ikarusscanner: src/IkarusScanner.py@0c88ae943fa6 (annotated)

ft@0	1	#!/usr/bin/python
ft@0	2
ft@2	3	# ------------------------------------------------------------
ft@2	4	# opensecurity package file
ft@2	5	#
ft@2	6	# Autor: Karlberger Christoph <Karlberger.C@ikarus.at>
ft@2	7	# X-Net Services GmbH <office@x-net.at>
ft@2	8	#
ft@2	9	# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
ft@2	10	#
ft@2	11	# IKARUS Security Software GmbH
ft@2	12	# Blechturmgasse 11
ft@2	13	# 1050 Wien
ft@2	14	# AUSTRIA
ft@2	15	# http://www.ikarussecurity.com
ft@2	16	#
ft@2	17	# X-Net Technologies GmbH
ft@2	18	# Elisabethstrasse 1
ft@2	19	# 4020 Linz
ft@2	20	# AUSTRIA
ft@2	21	# https://www.x-net.at
ft@2	22	#
ft@2	23	# AIT Austrian Institute of Technology
ft@2	24	# Donau City Strasse 1
ft@2	25	# 1220 Wien
ft@2	26	# AUSTRIA
ft@2	27	# http://www.ait.ac.at
ft@2	28	#
ft@2	29	#
ft@2	30	# Licensed under the Apache License, Version 2.0 (the "License");
ft@2	31	# you may not use this file except in compliance with the License.
ft@2	32	# You may obtain a copy of the License at
ft@2	33	#
ft@2	34	# http://www.apache.org/licenses/LICENSE-2.0
ft@2	35	#
ft@2	36	# Unless required by applicable law or agreed to in writing, software
ft@2	37	# distributed under the License is distributed on an "AS IS" BASIS,
ft@2	38	# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
ft@2	39	# See the License for the specific language governing permissions and
ft@2	40	# limitations under the License.
ft@2	41	# ------------------------------------------------------------
ft@2	42
ft@0	43	import ConfigParser
ft@0	44
ft@0	45	import sys
ft@0	46
ft@0	47	import logging
ft@0	48	import os
ft@0	49	import errno
ft@0	50	import time
ft@0	51
ft@0	52	import urllib3
ck@1	53	import xml.etree.ElementTree as ET
ft@0	54
ft@0	55	class IkarusScanner:
ft@0	56
ft@0	57	# User the existing logger instance
ft@0	58	__LOG = logging.getLogger("IkarusScanner")
ft@0	59
ft@0	60	__MINOPTS = { "Main" : ["LocalScanserverURL", "RemoteScanserverURL", "MaxFileSize", "RetryTimeout"]}
ft@0	61	__CONFIG_NOT_READABLE = "Configfile is not readable"
ft@0	62	__CONFIG_WRONG = "Something is wrong with the config"
ft@0	63	__CONFIG_MISSING = "Section: \"%s\" Option: \"%s\" in configfile is missing"
ft@0	64	__LOCAL_SCANSERVER_URL = ""
ft@0	65	__REMOTE_SCANSERVER_URL = ""
ft@0	66	__STATUS_CODE_OK = 200
ft@0	67	__STATUS_CODE_INFECTED = 210
ft@0	68	__STATUS_CODE_NOT_FOUND = 404
ft@0	69	__MAX_SCAN_FILE_SIZE = 50 * 0x100000
ft@0	70	__SCANSERVER_RETRY_TIMEOUT = 60
ft@0	71
ft@0	72	# Global http pool manager used to connect to the scan server
ft@0	73	__remoteScanserverReachable = True
ft@0	74	__scanserverTimestamp = 0
ft@0	75	__httpPool = urllib3.PoolManager(num_pools = 1, timeout = 3)
ft@0	76
ft@0	77	def __init__ (self, scanner_config_path):
ft@0	78	config = self.loadConfig (scanner_config_path)
ft@0	79
ft@0	80	self.__scanserverTimestamp = time.time()
ft@0	81
ck@1	82	self.__LOCAL_SCANSERVER_URL = config.get("Main", "LocalScanserverURL")
ck@1	83	self.__REMOTE_SCANSERVER_URL = config.get("Main", "RemoteScanserverURL")
ck@1	84	self.__SCANSERVER_RETRY_TIMEOUT = int(config.get("Main", "RetryTimeout"))
ft@0	85
ft@0	86	# Convert file size from MB to byte
ck@1	87	self.__MAX_SCAN_FILE_SIZE = int(config.get("Main", "MaxFileSize")) * 0x100000
ft@0	88
ft@0	89
ft@0	90	def checkMinimumOptions (self, config):
ft@0	91	for section, options in self.__MINOPTS.iteritems ():
ft@0	92	for option in options:
ft@0	93	if (config.has_option(section, option) == False):
ft@0	94	self.__LOG.error (self.__CONFIG_MISSING % (section, option))
ft@0	95	exit (129)
ft@0	96
ft@0	97	def loadConfig (self, scanner_config_path):
ft@0	98
ft@0	99	configfile = scanner_config_path
ft@0	100	config = ConfigParser.SafeConfigParser ()
ft@0	101
ft@0	102	if ((os.path.exists (scanner_config_path) == False) or (os.path.isfile (scanner_config_path) == False) or (os.access (scanner_config_path, os.R_OK) == False)):
ft@0	103	self.__LOG.error(self.__CONFIG_NOT_READABLE);
ft@0	104	raise SystemError(self.__CONFIG_NOT_READABLE)
ft@0	105
ft@0	106	try:
ft@0	107	config.read (scanner_config_path)
ft@0	108	except Exception, e:
ft@0	109	self.__LOG.error("Error: %s" % (e));
ft@0	110	raise SystemError("Error: %s" % (e))
ft@0	111
ft@0	112	self.checkMinimumOptions (config)
ft@0	113
ft@0	114	return config
ft@0	115
ft@0	116	def contactScanserver(self, url, fields):
ck@1	117	self.__LOG.debug("Contacting server %s" % url)
ck@1	118	return self.__httpPool.request_encode_body('POST', url, fields = fields, retries = 0)
ft@0	119
ft@0	120	def scanFile (self, path, fileobject):
ft@0	121	return self.scanFileIkarus (path, fileobject)
ft@0	122
ft@0	123	def scanFileIkarus (self, path, fileobject):
ft@0	124	retval = { "infected" : False, "virusname" : "Unknown" }
ft@0	125	self.__LOG.debug ("Scan File: %s" % (path))
ft@0	126
ft@0	127	if (os.fstat(fileobject.fileno()).st_size > self.__MAX_SCAN_FILE_SIZE):
ft@0	128	self.__LOG.info("File max size exceeded. The file is not scanned.")
ck@1	129	retval["infected"] = False
ft@0	130	retval["virusname"] = "File is to big to be scanned."
ft@0	131	return retval
ft@0	132
ft@0	133	fields = { 'up_file' : fileobject.read() }
ft@0	134
ft@0	135	if (self.__remoteScanserverReachable == False) and ((self.__scanserverTimestamp + self.__SCANSERVER_RETRY_TIMEOUT) < time.time()):
ft@0	136	self.__remoteScanserverReachable = True
ft@0	137
ft@0	138	if self.__remoteScanserverReachable:
ft@0	139	try:
ck@1	140	response = self.contactScanserver(self.__REMOTE_SCANSERVER_URL, fields)
ft@0	141	# We should catch socket.error here, but this does not work. Needs checking.
ft@0	142	except:
ft@0	143	self.__LOG.info("Remote scan server unreachable, using local scan server.")
ck@1	144	self.__LOG.debug("Exception: %s: %s" % (sys.exc_info()[0], sys.exc_info()[1]))
ft@0	145	self.__LOG.info("Next check for remote server in %s seconds." % (self.__SCANSERVER_RETRY_TIMEOUT))
ft@0	146
ft@0	147	self.__remoteScanserverReachable = False
ft@0	148	self.__scanserverTimestamp = time.time()
ft@0	149
ft@0	150	try:
ck@1	151	response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)
ft@0	152	except:
ft@0	153	self.__LOG.error ("Connection to local scan server could not be established.")
ck@1	154	self.__LOG.debug ("Exception: %s" % (sys.exc_info()[0]))
ft@0	155	return retval
ft@0	156	else:
ft@0	157	try:
ck@1	158	response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)
ft@0	159	except:
ft@0	160	self.__LOG.error ("Connection to local scan server could not be established.")
ft@0	161	self.__LOG.error ("Exception: %s" %(sys.exc_info()[0]))
ft@0	162	return retval
ft@0	163
ft@0	164
ft@0	165	if response.status == self.__STATUS_CODE_OK:
ft@0	166	retval["infected"] = False
ft@0	167	elif response.status == self.__STATUS_CODE_INFECTED:
ck@1	168	# Parse xml for info
ck@1	169	root = ET.fromstring(response.data)
ck@1	170
ck@1	171	# this should be done in a more generic way
ck@1	172	retval["virusname"] = root[1][3][0].text
ft@0	173	retval["infected"] = True
ft@0	174	else:
ft@0	175	self.__LOG.error ("Connection error to scan server.")
ft@0	176
ft@0	177	if (retval["infected"] == True):
ft@0	178	self.__LOG.error ("Virus found, denying access.")
ft@0	179	else:
ft@0	180	self.__LOG.debug ("No virus found.")
ft@0	181
ft@0	182	return retval
ft@0	183
ft@0	184
ft@0	185

author	ft
	Tue, 04 Nov 2014 14:24:02 +0100
changeset 2	0c88ae943fa6
parent 1	57ad4aea86dd
permissions	-rwxr-xr-x