static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction)
{
try
{
if (!Firewall.Apps.Contains(app))
{
if (!SettingsManager.Silence)
{
Firewall.Apps.Add(app);
KavprotVoice.SpeakAsync("Would you like to allow this network access");
DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo();
inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No;
inf.Title = "Firewall Rule";
inf.Text = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?";
inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation;
inf.Header = "Application Connection";
inf.FooterText = "Kavprot smart security";
inf.DialogColor = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver;
DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf);
if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes)
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
else
{
Firewall.Apps.Add(app);
if (!Scanner.CheckReputation(app))
{
Firewall.Add("AllowAll", app);
}
else
{
Firewall.Add("DenyAll", app);
}
}
}
}
catch (Exception ex)
{
AntiCrash.LogException(ex);
}
finally
{
}
}
static void FilterData(Session session)
{
if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com"))
{
object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString()));
if (v != null)
{
KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString());
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
}
}
}
static object VoiceCommand(string text)
{
// add more
if (text.StartsWith("run process "))
{
Process.Start(text.Replace("run process", ""));
return("Process started");
}
else if (text.StartsWith("kill process "))
{
foreach (Process p in Process.GetProcessesByName(text.Replace("kill process", "")))
{
p.Kill();
}
return("Process killed");
}
else if (text.StartsWith("say "))
{
KavprotVoice.SpeakAsync(text.Replace("say", ""));
return("text said");
}
else if (text.StartsWith("shutdown computer in "))
{
KAVE.Windows.WindowsControl.Shutdown(Int32.Parse(text.Replace("shutdown computer in ", "").Replace("seconds", "")));
return("shuting down computer");
}
else if (text.StartsWith("reboot computer in "))
{
KAVE.Windows.WindowsControl.Reboot(Int32.Parse(text.Replace("rboot computer in ", "").Replace("seconds", "")));
return("rebooting computer");
}
else
{
KavprotVoice.SpeakAsync("Unknow command, try again");
return("Unknown command");
}
}
public static void ReceiveDataFromMobile()
{
Lb_001:
{
try
{
string packet = null;
bool c = ReceiveARCPacket(SettingsManager.MobileAdress, SettingsManager.ApplicationAdress, out packet);
if (c)
{
if (packet.Substring(0, 14) == SettingsManager.MobileAdress)
{
// from 14 to 20 (accept)
string accept = packet.Substring(0, 20).Remove(0, 14);
// from 20 to 28 (command)
string command = packet.Substring(0, 28).Remove(0, 20);
// from 28 to 32 (timeout)
Int32 timeout = Int32.Parse(packet.Substring(0, 32).Remove(0, 28));
// from 32 to 40 (crc)
string checksum = packet.Substring(0, 40).Remove(0, 32);
Timeout = timeout * 1000;
object obj = null;
byte[] data = SEA.DecryptFromBase64(packet.Remove(0, 40));
string crcdt = ComputeCRC32(data);
if (crcdt == checksum)
{
string o = "";
try
{
obj = ProcessCommand(command, data, out o);
goto Lb_003;
}
catch
{
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes("Error while executing command")));
}
Lb_003:
{
if (o != "DONOT")
{
if (accept == "STRING")
{
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes(obj.ToString())));
}
else if (accept == "AUDIOS")
{
// accept audio
if (o == "STRING" || o == "AUDIOS")
{
KavprotVoice.SpeakInWave(obj.ToString(), "C:\\ASC.wav");
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("PLAYAUDI", "ALDATA", SettingsManager.ApplicationAdress, "0005", File.ReadAllBytes("C:\\ASC.wav")));
}
}
else
{
if (o == "STRING" || o == "AUDIOS")
{
KavprotVoice.SpeakInWave(obj.ToString(), "C:\\ASC.wav");
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("PLAYAUDI", "ALDATA", SettingsManager.ApplicationAdress, "0005", File.ReadAllBytes("C:\\ASC.wav")));
}
}
}
}
}
else
{
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes("Data was modified, Cyclic redundancy check (UNMATCH)")));
}
}
}
}
catch (Exception ex)
{
SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes(ex.Message)));
}
finally
{
}
}
// sleep for settings checktime
Thread.Sleep(Timeout);
goto Lb_001;
}
public static void Initialize(KavprotInitialization init)
{
try
{
// init settings
SettingsManager.Initialize();
if (SettingsManager.TurboMode)
{
AsyncInvoke ainv = new AsyncInvoke(KavprotVoice.Initialize);
ainv.BeginInvoke(null, null);
// Activation.Initialize();
//if (!Activation.Expired)
//{
if (init == KavprotInitialization.Full)
{
// init monitors
AsyncInvoke inv = new AsyncInvoke(InitMonitors);
inv.BeginInvoke(null, null);
// init engine
AVEngine.Initialize(SettingsManager.Scansense);
if (SettingsManager.KavprotRemoteControl)
{
AsyncInvoke dinv = new AsyncInvoke(KavprotRemoteControl.Init);
dinv.BeginInvoke(null, null);
AsyncInvoke tinv = new AsyncInvoke(KavprotRemoteControl.ReceiveDataFromMobile);
tinv.BeginInvoke(null, null);
}
AntivirusState.SetProtection(true);
}
else
{
// init engine
AVEngine.Initialize(SettingsManager.Scansense);
}
//}
//else
//{
// MessageBox.Show("Kavprot will be closed after you click ok", "Activation", MessageBoxButtons.OK, MessageBoxIcon.Warning);
// ShutDown();
//}
}
else
{
KavprotVoice.Initialize();
//Activation.Initialize();
//if (!Activation.Expired)
//{
if (init == KavprotInitialization.Full)
{
// init monitors
InitMonitors();
// init engine
AVEngine.Initialize(SettingsManager.Scansense);
if (SettingsManager.KavprotRemoteControl)
{
KavprotRemoteControl.Init();
AsyncInvoke inv = new AsyncInvoke(KavprotRemoteControl.ReceiveDataFromMobile);
inv.BeginInvoke(null, null);
}
AntivirusState.SetProtection(true);
}
else
{
// init engine
AVEngine.Initialize(SettingsManager.Scansense);
}
//}
//else
//{
// MessageBox.Show("Kavprot will be closed after you click ok", "Activation", MessageBoxButtons.OK, MessageBoxIcon.Warning);
// ShutDown();
//}
}
}
catch
{
}
}
static bool SafeBrowse(Session session)
{
// WBSD
if (SettingsManager.WebAgentSmartDetection)
{
foreach (string word in Blockers)
{
if (session.fullUrl.Contains(word))
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("This url contains a blocked word.");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
}
}
// filter data
if (SettingsManager.ParentalControl)
{
BlackListResult result = CheckUrl(session.fullUrl);
if (result == BlackListResult.MalwareAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A malware website access was blocked.");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.PhishingAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A phishing website access was blocked");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Phishing Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Phishing Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PhishMessage));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.PornAttack)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("A pornographic website access was blocked");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a P**n Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a P**n Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PornMSG));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
else if (result == BlackListResult.Undetermined)
{
if (SettingsManager.BlockUrls)
{
KavprotVoice.SpeakAsync("Kavprot blocked this website for unknown reason");
session.utilCreateResponseAndBypassServer();
session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Proxy Error") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart securityProxy ERROR") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.UnderterminedMSG));
session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000");
return(true);
}
}
}
return(false);
}
