public static VDBT GetSignatures(string file, bool GenerateVN)
{
if (FileFormat.GetFileFormat(file).Name == "PE-TYPE-SCANNER")
{
string hash = Security.GetMD5HashFromFile(file);
string th = null;
string dh = null;
using (KCompress.KCompressExtractor extr = new KCompress.KCompressExtractor(file))
extr.ExtractArchive(AVEngine.TempDir + Path.GetFileNameWithoutExtension(file) + @"\");
List <string> lst = FileHelper.GetFilesRecursive(AVEngine.TempDir + Path.GetFileNameWithoutExtension(file) + @"\");
foreach (string sfile in lst)
{
if (sfile.EndsWith(".text"))
{
th = Security.GetMD5HashFromFile(sfile);
}
else if (sfile.EndsWith(".data"))
{
dh = Security.GetMD5HashFromFile(sfile);
}
else if (sfile.EndsWith(".idata"))
{
}
else
{
}
}
return(new VDBT(null, "Kavprot.VDBT.Malware/Unknown", th, dh, hash, "PES"));
}
else if (FileFormat.GetFileFormat(file).Name == "ARCHIVE-TYPE-SCANNER")
{
return(new VDBT(null, "Kavprot.VDBT.Malware/Unknown", null, null, Security.GetMD5HashFromFile(file), "ARS"));
}
else if (FileFormat.GetFileFormat(file).Name == "HASH-TYPE-SCANNER")
{
return(new VDBT(null, "Kavprot.VDBT.Malware/Unknown", null, null, Security.GetMD5HashFromFile(file), "HAS"));
}
else if (FileFormat.GetFileFormat(file).Name == "ASCII-TYPE-SCANNER")
{
string hex = null;
StringBuilder sb = new StringBuilder();
using (StreamReader sr = new StreamReader(file))
{
hex = Security.DumpHex(sr, sb);
}
return(new VDBT(hex, "Kavprot.VDBT.MaliciousCode/Unknown", null, null, Security.GetMD5HashFromFile(file), "ASC"));
}
else
{
return(new VDBT(null, null, null, null, null, "NOS"));
}
}
public void Quarantine()
{
try
{
if (Scanner == AVEngine.ArchiveTypeScanner)
{
KCompress.KCompressExtractor extr = new KCompress.KCompressExtractor(Location);
extr.ExtractArchive(AVEngine.TempDir + @"QA\A\");
EncryptFile(AVEngine.TempDir + @"QA\A\" + FileName, Application.StartupPath + @"\Quarantine\" + Path.GetFileName(FileName) + ".KPQ", "ac1s8y9s");
File.WriteAllText(Application.StartupPath + @"\Quarantine\" + Path.GetFileName(FileName) + ".KPQI", FileName + "\r\n" + Name);
Q = true;
File.Delete(AVEngine.TempDir + @"QA\A\" + FileName);
File.Copy(Location, Application.StartupPath + @"\Quarantine\ARCHIVEBACKUP\" + Path.GetFileName(Location) + ".BACKUP");
KCompress.KCompressCompressor comp = new KCompress.KCompressCompressor();
comp.IncludeEmptyDirectories = true;
comp.FastCompression = true;
comp.CompressionLevel = KCompress.CompressionLevel.High;
comp.CompressionMethod = KCompress.CompressionMethod.Default;
comp.CompressionMode = KCompress.CompressionMode.Create;
comp.CompressDirectory(AVEngine.TempDir + @"QA\A\", Location);
Directory.Delete(AVEngine.TempDir + @"QA\A\", true);
}
else
{
EncryptFile(Location, Application.StartupPath + @"\Quarantine\" + Path.GetFileName(Location) + ".KPQ", "ac1s8y9s");
File.WriteAllText(Application.StartupPath + @"\Quarantine\" + Path.GetFileName(Location) + ".KPQI", Location + "\r\n" + Name);
Q = true;
File.Delete(Location);
}
}
catch (Exception ex)
{
if (Scanner == AVEngine.ArchiveTypeScanner && ex is KCompress.KCompressException)
{
if (File.Exists(AVEngine.TempDir + @"QAB\" + Path.GetFileName(Location)))
{
File.Copy(AVEngine.TempDir + @"QAB\" + Path.GetFileName(Location), Location);
}
}
}
finally
{
}
}