public static void OpenZipZip(ZipEntry zipEntry, DateValue.Operation oper, string path)
{
using (ZipFile zip = ZipFile.Read(zipEntry.ExtractToMemoryStream()))
{
foreach (var entry in zip.Entries)
{
using (var reader = entry.ExtractToMemoryStream())
{
byte flag = GetTypeFile(reader);
switch (flag)
{
case 0: //other file
break;
case 1: //exe
DateValue.countFile++;
Console.WriteLine(entry.FileName);
reader.Position = 0;
ScanFile.AddTask(new ScanObject(reader, path + '\\' + entry.FileName, oper, DateValue.Scan.SearchFile));
break;
case 2: //zip
OpenZipZip(entry, oper, path + '\\' + entry.FileName);
break;
}
}
}
}
}
public bool CreateObserver(string path, DateValue.Operation oper)
{
if (DBManager.IsObserver(path) == "")
{
return(false);
}
DateValue.listObserver.Add(new FileObserver(path, oper));
DBManager.AddObserver(path, oper);
return(true);
}
static public void AddObserver(string path, DateValue.Operation operation)
{
var connection = new SqliteConnection("Data Source=" + source);
connection.Open();
var command = connection.CreateCommand();
command.CommandText = $"INSERT INTO observer (path, operation) VALUES('{path}',{(int)operation});";
command.ExecuteScalar();
connection.Close();
}
static public void UpdateObserver(string oldPath, string path, DateValue.Operation operation)
{
var connection = new SqliteConnection("Data Source=" + source);
connection.Open();
var command = connection.CreateCommand();
command.CommandText = $"UPDATE observer SET path='{path}', operation={(int)operation} WHERE path = '{oldPath}';";
command.ExecuteScalar();
connection.Close();
}
static public void AddFile(int idReport, string path, DateValue.Operation oper, string type)
{
var connection = new SqliteConnection("Data Source=" + source);
connection.Open();
var command = connection.CreateCommand();
command.CommandText = $"INSERT INTO file (idReport,path,operation,type) VALUES({idReport},'{path}',{(int)oper},'{type}');";
command.ExecuteScalar();
connection.Close();
}
public bool AddTime(string time, string path, DateValue.Operation oper)
{
foreach (var elem in DBManager.IsTime(time))
{
var aTime = elem.Split('|');
if (aTime[1] == path)
{
return(false);
}
}
DBManager.AddTime(time, path, oper);
return(true);
}
public FileObserver(string path, DateValue.Operation oper)
{
this.path = path;
this.oper = oper;
watcher = new FileSystemWatcher(path);
watcher.NotifyFilter = NotifyFilters.LastWrite;
watcher.Changed += OnChanged;
//watcher.Created += OnCreated;
//watcher.Deleted += OnDeleted;
//watcher.Renamed += OnRenamed;
//watcher.Filter = "*.txt";
watcher.IncludeSubdirectories = true;
watcher.EnableRaisingEvents = true;
}
public bool StartScaning(string path, DateValue.Operation oper)
{
if (DateValue.isScaning)
{
return(false);
}
else
{
DateValue.countCheckFile = 0;
DateValue.countFile = 0;
DateValue.countVirusFile = 0;
DateValue.isScaning = true;
DateValue.isSearchFile = true;
DateValue.path = path;
DateValue.dateStart = DateTime.Now.ToString("MM.dd.yyyy H:mm");
DateValue.idReport = DBManager.GetNextIdReport();
new Thread(SearchFile.SearchFileDirectory).Start(new object[] { path, oper });
return(true);
}
}
public static void SearchFileDirectory(Object state)
{
object[] array = state as object[];
var path = Convert.ToString(array[0]);
DateValue.Operation oper = (DateValue.Operation)(int) array[1];
if (File.Exists(path))
{
if (GetTypeFile(path) == 1)
{
DateValue.countFile = 1;
DateValue.isSearchFile = false;
ScanFile.AddTask(new ScanObject(path, oper, DateValue.Scan.SearchFile));
}
else
{
DateValue.isScaning = false;
}
return;
}
int count = DateValue.countFile;
string[] dirs = Directory.GetDirectories(path);
foreach (string pathDir in dirs)
{
if (!DateValue.isScaning)
{
return;
}
SearchFileDirectory(new object[] { pathDir, oper });
}
string[] files = Directory.GetFiles(path);
foreach (string pathFile in files)
{
if (!DateValue.isScaning)
{
return;
}
byte flag = GetTypeFile(pathFile);
switch (flag)
{
case 0: //other file
break;
case 1: //exe
DateValue.countFile++;
Console.WriteLine(pathFile);
ScanFile.AddTask(new ScanObject(pathFile, oper, DateValue.Scan.SearchFile));
break;
case 2: //zip
Console.WriteLine(pathFile);
OpenZip(pathFile, oper);
break;
}
}
if (count == 0)
{
DateValue.isSearchFile = false;
if (DateValue.countCheckFile == DateValue.countFile)
{
DateValue.isScaning = false;
DBManager.AddReport(DateValue.idReport, DateValue.dateStart, DateTime.Now.ToString("MM.dd.yyyy H:mm"), DateValue.path, DateValue.countFile, DateValue.countVirusFile);
}
}
}
internal static void ThreadProc(Object state)
{
Console.WriteLine("Thread start");
bool isFound = false;
object[] array = state as object[];
var path = Convert.ToString(array[0]);
byte[] text = array[1] as byte[];
DateValue.Operation oper = (DateValue.Operation)(int) array[2];
DateValue.Scan scan = (DateValue.Scan)(int) array[3];
Console.WriteLine("if");
if (text == null)
{
Console.WriteLine(".text null");
if (scan.Equals(DateValue.Scan.SearchFile))
{
DateValue.countCheckFile++;
}
return;
}
Console.WriteLine("thread for " + text.Length);
for (int i = 0; i < text.Length - 4 && !isFound; i++)
{
//Console.WriteLine("thread: "+i);
if (!DateValue.isScaning && scan.Equals(DateValue.Scan.SearchFile))
{
return;
}
var temp = new byte[4];
Array.Copy(text, i, temp, 0, 4);
if (DateValue.signTree.isValue(temp))
{
string searchSign = GetStringOfBytes(temp, 0, 4);
List <string> signaturs = DBManager.SearchSignature(searchSign, i);
foreach (var sign in signaturs)
{
if (CheckSignatureFullMatch(sign, text, i))
{
if (oper.Equals(DateValue.Operation.Quarantine))
{
QuarantineFile(path);
if (File.Exists(path))
{
DBManager.AddQuarantine(DateTime.Now.ToString("MM/dd/yyyy H:mm"), path, DBManager.GetTypeSignature(sign));
}
}
else
{
DeleteFile(path);
}
if (scan.Equals(DateValue.Scan.SearchFile))
{
DateValue.countVirusFile++;
DBManager.AddFile(DateValue.idReport, path, oper, DBManager.GetTypeSignature(sign));
}
Console.WriteLine("GOOOOOD");
isFound = true;
break;
}
}
}
//string searchSign = GetStringOfBytes(text, i, 4);
/*
* List<string> signaturs = DBManager.SearchSignature(searchSign, i);
* foreach (var sign in signaturs)
* {
*
* if (CheckSignatureFullMatch(sign, text, i))
* {
*
* if (oper.Equals(DateValue.Operation.Quarantine))
* {
* QuarantineFile(path);
* DBManager.AddQuarantine(DateTime.Now.ToString("MM/dd/yyyy H:mm"), path, DBManager.GetTypeSignature(sign));
* }
* else DeleteFile(path);
*
*
* if (scan.Equals(DateValue.Scan.SearchFile))
* {
* DateValue.countVirusFile++;
* DBManager.AddFile(DateValue.idReport, path, oper, DBManager.GetTypeSignature(sign));
* }
* Console.WriteLine("GOOOOOD");
* isFound = true;
* break;
* }
* }*/
}
if (scan.Equals(DateValue.Scan.SearchFile))
{
DateValue.countCheckFile++;
if (!DateValue.isSearchFile && DateValue.countCheckFile == DateValue.countFile)
{
DateValue.isScaning = false;
DBManager.AddReport(DateValue.idReport, DateValue.dateStart, DateTime.Now.ToString("MM.dd.yyyy H:mm"), DateValue.path, DateValue.countFile, DateValue.countVirusFile);
}
}
Console.WriteLine("End scan: " + path);
}
