static void Firewall_AccessDenied(string username, string app, string protocol, string source, string destination, string direction) { try { if (!Firewall.Apps.Contains(app)) { if (!SettingsManager.Silence) { Firewall.Apps.Add(app); KavprotVoice.SpeakAsync("Would you like to allow this network access"); DevComponents.DotNetBar.TaskDialogInfo inf = new DevComponents.DotNetBar.TaskDialogInfo(); inf.DialogButtons = DevComponents.DotNetBar.eTaskDialogButton.Yes | DevComponents.DotNetBar.eTaskDialogButton.No; inf.Title = "Firewall Rule"; inf.Text = "An application is trying to connect to a remote host (" + destination + ") via " + protocol + " protocol. \n " + Path.GetFileName(app) + "\n do you want to authorize this connection?"; inf.TaskDialogIcon = DevComponents.DotNetBar.eTaskDialogIcon.Exclamation; inf.Header = "Application Connection"; inf.FooterText = "Kavprot smart security"; inf.DialogColor = DevComponents.DotNetBar.eTaskDialogBackgroundColor.Silver; DevComponents.DotNetBar.eTaskDialogResult dl = DevComponents.DotNetBar.TaskDialog.Show(inf); if (dl == DevComponents.DotNetBar.eTaskDialogResult.Yes) { Firewall.Add("AllowAll", app); } else { Firewall.Add("DenyAll", app); } } else { Firewall.Apps.Add(app); if (!Scanner.CheckReputation(app)) { Firewall.Add("AllowAll", app); } else { Firewall.Add("DenyAll", app); } } } } catch (Exception ex) { AntiCrash.LogException(ex); } finally { } }
static void FilterData(Session session) { if (session.fullUrl.EndsWith(".js") || session.fullUrl.EndsWith(".vbs") || session.fullUrl.EndsWith(".bat") || session.fullUrl.EndsWith(".com")) { object v = VDB.GetScript(Security.ConvertToHex(session.GetResponseBodyAsString())); if (v != null) { KavprotVoice.SpeakAsync("A malicious code detected : " + v.ToString()); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a malicious code : " + v.ToString()) + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); } } }
static object VoiceCommand(string text) { // add more if (text.StartsWith("run process ")) { Process.Start(text.Replace("run process", "")); return("Process started"); } else if (text.StartsWith("kill process ")) { foreach (Process p in Process.GetProcessesByName(text.Replace("kill process", ""))) { p.Kill(); } return("Process killed"); } else if (text.StartsWith("say ")) { KavprotVoice.SpeakAsync(text.Replace("say", "")); return("text said"); } else if (text.StartsWith("shutdown computer in ")) { KAVE.Windows.WindowsControl.Shutdown(Int32.Parse(text.Replace("shutdown computer in ", "").Replace("seconds", ""))); return("shuting down computer"); } else if (text.StartsWith("reboot computer in ")) { KAVE.Windows.WindowsControl.Reboot(Int32.Parse(text.Replace("rboot computer in ", "").Replace("seconds", ""))); return("rebooting computer"); } else { KavprotVoice.SpeakAsync("Unknow command, try again"); return("Unknown command"); } }
public static void ReceiveDataFromMobile() { Lb_001: { try { string packet = null; bool c = ReceiveARCPacket(SettingsManager.MobileAdress, SettingsManager.ApplicationAdress, out packet); if (c) { if (packet.Substring(0, 14) == SettingsManager.MobileAdress) { // from 14 to 20 (accept) string accept = packet.Substring(0, 20).Remove(0, 14); // from 20 to 28 (command) string command = packet.Substring(0, 28).Remove(0, 20); // from 28 to 32 (timeout) Int32 timeout = Int32.Parse(packet.Substring(0, 32).Remove(0, 28)); // from 32 to 40 (crc) string checksum = packet.Substring(0, 40).Remove(0, 32); Timeout = timeout * 1000; object obj = null; byte[] data = SEA.DecryptFromBase64(packet.Remove(0, 40)); string crcdt = ComputeCRC32(data); if (crcdt == checksum) { string o = ""; try { obj = ProcessCommand(command, data, out o); goto Lb_003; } catch { SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes("Error while executing command"))); } Lb_003: { if (o != "DONOT") { if (accept == "STRING") { SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes(obj.ToString()))); } else if (accept == "AUDIOS") { // accept audio if (o == "STRING" || o == "AUDIOS") { KavprotVoice.SpeakInWave(obj.ToString(), "C:\\ASC.wav"); SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("PLAYAUDI", "ALDATA", SettingsManager.ApplicationAdress, "0005", File.ReadAllBytes("C:\\ASC.wav"))); } } else { if (o == "STRING" || o == "AUDIOS") { KavprotVoice.SpeakInWave(obj.ToString(), "C:\\ASC.wav"); SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("PLAYAUDI", "ALDATA", SettingsManager.ApplicationAdress, "0005", File.ReadAllBytes("C:\\ASC.wav"))); } } } } } else { SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes("Data was modified, Cyclic redundancy check (UNMATCH)"))); } } } } catch (Exception ex) { SendPacket(SettingsManager.ApplicationAdress, SettingsManager.MobileAdress, BuildARCPacket("SHOWTEXT", "ALDATA", SettingsManager.ApplicationAdress, "0005", Encoding.UTF8.GetBytes(ex.Message))); } finally { } } // sleep for settings checktime Thread.Sleep(Timeout); goto Lb_001; }
public static void Initialize(KavprotInitialization init) { try { // init settings SettingsManager.Initialize(); if (SettingsManager.TurboMode) { AsyncInvoke ainv = new AsyncInvoke(KavprotVoice.Initialize); ainv.BeginInvoke(null, null); // Activation.Initialize(); //if (!Activation.Expired) //{ if (init == KavprotInitialization.Full) { // init monitors AsyncInvoke inv = new AsyncInvoke(InitMonitors); inv.BeginInvoke(null, null); // init engine AVEngine.Initialize(SettingsManager.Scansense); if (SettingsManager.KavprotRemoteControl) { AsyncInvoke dinv = new AsyncInvoke(KavprotRemoteControl.Init); dinv.BeginInvoke(null, null); AsyncInvoke tinv = new AsyncInvoke(KavprotRemoteControl.ReceiveDataFromMobile); tinv.BeginInvoke(null, null); } AntivirusState.SetProtection(true); } else { // init engine AVEngine.Initialize(SettingsManager.Scansense); } //} //else //{ // MessageBox.Show("Kavprot will be closed after you click ok", "Activation", MessageBoxButtons.OK, MessageBoxIcon.Warning); // ShutDown(); //} } else { KavprotVoice.Initialize(); //Activation.Initialize(); //if (!Activation.Expired) //{ if (init == KavprotInitialization.Full) { // init monitors InitMonitors(); // init engine AVEngine.Initialize(SettingsManager.Scansense); if (SettingsManager.KavprotRemoteControl) { KavprotRemoteControl.Init(); AsyncInvoke inv = new AsyncInvoke(KavprotRemoteControl.ReceiveDataFromMobile); inv.BeginInvoke(null, null); } AntivirusState.SetProtection(true); } else { // init engine AVEngine.Initialize(SettingsManager.Scansense); } //} //else //{ // MessageBox.Show("Kavprot will be closed after you click ok", "Activation", MessageBoxButtons.OK, MessageBoxIcon.Warning); // ShutDown(); //} } } catch { } }
static bool SafeBrowse(Session session) { // WBSD if (SettingsManager.WebAgentSmartDetection) { foreach (string word in Blockers) { if (session.fullUrl.Contains(word)) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("This url contains a blocked word."); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } } } // filter data if (SettingsManager.ParentalControl) { BlackListResult result = CheckUrl(session.fullUrl); if (result == BlackListResult.MalwareAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A malware website access was blocked."); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Malware Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Malware Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.MalwareMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.PhishingAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A phishing website access was blocked"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a Phishing Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a Phishing Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PhishMessage)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.PornAttack) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("A pornographic website access was blocked"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Blocked a P**n Attack !!!") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart security Blocked a P**n Attack !!!") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.PornMSG)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } else if (result == BlackListResult.Undetermined) { if (SettingsManager.BlockUrls) { KavprotVoice.SpeakAsync("Kavprot blocked this website for unknown reason"); session.utilCreateResponseAndBypassServer(); session.responseBodyBytes = Encoding.ASCII.GetBytes(KAVE.Properties.Resources.ErrorPageHead + string.Format(KAVE.Properties.Resources.Title, "Kavprot smart security Proxy Error") + KAVE.Properties.Resources.Ressources + string.Format(KAVE.Properties.Resources.Bodytitle, "Kavprot smart securityProxy ERROR") + string.Format(KAVE.Properties.Resources.Body, KAVE.Properties.Resources.UnderterminedMSG)); session.oResponse.headers = Parser.ParseResponse("HTTP/1.1 200 OK\r\nKPAVWebProxyTemplate: True\r\nContent-Length: 165000"); return(true); } } } return(false); }