public FileAnalysisStatus Analyze()
{
FileAnalysisStatus status = SubmitFile();
TakeAction(status);
return(status);
}
private void OnFileEvent(object sender, FileEventArgs e)
{
RemoveInvalidClients();
SendNotificationToAllClients(e);
// Analyze each file on a separate Thread
var _fileAnalyzerThread = new Thread(new ThreadStart(() =>
{
try
{
Logger.WriteToLog("Starting a new FileAnalyzerThread.");
FileAnalyzer fileAnalyzer = new FileAnalyzer(_cloudAnalyzerURL, e);
FileAnalysisStatus analysisStatus = fileAnalyzer.Analyze();
e.AnalysisStatus = analysisStatus;
SendNotificationToAllClients(e);
}
catch (Exception ex)
{
Logger.WriteToLog("Exception caught in FileAnalyzerThread.");
Logger.WriteToLog(ex);
}
}))
{
Priority = ThreadPriority.AboveNormal,
IsBackground = true
};
_fileAnalyzersThreads.Add(_fileAnalyzerThread);
_fileAnalyzerThread.Start();
}
public static string ToString(this FileAnalysisStatus status)
{
switch (status)
{
case FileAnalysisStatus.Unknown:
return("Unknown");
case FileAnalysisStatus.Malicious:
return("Malicious");
case FileAnalysisStatus.Benign:
return("Benign");
case FileAnalysisStatus.Aborted:
return("Aborted");
default:
return("Unknown");
}
}
public void ShowNotification(string Info, FileAnalysisStatus status)
{
// Shows a notification with specified message and title
switch (status)
{
case FileAnalysisStatus.Unknown:
_notifyIcon.ShowBalloonTip(2000, String.Format("Scanning \"{0}\"", Info), "File is blocked. Waiting for results.", ToolTipIcon.Info);
return;
case FileAnalysisStatus.Aborted:
_notifyIcon.ShowBalloonTip(2000, String.Format("Aborted scanning \"{0}\"", Info), "You are on your own :(", ToolTipIcon.Error);
return;
case FileAnalysisStatus.Malicious:
_notifyIcon.ShowBalloonTip(2000, String.Format("Malicious \"{0}\"", Info), "File was removed.", ToolTipIcon.Warning);
return;
case FileAnalysisStatus.Benign:
_notifyIcon.ShowBalloonTip(2000, String.Format("Benign \"{0}\"", Info), "You can open it :)", ToolTipIcon.None);
return;
}
}
private void TakeAction(FileAnalysisStatus analysisStatus)
{
Logger.WriteToLog(String.Format("Taking corresponding action on file: '{0}' with status '{1}'.", _fileToBeAnalyzed, FileAnalysisStatusExtension.ToString(analysisStatus)));
// -------- DEPRECATED ------
//string adminUserName = Environment.UserName;
//FileSecurity fs = File.GetAccessControl(fileToBeAnalyzed);
//FileSystemAccessRule fsa = new FileSystemAccessRule(adminUserName, FileSystemRights.FullControl, AccessControlType.Deny);
//fs.RemoveAccessRule(fsa);
//File.SetAccessControl(fileToBeAnalyzed, fs);
if (analysisStatus == FileAnalysisStatus.Malicious)
{
Logger.WriteToLog(String.Format("File: '{0}' is malicious. Deleting it.", _fileToBeAnalyzed));
File.Delete(_fileToBeAnalyzed);
}
else
{
Logger.WriteToLog(String.Format("Unblocking file: '{0}'.", _fileToBeAnalyzed));
FileAttributes attr = File.GetAttributes(_fileToBeAnalyzed) & ~FileAttributes.Hidden;
File.SetAttributes(_fileToBeAnalyzed, attr);
}
}
private FileAnalysisStatus SubmitFile()
{
FileAnalysisStatus fileStatus = FileAnalysisStatus.Aborted;
Logger.WriteToLog(String.Format("Creating submit request for file: '{0}'.", _fileToBeAnalyzed));
try
{
using (var httpClient = new HttpClient(new HttpClientHandler()
{
UseDefaultCredentials = true
}))
{
httpClient.Timeout = Timeout.InfiniteTimeSpan;
// Open fileStream by blocking share of file to other processes
var fileStream = File.Open(_fileToBeAnalyzed, FileMode.Open, FileAccess.Read, FileShare.None);
var fileInfo = new FileInfo(_fileToBeAnalyzed);
var content = new MultipartFormDataContent();
content.Headers.Add("filePath", _fileToBeAnalyzed);
content.Add(new StreamContent(fileStream), "\"file\"", String.Format("{0}", _fileToBeAnalyzed));
BlockFile();
Logger.WriteToLog(String.Format("Submitting file: '{0}' to '{1}'.", _fileToBeAnalyzed, _analyzerURL));
Logger.WriteToLog(String.Format("Content: '{0}' to '{1}'.", content.Headers.ToString(), content.ToString()));
var task = httpClient.PostAsync(_analyzerURL, content)
.ContinueWith(t =>
{
if (t.Status == TaskStatus.RanToCompletion)
{
var response = t.Result;
Logger.WriteToLog(String.Format("Response of the submit request: '{0}'.", response.ToString()));
if (response.StatusCode == System.Net.HttpStatusCode.OK)
{
string rawResponse = response.Content.ReadAsStringAsync().Result;
Logger.WriteToLog(String.Format("Server response for file: '{0}' : '{1}'.", _fileToBeAnalyzed, rawResponse));
string statusFromServer = rawResponse.Split(':')[1];
if (statusFromServer.Contains(Constants.StatusFromServerBenign))
{
fileStatus = FileAnalysisStatus.Benign;
}
else if (statusFromServer.Contains(Constants.StatusFromServerMalicious))
{
fileStatus = FileAnalysisStatus.Malicious;
}
else
{
fileStatus = FileAnalysisStatus.Aborted;
}
}
else
{
fileStatus = FileAnalysisStatus.Aborted;
}
}
else if (t.Status == TaskStatus.Faulted)
{
Logger.WriteToLog("Server unreachable.");
fileStream.Close();
fileStream.Dispose();
fileStatus = FileAnalysisStatus.Aborted;
}
fileStream.Close();
fileStream.Dispose();
});
task.Wait();
}
}
catch (Exception ex)
{
Logger.WriteToLog("Unable to submit file.");
Logger.WriteToLog(ex);
return(FileAnalysisStatus.Aborted);
}
return(fileStatus);
}
