = IntPtr.Zero; int retv; ScanResult result; retv = NativeMethods.cl_scandesc(file.FileDescriptor, ref vname, ref fscaned, _handle.Handle, (uint)Flags); result = new ScanResult { FullPath = file.FilePath, Scanned = fscaned, }; switch (retv) { case (int)cl_error_t.CL_VIRUS: result.IsVirus = true; result.MalwareName = Marshal.PtrToStringAnsi(vname); break; case (int)cl_error_t.CL_CLEAN: result.IsVirus = false; break; default: throw new ClamException(retv); } return(result); }
/// <summary> /// Initialize new instance of <see cref="HashDatabaseWriter"/> with specified hash type. /// </summary> /// <param name="outputPath">Fullpath output directory.</param> /// <param name="fileName">Database file name (without extension, the extension will selected automatically).</param> /// <param name="type">Hash type.</param> /// <param name="append">Specifies that this writer is appending not overwriting.</param> public HashDatabaseWriter(string outputPath, string fileName, DatabaseType type, bool append) { ArgValidate.NotEmptyString(outputPath, nameof(outputPath)); ArgValidate.DirectoryExist(outputPath, nameof(outputPath)); ArgValidate.NotEmptyString(fileName, nameof(fileName)); ArgValidate.FileExist(fileName, nameof(fileName)); var fname = string.Copy(fileName); switch (type) { case DatabaseType.Sha1Hash: fname += ".hsb"; break; case DatabaseType.Sha256Hash: fname += ".hsb"; break; case DatabaseType.Md5Hash: fname += ".hdb"; break; case DatabaseType.PeSectionHash: fname += ".msb"; break; } _type = type; _writer = new StreamWriter(Path.Combine(outputPath, fname), append) { NewLine = "\n" }; }
/// <summary> /// Initialize new instance of <see cref="DatabaseStateChecker"/> using specified directory to watch. /// </summary> /// <param name="dirPath">Full path to database directory.</param> public DatabaseStateChecker(string dirPath) { ArgValidate.NotEmptyString(dirPath, nameof(dirPath)); ArgValidate.DirectoryExist(dirPath, nameof(dirPath)); _dirPath = dirPath; }
internal ClamavDatabaseFile(string file, cl_cvd data) { ArgValidate.NotNull(data, nameof(data)); ArgValidate.NotNull(file, nameof(file)); ArgValidate.FileExist(file, nameof(file)); FullPath = file; _data = data; }
/// <summary> /// Checks for database update from specified local database and remote database. /// </summary> /// <param name="cvdPath">Full path to local CVD file.</param> /// <param name="url">URI path to remote CVD file.</param> /// <returns><c>True</c> when update is availiable, otherwise <c>False</c>.</returns> public bool HasUpdate(string cvdPath, string url) { ArgValidate.NotEmptyString(cvdPath, nameof(cvdPath)); ArgValidate.FileExist(cvdPath, nameof(cvdPath)); var remoteTime = GetRemoteVersion(url); var local = SigtoolMain.GetCvdMetadata(cvdPath); return(remoteTime > local.Version); }
/// <summary> /// Write specified entry to database. /// </summary> /// <param name="entry">Entry to be added.</param> public void Write(HashDatabaseEntry entry) { ArgValidate.NotNull(entry, nameof(entry)); if (_type == DatabaseType.Md5Hash || _type == DatabaseType.Sha1Hash || _type == DatabaseType.Sha256Hash) { WriteFileHashEntry(entry); } else { WritePeHashEntry(entry); } }
/// <summary> /// Sets engine field parameter value. /// </summary> /// <param name="field">Engine field.</param> /// <param name="value">Value to change.</param> public void SetField(EngineField field, object value) { ArgValidate.NotNull(value, nameof(value)); ThrowIfCompiled(); if (value is string || value is char) { var val = Marshal.StringToCoTaskMemAnsi(value.ToString()); NativeMethods.cl_engine_set_str(_handle.Handle, field, val).ThrowIfError(); } else { NativeMethods.cl_engine_set_num(_handle.Handle, field, Convert.ToInt16(value)); } }
/// <summary> /// Write specified entry to database. /// </summary> /// <param name="hash">File hash (same as database hash type).</param> /// <param name="size">Hash size (-1 to use variable size).</param> /// <param name="name">Malware name.</param> public void Write(string hash, int size, string name) { ArgValidate.NotEmptyString(hash, nameof(hash)); ArgValidate.NotEmptyString(name, nameof(name)); if (!(size == -1 || size > 0)) { throw new ArgumentOutOfRangeException(nameof(size)); } Write(new HashDatabaseEntry { Hash = hash, MalwareName = name, Size = size }); }
/// <summary> /// Gets remote CVD file version. /// </summary> /// <param name="url">URI path to remote CVD file.</param> /// <returns>Version number.</returns> public uint GetRemoteVersion(string url) { ArgValidate.NotEmptyString(url, nameof(url)); var head = GetRemoteResponse(url); var meta = NativeMethods.cl_cvdparse(head); if (meta == IntPtr.Zero) { throw new Exception("Malformed CVD header."); } var data = (cl_cvd)Marshal.PtrToStructure(meta, typeof(cl_cvd)); NativeMethods.cl_cvdfree(meta); return(data.version); }