ft@0
|
1 |
#!/usr/bin/python
|
ft@0
|
2 |
|
ft@2
|
3 |
# ------------------------------------------------------------
|
ft@2
|
4 |
# opensecurity package file
|
ft@2
|
5 |
#
|
ft@2
|
6 |
# Autor: Karlberger Christoph <Karlberger.C@ikarus.at>
|
ft@2
|
7 |
# X-Net Services GmbH <office@x-net.at>
|
ft@2
|
8 |
#
|
ft@2
|
9 |
# Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology
|
ft@2
|
10 |
#
|
ft@2
|
11 |
# IKARUS Security Software GmbH
|
ft@2
|
12 |
# Blechturmgasse 11
|
ft@2
|
13 |
# 1050 Wien
|
ft@2
|
14 |
# AUSTRIA
|
ft@2
|
15 |
# http://www.ikarussecurity.com
|
ft@2
|
16 |
#
|
ft@2
|
17 |
# X-Net Technologies GmbH
|
ft@2
|
18 |
# Elisabethstrasse 1
|
ft@2
|
19 |
# 4020 Linz
|
ft@2
|
20 |
# AUSTRIA
|
ft@2
|
21 |
# https://www.x-net.at
|
ft@2
|
22 |
#
|
ft@2
|
23 |
# AIT Austrian Institute of Technology
|
ft@2
|
24 |
# Donau City Strasse 1
|
ft@2
|
25 |
# 1220 Wien
|
ft@2
|
26 |
# AUSTRIA
|
ft@2
|
27 |
# http://www.ait.ac.at
|
ft@2
|
28 |
#
|
ft@2
|
29 |
#
|
ft@2
|
30 |
# Licensed under the Apache License, Version 2.0 (the "License");
|
ft@2
|
31 |
# you may not use this file except in compliance with the License.
|
ft@2
|
32 |
# You may obtain a copy of the License at
|
ft@2
|
33 |
#
|
ft@2
|
34 |
# http://www.apache.org/licenses/LICENSE-2.0
|
ft@2
|
35 |
#
|
ft@2
|
36 |
# Unless required by applicable law or agreed to in writing, software
|
ft@2
|
37 |
# distributed under the License is distributed on an "AS IS" BASIS,
|
ft@2
|
38 |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
ft@2
|
39 |
# See the License for the specific language governing permissions and
|
ft@2
|
40 |
# limitations under the License.
|
ft@2
|
41 |
# ------------------------------------------------------------
|
ft@2
|
42 |
|
ft@0
|
43 |
import ConfigParser
|
ft@0
|
44 |
|
ft@0
|
45 |
import sys
|
ft@0
|
46 |
|
ft@0
|
47 |
import logging
|
ft@0
|
48 |
import os
|
ft@0
|
49 |
import errno
|
ft@0
|
50 |
import time
|
ft@0
|
51 |
|
ft@0
|
52 |
import urllib3
|
ck@1
|
53 |
import xml.etree.ElementTree as ET
|
ft@0
|
54 |
|
ft@0
|
55 |
class IkarusScanner:
|
ft@0
|
56 |
|
ft@0
|
57 |
# User the existing logger instance
|
ft@0
|
58 |
__LOG = logging.getLogger("IkarusScanner")
|
ft@0
|
59 |
|
ft@0
|
60 |
__MINOPTS = { "Main" : ["LocalScanserverURL", "RemoteScanserverURL", "MaxFileSize", "RetryTimeout"]}
|
ft@0
|
61 |
__CONFIG_NOT_READABLE = "Configfile is not readable"
|
ft@0
|
62 |
__CONFIG_WRONG = "Something is wrong with the config"
|
ft@0
|
63 |
__CONFIG_MISSING = "Section: \"%s\" Option: \"%s\" in configfile is missing"
|
ft@0
|
64 |
__LOCAL_SCANSERVER_URL = ""
|
ft@0
|
65 |
__REMOTE_SCANSERVER_URL = ""
|
ft@0
|
66 |
__STATUS_CODE_OK = 200
|
ft@0
|
67 |
__STATUS_CODE_INFECTED = 210
|
ft@0
|
68 |
__STATUS_CODE_NOT_FOUND = 404
|
ft@0
|
69 |
__MAX_SCAN_FILE_SIZE = 50 * 0x100000
|
ft@0
|
70 |
__SCANSERVER_RETRY_TIMEOUT = 60
|
ft@0
|
71 |
|
ft@0
|
72 |
# Global http pool manager used to connect to the scan server
|
ft@0
|
73 |
__remoteScanserverReachable = True
|
ft@0
|
74 |
__scanserverTimestamp = 0
|
ft@0
|
75 |
__httpPool = urllib3.PoolManager(num_pools = 1, timeout = 3)
|
ft@0
|
76 |
|
ft@0
|
77 |
def __init__ (self, scanner_config_path):
|
ft@0
|
78 |
config = self.loadConfig (scanner_config_path)
|
ft@0
|
79 |
|
ft@0
|
80 |
self.__scanserverTimestamp = time.time()
|
ft@0
|
81 |
|
ck@1
|
82 |
self.__LOCAL_SCANSERVER_URL = config.get("Main", "LocalScanserverURL")
|
ck@1
|
83 |
self.__REMOTE_SCANSERVER_URL = config.get("Main", "RemoteScanserverURL")
|
ck@1
|
84 |
self.__SCANSERVER_RETRY_TIMEOUT = int(config.get("Main", "RetryTimeout"))
|
ft@0
|
85 |
|
ft@0
|
86 |
# Convert file size from MB to byte
|
ck@1
|
87 |
self.__MAX_SCAN_FILE_SIZE = int(config.get("Main", "MaxFileSize")) * 0x100000
|
ft@0
|
88 |
|
ft@0
|
89 |
|
ft@0
|
90 |
def checkMinimumOptions (self, config):
|
ft@0
|
91 |
for section, options in self.__MINOPTS.iteritems ():
|
ft@0
|
92 |
for option in options:
|
ft@0
|
93 |
if (config.has_option(section, option) == False):
|
ft@0
|
94 |
self.__LOG.error (self.__CONFIG_MISSING % (section, option))
|
ft@0
|
95 |
exit (129)
|
ft@0
|
96 |
|
ft@0
|
97 |
def loadConfig (self, scanner_config_path):
|
ft@0
|
98 |
|
ft@0
|
99 |
configfile = scanner_config_path
|
ft@0
|
100 |
config = ConfigParser.SafeConfigParser ()
|
ft@0
|
101 |
|
ft@0
|
102 |
if ((os.path.exists (scanner_config_path) == False) or (os.path.isfile (scanner_config_path) == False) or (os.access (scanner_config_path, os.R_OK) == False)):
|
ft@0
|
103 |
self.__LOG.error(self.__CONFIG_NOT_READABLE);
|
ft@0
|
104 |
raise SystemError(self.__CONFIG_NOT_READABLE)
|
ft@0
|
105 |
|
ft@0
|
106 |
try:
|
ft@0
|
107 |
config.read (scanner_config_path)
|
ft@0
|
108 |
except Exception, e:
|
ft@0
|
109 |
self.__LOG.error("Error: %s" % (e));
|
ft@0
|
110 |
raise SystemError("Error: %s" % (e))
|
ft@0
|
111 |
|
ft@0
|
112 |
self.checkMinimumOptions (config)
|
ft@0
|
113 |
|
ft@0
|
114 |
return config
|
ft@0
|
115 |
|
ft@0
|
116 |
def contactScanserver(self, url, fields):
|
ck@1
|
117 |
self.__LOG.debug("Contacting server %s" % url)
|
ck@1
|
118 |
return self.__httpPool.request_encode_body('POST', url, fields = fields, retries = 0)
|
ft@0
|
119 |
|
ft@0
|
120 |
def scanFile (self, path, fileobject):
|
ft@0
|
121 |
return self.scanFileIkarus (path, fileobject)
|
ft@0
|
122 |
|
ft@0
|
123 |
def scanFileIkarus (self, path, fileobject):
|
ft@0
|
124 |
retval = { "infected" : False, "virusname" : "Unknown" }
|
ft@0
|
125 |
self.__LOG.debug ("Scan File: %s" % (path))
|
ft@0
|
126 |
|
ft@0
|
127 |
if (os.fstat(fileobject.fileno()).st_size > self.__MAX_SCAN_FILE_SIZE):
|
ft@0
|
128 |
self.__LOG.info("File max size exceeded. The file is not scanned.")
|
ck@1
|
129 |
retval["infected"] = False
|
ft@0
|
130 |
retval["virusname"] = "File is to big to be scanned."
|
ft@0
|
131 |
return retval
|
ft@0
|
132 |
|
ft@0
|
133 |
fields = { 'up_file' : fileobject.read() }
|
ft@0
|
134 |
|
ft@0
|
135 |
if (self.__remoteScanserverReachable == False) and ((self.__scanserverTimestamp + self.__SCANSERVER_RETRY_TIMEOUT) < time.time()):
|
ft@0
|
136 |
self.__remoteScanserverReachable = True
|
ft@0
|
137 |
|
ft@0
|
138 |
if self.__remoteScanserverReachable:
|
ft@0
|
139 |
try:
|
ck@1
|
140 |
response = self.contactScanserver(self.__REMOTE_SCANSERVER_URL, fields)
|
ft@0
|
141 |
# We should catch socket.error here, but this does not work. Needs checking.
|
ft@0
|
142 |
except:
|
ft@0
|
143 |
self.__LOG.info("Remote scan server unreachable, using local scan server.")
|
ck@1
|
144 |
self.__LOG.debug("Exception: %s: %s" % (sys.exc_info()[0], sys.exc_info()[1]))
|
ft@0
|
145 |
self.__LOG.info("Next check for remote server in %s seconds." % (self.__SCANSERVER_RETRY_TIMEOUT))
|
ft@0
|
146 |
|
ft@0
|
147 |
self.__remoteScanserverReachable = False
|
ft@0
|
148 |
self.__scanserverTimestamp = time.time()
|
ft@0
|
149 |
|
ft@0
|
150 |
try:
|
ck@1
|
151 |
response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)
|
ft@0
|
152 |
except:
|
ft@0
|
153 |
self.__LOG.error ("Connection to local scan server could not be established.")
|
ck@1
|
154 |
self.__LOG.debug ("Exception: %s" % (sys.exc_info()[0]))
|
ft@0
|
155 |
return retval
|
ft@0
|
156 |
else:
|
ft@0
|
157 |
try:
|
ck@1
|
158 |
response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)
|
ft@0
|
159 |
except:
|
ft@0
|
160 |
self.__LOG.error ("Connection to local scan server could not be established.")
|
ft@0
|
161 |
self.__LOG.error ("Exception: %s" %(sys.exc_info()[0]))
|
ft@0
|
162 |
return retval
|
ft@0
|
163 |
|
ft@0
|
164 |
|
ft@0
|
165 |
if response.status == self.__STATUS_CODE_OK:
|
ft@0
|
166 |
retval["infected"] = False
|
ft@0
|
167 |
elif response.status == self.__STATUS_CODE_INFECTED:
|
ck@1
|
168 |
# Parse xml for info
|
ck@1
|
169 |
root = ET.fromstring(response.data)
|
ck@1
|
170 |
|
ck@1
|
171 |
# this should be done in a more generic way
|
ck@1
|
172 |
retval["virusname"] = root[1][3][0].text
|
ft@0
|
173 |
retval["infected"] = True
|
ft@0
|
174 |
else:
|
ft@0
|
175 |
self.__LOG.error ("Connection error to scan server.")
|
ft@0
|
176 |
|
ft@0
|
177 |
if (retval["infected"] == True):
|
ft@0
|
178 |
self.__LOG.error ("Virus found, denying access.")
|
ft@0
|
179 |
else:
|
ft@0
|
180 |
self.__LOG.debug ("No virus found.")
|
ft@0
|
181 |
|
ft@0
|
182 |
return retval
|
ft@0
|
183 |
|
ft@0
|
184 |
|
ft@0
|
185 |
|