📄 scanner with clamwin.exe.c
字号:
return TRUE ;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_ClamWin_Configure (CLAMWINCONF * pConf){ TCHAR szDir[MAX_PATH] ; if( ! _Scanner_ClamWin_GetAppDir (szDir) ) { TRACE_ERROR (TEXT("Failed to find ClamWin directory\n")) ; return FALSE ; } PathCombine (pConf->szClamScanExe, szDir, TEXT("clamscan.exe")) ; PathCombine (pConf->szClamWinExe, szDir, TEXT("clamwin.exe")) ; TRACE_INFO (TEXT("CLAMWIN = %s\n"), pConf->szClamWinExe) ; TRACE_INFO (TEXT("CLAMSCAN = %s\n"), pConf->szClamScanExe) ; if( 0xFFFFFFFF == GetFileAttributes(pConf->szClamWinExe) ) { TRACE_ERROR (TEXT("File not found: %s\n"), pConf->szClamWinExe) ; return FALSE ; } if( 0xFFFFFFFF == GetFileAttributes(pConf->szClamScanExe) ) { TRACE_ERROR (TEXT("File not found: %s\n"), pConf->szClamScanExe) ; return FALSE ; } return TRUE ;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_Run (LPTSTR szCmdLine, LPTSTR szDirectory, DWORD*pdwExitCode, LPTSTR szOutput, UINT nOutputMax, DWORD nPriorityClass) { SECURITY_ATTRIBUTES sa = {0}; STARTUPINFO si = {0}; PROCESS_INFORMATION pi = {0}; HANDLE hPipeOutputRead = NULL; HANDLE hPipeOutputWrite = NULL; DWORD dwBytesRead ; BOOL bSuccess ; UINT nOutputPos = 0 ; *pdwExitCode = (DWORD)-1 ; TRACE_INFO (TEXT("CmdLine = %s\n"), szCmdLine) ; sa.nLength = sizeof(sa) ; sa.bInheritHandle = TRUE ; sa.lpSecurityDescriptor = NULL ; if( szOutput!=NULL ) { if( ! CreatePipe (&hPipeOutputRead, &hPipeOutputWrite, &sa, 0) ) TRACE_WARNING (TEXT("CreatePipe failed (error=%d)\n"), GetLastError()) ; si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES; si.wShowWindow = SW_SHOW ; //SW_HIDE;!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! si.hStdInput = GetStdHandle (STD_INPUT_HANDLE) ; si.hStdOutput = hPipeOutputWrite ; si.hStdError = hPipeOutputWrite ;//GetStdHandle (STD_ERROR_HANDLE) ; } else { si.cb = sizeof(si); si.dwFlags = STARTF_USESHOWWINDOW ; si.wShowWindow = SW_HIDE; } if( ! CreateProcess (NULL, szCmdLine, NULL, NULL, TRUE, nPriorityClass, NULL, szDirectory, &si, &pi) ) { TRACE_ERROR (TEXT("Failed to run scanner\n")) ; CloseHandle (hPipeOutputWrite); CloseHandle (hPipeOutputRead); return FALSE ; } CloseHandle (hPipeOutputWrite); // wait for process end WaitForSingleObject (pi.hProcess, 30000) ; GetExitCodeProcess (pi.hProcess, pdwExitCode) ; if( szOutput!=NULL ) { while( nOutputPos<nOutputMax-1 ) { UINT i ; char szBuffer[64] ; // try to read pipe bSuccess = ReadFile (hPipeOutputRead, szBuffer, 64, &dwBytesRead, NULL) ; // failed to read ? if( !bSuccess || !dwBytesRead ) break ; for( i=0 ; i<dwBytesRead ; i++ ) { switch( szBuffer[i] ) { case '\r': break ; case '\n': szOutput[nOutputPos++] = TEXT('\r') ; szOutput[nOutputPos++] = TEXT('\n') ; break ; default: szOutput[nOutputPos++] = szBuffer[i] ; } if( nOutputPos>=nOutputMax-1 ) break ; } } szOutput[nOutputPos] = 0 ; } TRACE_INFO (TEXT("Scan result = %u\n"), *pdwExitCode) ; CloseHandle (hPipeOutputRead); CloseHandle (pi.hThread) ; CloseHandle (pi.hProcess) ; return TRUE ;}/******************************************************************//* Internal function *//******************************************************************/UINT _Scanner_ClamWin_ScanFile (CLAMWINCONF * pConf, LPCTSTR szFile, LPTSTR szOutput, UINT nOutputMax, DWORD nPriorityClass) { TCHAR szCmdLine[1024] ; DWORD dwExitCode ; BOOL bSuccess ; wsprintf (szCmdLine, TEXT("\"%s\" --mode=scanner --path=\"%s\" --close"), pConf->szClamWinExe, szFile) ; bSuccess = _Scanner_Run (szCmdLine, NULL, &dwExitCode, szOutput, nOutputMax, nPriorityClass) ; if( ! bSuccess ) return SCAN_FAILED ; return dwExitCode==0 ? SCAN_NO_VIRUS : dwExitCode==1 ? SCAN_VIRUS_FOUND : SCAN_FAILED ;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_KavWs_Configure (KAVWSCONF * pConf){ HKEY hkey ; LONG nResult ; DWORD dwSize ; DWORD dwType ; TCHAR szBuffer[MAX_PATH] ; BOOL bFound ; nResult = RegOpenKeyEx (HKEY_LOCAL_MACHINE, szKavWsKey, 0, KEY_QUERY_VALUE, &hkey) ; if( nResult!=ERROR_SUCCESS ) { TRACE_INFO (TEXT("Registry key for KavWs not found\n")) ; return FALSE ; } dwSize = sizeof(szBuffer) ; nResult = RegQueryValueEx (hkey, szKavWsFolderValue, NULL, &dwType, (BYTE*)szBuffer, &dwSize) ; RegCloseKey (hkey) ; if( nResult!=ERROR_SUCCESS ) { TRACE_INFO (TEXT("Failed to read folder value for KavWs\n")) ; return FALSE ; } PathCombine (pConf->szScanner, szBuffer, szKavWsExe) ; bFound = GetFileAttributes (pConf->szScanner) != 0xFFFFFFFF ; if( ! bFound ) TRACE_WARNING (TEXT("KavWs scanner not found (path=%s)\n"), pConf->szScanner) ; return bFound ;}/******************************************************************//* Internal function *//******************************************************************/UINT _Scanner_KavWs_ScanFile (KAVWSCONF * pConf, LPCTSTR szFile, LPTSTR szOutput, UINT nOutputMax, DWORD nPriorityClass) { TCHAR szCmdLine[1024] ; TCHAR szTmpFile[MAX_PATH] ; TCHAR szTmpDir[MAX_PATH] ; DWORD dwExitCode ; BOOL bSuccess ; FILE *fp ; GetTempPath (MAX_PATH, szTmpDir) ; GetTempFileName (szTmpDir, PathFindFileName(szFile), 0, szTmpFile) ; wsprintf (szCmdLine, TEXT("\"%s\" scan \"%s\" /w:\"%s\""), pConf->szScanner, szFile, szTmpFile) ; bSuccess = _Scanner_Run (szCmdLine, NULL, &dwExitCode, szOutput, nOutputMax, nPriorityClass) ; if( ! bSuccess ) return SCAN_FAILED ; fp = _tfopen(szTmpFile, TEXT("rt")) ; if( fp!=NULL ) { TCHAR szLine[128] ; szOutput[0] = 0 ; while( _fgetts(szLine,128,fp) ) _tcscat (szOutput, szLine) ; fclose (fp) ; } return dwExitCode==0 ? SCAN_NO_VIRUS : dwExitCode==1 ? SCAN_VIRUS_FOUND : SCAN_FAILED ;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_BitDef_Configure (BITDEFCONF * pConf){ HKEY hkey ; LONG nResult ; DWORD dwSize ; DWORD dwType ; BOOL bFound ; nResult = RegOpenKeyEx (HKEY_LOCAL_MACHINE, szBitDefKey, 0, KEY_QUERY_VALUE, &hkey) ; if( nResult!=ERROR_SUCCESS ) { TRACE_INFO (TEXT("Registry key for BitDefender not found\n")) ; return FALSE ; } dwSize = sizeof(TCHAR)*MAX_PATH ; nResult = RegQueryValueEx (hkey, szBitDefFolderValue, NULL, &dwType, (BYTE*)pConf->szFolder, &dwSize) ; RegCloseKey (hkey) ; if( nResult!=ERROR_SUCCESS ) { TRACE_INFO (TEXT("Failed to read folder value for BitDefender\n")) ; return FALSE ; } PathCombine (pConf->szScanner, pConf->szFolder, szBitDefExe) ; bFound = GetFileAttributes (pConf->szScanner) != 0xFFFFFFFF ; if( ! bFound ) TRACE_WARNING (TEXT("BitDefender scanner not found (path=%s)\n"), pConf->szScanner) ; return bFound ;}/******************************************************************//* Internal function *//******************************************************************/UINT _Scanner_BitDef_ScanFile (BITDEFCONF * pConf, LPCTSTR szFile, LPTSTR szOutput, UINT nOutputMax, DWORD nPriorityClass) { TCHAR szCmdLine[1024] ; DWORD dwExitCode ; BOOL bSuccess ; wsprintf (szCmdLine, TEXT("\"%s\" \"%s\" /files"), pConf->szScanner, szFile) ; bSuccess = _Scanner_Run (szCmdLine, pConf->szFolder, &dwExitCode, szOutput, nOutputMax, nPriorityClass) ; if( ! bSuccess ) return SCAN_FAILED ; return dwExitCode==0 ? SCAN_NO_VIRUS : dwExitCode==1 ? SCAN_VIRUS_FOUND : SCAN_FAILED ;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_LibClamav_Configure (LIBCLAMAVCONF* conf){ TRACE_INFO (TEXT("Libclamav version : %hs\n"), cl_retver()); #if TRACE_LEVEL>=4 cl_debug();#endif conf->engine = NULL ; if( ! _Scanner_LibClamav_LoadDatabase (conf) ) return FALSE ; conf->options = CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGO | CL_SCAN_BLOCKMAX; memset (&conf->limits, 0, sizeof(struct cl_limits)); conf->limits.maxreclevel = 8; conf->limits.maxfiles = 1000; conf->limits.maxratio = 200; conf->limits.archivememlim = 0; conf->limits.maxfilesize = (unsigned long int)10*MEGA; // scanner path is winpooch path GetModuleFileName (NULL, conf->szScanner, MAX_PATH) ; FreshClam_Start (_Scanner_LibClamav_DatabaseUpdated, conf) ; return TRUE;}/******************************************************************//* Internal function *//******************************************************************/BOOL _Scanner_LibClamav_LoadDatabase (LIBCLAMAVCONF* conf){ struct cl_engine * pNewEngine ; struct cl_engine * pOldEngine ; int iResult ; UINT nSignCount = 0 ; CHAR szDbDirectory[MAX_PATH] ; GetModuleFileNameA (0, szDbDirectory, sizeof(szDbDirectory)-1); strrchr(szDbDirectory,'\\')[0] = 0 ; TRACE_INFO (TEXT("Database directory : %hs\n"), szDbDirectory); pNewEngine = NULL ; iResult = cl_loaddbdir (szDbDirectory, &pNewEngine, &nSignCount); if( iResult!=0 ) { TRACE_ERROR (TEXT("cl_loaddbdir() failed (%d) %hs\n"), iResult, cl_strerror(iResult)); return FALSE; } iResult = cl_build (pNewEngine) ; if( iResult!=0 ) { TRACE_ERROR(TEXT("cl_build() failed (%d) %hs\n"),iResult,cl_strerror(iResult)); cl_free(pNewEngine); return FALSE; } iResult = cl_retflevel(); TRACE_INFO (TEXT("Libclamav loaded %d ClamAV malware signatures (CVD ver:%d).\n"), nSignCount, iResult); pOldEngine = conf->engine ; conf->engine = pNewEngine ; if( pOldEngine ) { Sleep (10000) ; cl_free (pOldEngine) ; } return TRUE ;}/******************************************************************//* Internal function *//******************************************************************/UINT _Scanner_LibClamav_ScanFile (LIBCLAMAVCONF* conf, LPCTSTR wszFile, LPTSTR szOutput, UINT nOutputMax){ int iResultCode; unsigned long int scanned; LPCSTR szVirname ; char csFullPath[MAX_PATH] = {0} ; // convert filename to ASCII wcstombs (csFullPath, wszFile, MAX_PATH-1); TRACE_INFO(TEXT("File = %hs\n"), csFullPath); iResultCode = cl_scanfile (csFullPath, &szVirname, &scanned, conf->engine, &conf->limits, conf->options); TRACE_INFO(TEXT("Libclamav result = %d\n"), iResultCode); if( iResultCode == CL_VIRUS ) { TRACE_INFO (TEXT("%hs : %hs FOUND\n"), csFullPath, szVirname); wsprintf (szOutput, TEXT("%hs FOUND"), szVirname) ; } else if( iResultCode != CL_CLEAN ) { TRACE_ERROR (TEXT("%hs : Error: %hs\n"), csFullPath, cl_strerror(iResultCode)); wsprintf (szOutput, TEXT("Error: %hs\n"), cl_strerror(iResultCode)) ; } return iResultCode==CL_CLEAN ? SCAN_NO_VIRUS : iResultCode==CL_VIRUS ? SCAN_VIRUS_FOUND : SCAN_FAILED ; return SCAN_NO_VIRUS ;}/******************************************************************//* Internal function *//******************************************************************/VOID _Scanner_LibClamav_DatabaseUpdated (LPVOID pContext) { _Scanner_LibClamav_LoadDatabase ((LIBCLAMAVCONF*)pContext) ;}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -