private void init_dtFileFiltersConfig() { dtFileFiltersConfig = FindFileFilter.init_dtConfig(); }
/// <summary> /// Find Files and Directories in the immediate folder - handles long path names, expects local or UNC path /// </summary> /// <param name="dirName">Directory to search in UNC path or local path format</param> /// <param name="dtFilters">Data table with "Enabled" and "FileFilter" columns required</param> /// <param name="checkSubFolders">Recursively check all sub folders</param> /// <returns></returns> public static List <ContentDetectorLib.FileResult> FindImmediateFilesAndDirs(string dirName, DataTable dtFilters, bool checkSubFolders) { string strDirConverted = LongPathPrepend(dirName); List <ContentDetectorLib.FileResult> results = new List <ContentDetectorLib.FileResult>(); IntPtr findHandle = INVALID_HANDLE_VALUE; bool blIgnoreFile = false; WIN32_FIND_DATA findData; if (dtFilters != null) { //For Each File filter find them in the current folder foreach (DataRow row in dtFilters.Rows) { try { FindFileFilter filter = new FindFileFilter(row); if (filter.Enabled && filter.FileFilter != "") { //Valid File Filter? if (VerifyPattern(filter.FileFilter) && Delimon.Win32.IO.Directory.Exists(dirName)) { try { //Search for the file filter in the current directory if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Folder) { findHandle = FindFirstFileEx(strDirConverted + @"\" + filter.FileFilter, FINDEX_INFO_LEVELS.FindExInfoBasic, out findData, FINDEX_SEARCH_OPS.FindExSearchLimitToDirectories, IntPtr.Zero, FIND_FIRST_EX_LARGE_FETCH); } else { findHandle = FindFirstFileEx(strDirConverted + @"\" + filter.FileFilter, FINDEX_INFO_LEVELS.FindExInfoBasic, out findData, FINDEX_SEARCH_OPS.FindExSearchNameMatch, IntPtr.Zero, FIND_FIRST_EX_LARGE_FETCH); } if (findHandle != INVALID_HANDLE_VALUE) { bool found; do { string currentFileName = findData.cFileName; blIgnoreFile = false; char[] delimiters = new char[] { ';' }; if (filter.ExcludeFiles != "") { string[] strArr_excludedfiles = filter.ExcludeFiles.Split(delimiters, StringSplitOptions.RemoveEmptyEntries); if (!(strArr_excludedfiles == null || strArr_excludedfiles.Length == 0)) { //loop through excluded folders foreach (string strExclude in strArr_excludedfiles) { if (currentFileName.ToLower() == strExclude.ToLower()) { blIgnoreFile = true; } } } } if (!blIgnoreFile) { // if this is a directory, add directory found to the results. if (((int)findData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) != 0) { if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Folder || filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Both) { if (currentFileName != "." && currentFileName != "..") { string strFilePath = RemovePrependGetPath(Path.Combine(dirName, currentFileName)); try { Delimon.Win32.IO.DirectoryInfo ddir = new Delimon.Win32.IO.DirectoryInfo(strFilePath); ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(ddir); fr1.FileFilterSearched = filter.FileFilter; results.Add(fr1); //results.Add("\"" + strFilePath + "\"" + ",FolderCreated: " + ddir.CreationTime.ToString("G") + ",Owner: " + strOwner); } catch (Exception) { ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(); fr1.FileFilterSearched = filter.FileFilter; fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.Folder; fr1.FullPath = strFilePath; results.Add(fr1); } } } } // it’s a file; add it to the results else { if (filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.File || filter.ObjectType == ContentDetectorLib.Common.FileFilterObjectType.Both) { string strFilePath = RemovePrependGetPath(Path.Combine(dirName, currentFileName)); Delimon.Win32.IO.FileInfo dfile; try { dfile = new Delimon.Win32.IO.FileInfo(strFilePath); if (filter.DeleteFilesFound) { ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(dfile); fr1.FileFilterSearched = filter.FileFilter; fr1.Deleted = true; results.Add(fr1); //Delete the ransomware related file //results.Add("File Deleted: " + "\"" + strFilePath + "\"" + ",FileCreated: " + dfile.CreationTime.ToString("G") + ",Owner: " + strOwner); dfile.Delete(); } else { ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(dfile); fr1.FileFilterSearched = filter.FileFilter; results.Add(fr1); //Document the file found //results.Add("\"" + strFilePath + "\"" + ",FileCreated: " + dfile.CreationTime.ToString("G") + ",Owner: " + strOwner); } } catch (Exception) { ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(); fr1.FileFilterSearched = filter.FileFilter; fr1.FullPath = strFilePath; fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.None; fr1.Comment = "\"" + strFilePath + "\""; results.Add(fr1); //results.Add("\"" + strFilePath + "\""); } } } } // find next if any found = FindNextFile(findHandle, out findData); }while (found); } } finally { // close the find handle FindClose(findHandle); } } else { //invalid search filter if (results.Count == 0) { ContentDetectorLib.FileResult fr1 = new ContentDetectorLib.FileResult(); fr1.FileFilterSearched = filter.FileFilter; fr1.ObjectType = ContentDetectorLib.Common.FileFilterObjectType.None; fr1.Comment = "Invalid Search Filter or Directory Problem: " + filter.FileFilter + " " + dirName; results.Add(fr1); //results.Add("Invalid Search Filter or Directory Problem: " + filter.FileFilter + " " + dirName); } } } } catch { } } } return(results); }