}g:&`dZddlZddlZddlZddlmZddlmZddlm Z ddl m Z m Z ddl mZddlmZdd lmZdd lmZdd lmZdd lmZdd lmZejeZedZgdZgedddZ gdZ!GddZ"dZ#dZ$GddZ%GddZ&dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N)ThreadPoolExecutorwraps)NamedTemporaryFile)AnyDict)uuid4)MalwareScanType)fill_results_owner)Malware) HookEvent) hosting_panel)encode_filename) max_workers) intensity_cpu intensity_io intensity_ram detect_elf use_filtersfollow_symlinksexclude_patterns file_patterns)rrrrrrc:eZdZdZdZd dZdZdZdZdZ dS) ScanResultcg|_d|_d|_g|_dx|_|_i|_||_||_||_ d|_ dS)Nr) scans total_fileserrorerrors _begin_time _end_time_aggregated_results_path_scan_id _scan_typeargs)selfpathscan_id scan_types U/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/scan/scan_result.py__init__zScanResult.__init__DsV   ,004>#%   # cV|jtjtjtjfvSN)r&r BACKGROUND ON_DEMANDUSERr(s r, is_detachedzScanResult.is_detachedRs(  &  %  #   r.Nc.|r||_|r ||_dSdSr0)r!r")r( begin_timeend_times r,set_start_stopzScanResult.set_start_stopYs/  *)D   &%DNNN & &r.c |j|j|j|j|j|j|j|jd|rdnid}|j r|j |dd<|S)N)scanidtyper)started completedrrr summaryresultsr@r') r%r&r$r!r"rrr r5r')r(results r,to_dict_initialzScanResult.to_dict_initial_s- +!^#/+   $//119ttr   9 2(, F9 f % r.cB|}|j|d<|S)NrA)rCr)r(as_dicts r,to_dictzScanResult.to_dictts$&&((!Z r.cFtt|j|_|Sr0)aggregate_resultlistrr4s r,_aggregate_resultzScanResult._aggregate_resultys%dDJ&788  r.cfK|t|jd{V|Sr0)rJr rr4s r,getzScanResult.get}s?     ,,,,,,,,, r.)NN) __name__ __module__ __qualname__r-r5r9rCrFrJrLr.r,rrCs      &&&& * r.rc Bi}|D]}|d|d|dd|dd}|dr#td|d |h||d g|d |d |d d |dd d}|drd|d<|dr|d||dd ||S)N signature suspiciousextended_suspiciousF timestamp)matchesrSrTrUignorez%File match for %s will be ignored: %s file_namesizehashctimermodification_time)hitsrYrZr[r\curableTr])rLloggerinfo setdefaultappendinsert)raggregated_resultsrecordrVrows r,rHrHsT)+!+!+k* .#)::.CU#K#K ,    ::h    KK7{#     ++ ; vvGQ//%+ZZ0CQ%G%G       ::i  &!%GI  ,  + K  w ' ' ' ' K  q' * * * * r.cdfd}|S)Nc fdDS)Nc4i|]}|tv ||SrP)SCAN_HOOK_PARAMS.0optkwargss r, zAevent_hook.._extract_scan_hook_params..s*NNNSc=M6M6MVC[6M6M6Mr.rPrns`r,_extract_scan_hook_paramsz-event_hook.._extract_scan_hook_paramssNNNNFNNNNr.cFt dfd }|S)Nc K|ptj}|ptj} |}|r4tj|||||} |d{Vtj}  |f||d|d{V}nk#t j$rt$rO} t d|||d|tjt| did}Yd} ~ nd} ~ wwxYw|S)N)r*r+r)r= scan_params)r*r+zScan wrapper task failedr)r;r<r)rr=r>rr?) r hextimer MalwareScanningStartedprocess_messageasyncioCancelledError Exceptionr_ exceptionrepr) r)r*r+r=rnrtscan_started_event_started scan_resulterqfsinks r,wrapperz)event_hook..wrap..wrappers,G,G33F;;K ?%.%E#'# + &&&"**+=>>>>>>>>>y{{H $%A%")Y%%BH%% )        !;<<<#* ) $'(#+%)Y[[!%a   "     sBC>/AC99C>NNNr)rrrqrs` r,wrapzevent_hook..wrapsG q8<' ' ' ' ' ' '  ' Rr.rP)rrrqs` @r, event_hookrs<OOO++++++Z Kr.c\eZdZdZedZedZedZdZdS) DirectAiBolitcdSr0rP)r(___s r,r-zDirectAiBolit.__init__s r.c|Ktjr-tj|}||d<dSdS)Ndb_dir)r RAPID_SCANr HostingPanelget_rapid_scan_db_dir)home_dir scan_optionsds r, _add_db_dirzDirectAiBolit._add_db_dirsG   '*,,BB8LLA%&L " " " ' 'r.c fdDS)Nc4i|]}|tv ||SrP)DIRECT_SCAN_OPTIONSrks r,roz7DirectAiBolit._extract_scan_options..s1   !$#9L2L2LC2L2L2Lr.rPrps`r,_extract_scan_optionsz#DirectAiBolit._extract_scan_optionss.    (.    r.cd|vr&|dd|d|d<d|vr&|dd|d|d<|S)Nr,r)joinrps r,_update_scan_optionsz"DirectAiBolit._update_scan_optionssm & ( ()*6),&9K2L)M)MF% & f $ $)@)L&)hhvo/F&G&GF? # r.cDt dfd }|S)Nc|K|}|tjtjfvr||d{Vt |||}|| d|||d|d{V\|_|_ t|j|_|S)Nr7)r+r* scan_pathr0) rrr r3r1rrr9rrrI) r)r*r+r7rnrrrr(s r,rz'DirectAiBolit.__call__..wrappers  44**622L_1?3MNNN&&t\:::::::::$T7I>>K  & &* & = = =9::# ::  ::444444 0K {0!%k&7 8K  r.rrr(rrs`` r,__call__zDirectAiBolit.__call__sA q;?        *r.N) rMrNrOr- staticmethodrrrrrPr.r,rrs   ''\'   \ \r.rcReZdZdZdefdZedZedZdZ dS)PrepareFileListc||_dSr0)_tmpdir)r(tmpdirs r,r-zPrepareFileList.__init__s  r.returnc6K|||}|Sr0)_write_list_to_file)r(fnamefilesrnrs r, prepare_filezPrepareFileList.prepare_files!..ue<< r.ct|d5}d}|D])}|dz }|t|*|cdddS#1swxYwYdS)Nwbrr)openwriter)rrrrfiles r,rz#PrepareFileList._write_list_to_files %   !K / /q --....                   s0AAAc fdDS)Nc4i|]}|tv ||SrP) SCAN_OPTIONSrks r,roz9PrepareFileList._extract_scan_options..(s)JJJSc\6I6IVC[6I6I6Ir.rPrps`r,rz%PrepareFileList._extract_scan_options&sJJJJFJJJJr.cDt dfd }|S)NcK |}t|||}||t j5} j|j|fi|d{V} |f||d|d{V\|_|_dddn #1swxYwY||_ t|j|_|S)Nr)dir)r+r*) rrr9rrrnamerrrrI) r)r*r+r7rnrrtfrrr(s r,rz)PrepareFileList.__call__..wrapper+sM 55f==L$T7I>>K  & &* & = = =# 555 $5D$5bgt$N$Nv$N$NNNNNNN =>Q>"+W>>@L>>8888884 !;#4                '2K # $k&7 8K  s:BB"Brrrs`` r,rzPrepareFileList.__call__*sA q;?         r.N) rMrNrOr-intrrrrrrPr.r,rrsC\KK\Kr.r)'__doc__ryloggingrvconcurrent.futures.threadr functoolsrtempfilertypingrruuidr imav.malwarelib.configr imav.malwarelib.utils.user_listr defence360agent.contracts.configr %defence360agent.contracts.hook_eventsr defence360agent.subsys.panelsrdefence360agent.utilsr getLoggerrMr_ _executorrrrjrrHrrrrPr.r,rs* 888888''''''222222>>>>>>444444;;;;;;777777111111  8 $ $  1 - - -   ========@&&&R111h22222222j''''''''''r.