#!/usr/bin/python

 import ConfigParser

 import sys

 import logging

 import os

 import errno

 import time

 import urllib3

 import xml.etree.ElementTree as ET

 class IkarusScanner:

     # User the existing logger  instance

     __LOG = logging.getLogger("IkarusScanner")

     __MINOPTS = { "Main" : ["LocalScanserverURL", "RemoteScanserverURL", "MaxFileSize", "RetryTimeout"]}

     __CONFIG_NOT_READABLE = "Configfile is not readable"

     __CONFIG_WRONG = "Something is wrong with the config"

     __CONFIG_MISSING = "Section: \"%s\" Option: \"%s\" in configfile is missing"

     __LOCAL_SCANSERVER_URL = ""

     __REMOTE_SCANSERVER_URL = ""

     __STATUS_CODE_OK = 200

     __STATUS_CODE_INFECTED = 210

     __STATUS_CODE_NOT_FOUND = 404

     __MAX_SCAN_FILE_SIZE = 50 * 0x100000

     __SCANSERVER_RETRY_TIMEOUT = 60

     # Global http pool manager used to connect to the scan server

     __remoteScanserverReachable = True

     __scanserverTimestamp = 0

     __httpPool = urllib3.PoolManager(num_pools = 1, timeout = 3)

     def __init__ (self, scanner_config_path):

         config = self.loadConfig (scanner_config_path)

         self.__scanserverTimestamp = time.time()

         self.__LOCAL_SCANSERVER_URL = config.get("Main", "LocalScanserverURL")

         self.__REMOTE_SCANSERVER_URL = config.get("Main", "RemoteScanserverURL")

         self.__SCANSERVER_RETRY_TIMEOUT = int(config.get("Main", "RetryTimeout"))

         # Convert file size from MB to byte

         self.__MAX_SCAN_FILE_SIZE = int(config.get("Main", "MaxFileSize")) * 0x100000

     def checkMinimumOptions (self, config):

         for section, options in self.__MINOPTS.iteritems ():

             for option in options:

                 if (config.has_option(section, option) == False):

                     self.__LOG.error (self.__CONFIG_MISSING % (section, option))

                     exit (129)

     def loadConfig (self, scanner_config_path):

         configfile = scanner_config_path

         config = ConfigParser.SafeConfigParser ()

         if ((os.path.exists (scanner_config_path) == False) or (os.path.isfile (scanner_config_path) == False) or (os.access (scanner_config_path, os.R_OK) == False)):

             self.__LOG.error(self.__CONFIG_NOT_READABLE);

             raise SystemError(self.__CONFIG_NOT_READABLE)

         try:

             config.read (scanner_config_path)

         except Exception, e:

             self.__LOG.error("Error: %s" % (e));

             raise SystemError("Error: %s" % (e))

         self.checkMinimumOptions (config)

         return config

     def contactScanserver(self, url, fields):

         self.__LOG.debug("Contacting server %s" % url)

         return self.__httpPool.request_encode_body('POST', url, fields = fields, retries = 0)

     def scanFile (self, path, fileobject):

         return self.scanFileIkarus (path, fileobject)

     def scanFileIkarus (self, path, fileobject):

         retval = { "infected" : False, "virusname" : "Unknown" }

         self.__LOG.debug ("Scan File: %s" % (path))

         if (os.fstat(fileobject.fileno()).st_size > self.__MAX_SCAN_FILE_SIZE):

             self.__LOG.info("File max size exceeded. The file is not scanned.")

             retval["infected"] = False

             retval["virusname"] = "File is to big to be scanned."

             return retval

         fields = { 'up_file' : fileobject.read() }

         if (self.__remoteScanserverReachable == False) and ((self.__scanserverTimestamp + self.__SCANSERVER_RETRY_TIMEOUT) < time.time()):

             self.__remoteScanserverReachable = True

         if self.__remoteScanserverReachable:

             try:

                 response = self.contactScanserver(self.__REMOTE_SCANSERVER_URL, fields)

                 # We should catch socket.error here, but this does not work. Needs checking.

             except:

                 self.__LOG.info("Remote scan server unreachable, using local scan server.")

                 self.__LOG.debug("Exception: %s: %s" % (sys.exc_info()[0], sys.exc_info()[1]))

                 self.__LOG.info("Next check for remote server in %s seconds." % (self.__SCANSERVER_RETRY_TIMEOUT))

                 self.__remoteScanserverReachable = False

                 self.__scanserverTimestamp = time.time()

                 try:

                     response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)

                 except:

                     self.__LOG.error ("Connection to local scan server could not be established.")

                     self.__LOG.debug ("Exception: %s" % (sys.exc_info()[0]))

                     return retval

         else:

             try:

                 response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields)

             except:

                 self.__LOG.error ("Connection to local scan server could not be established.")

                 self.__LOG.error ("Exception: %s" %(sys.exc_info()[0]))

                 return retval

         if response.status == self.__STATUS_CODE_OK:

             retval["infected"] = False

         elif response.status == self.__STATUS_CODE_INFECTED:

             # Parse xml for info

             root = ET.fromstring(response.data)

             # this should be done in a more generic way

             retval["virusname"] = root[1][3][0].text

             retval["infected"] = True

         else:

             self.__LOG.error ("Connection error to scan server.")

         if (retval["infected"] == True):

             self.__LOG.error ("Virus found, denying access.")

         else:

             self.__LOG.debug ("No virus found.")

         return retval