ft@0: #!/usr/bin/python ft@0: ft@2: # ------------------------------------------------------------ ft@2: # opensecurity package file ft@2: # ft@2: # Autor: Karlberger Christoph ft@2: # X-Net Services GmbH ft@2: # ft@2: # Copyright 2013-2014 X-Net and AIT Austrian Institute of Technology ft@2: # ft@2: # IKARUS Security Software GmbH ft@2: # Blechturmgasse 11 ft@2: # 1050 Wien ft@2: # AUSTRIA ft@2: # http://www.ikarussecurity.com ft@2: # ft@2: # X-Net Technologies GmbH ft@2: # Elisabethstrasse 1 ft@2: # 4020 Linz ft@2: # AUSTRIA ft@2: # https://www.x-net.at ft@2: # ft@2: # AIT Austrian Institute of Technology ft@2: # Donau City Strasse 1 ft@2: # 1220 Wien ft@2: # AUSTRIA ft@2: # http://www.ait.ac.at ft@2: # ft@2: # ft@2: # Licensed under the Apache License, Version 2.0 (the "License"); ft@2: # you may not use this file except in compliance with the License. ft@2: # You may obtain a copy of the License at ft@2: # ft@2: # http://www.apache.org/licenses/LICENSE-2.0 ft@2: # ft@2: # Unless required by applicable law or agreed to in writing, software ft@2: # distributed under the License is distributed on an "AS IS" BASIS, ft@2: # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ft@2: # See the License for the specific language governing permissions and ft@2: # limitations under the License. ft@2: # ------------------------------------------------------------ ft@2: ft@0: import ConfigParser ft@0: ft@0: import sys ft@0: ft@0: import logging ft@0: import os ft@0: import errno ft@0: import time ft@0: ft@0: import urllib3 ck@1: import xml.etree.ElementTree as ET ft@0: ft@0: class IkarusScanner: ft@0: ft@0: # User the existing logger instance ft@0: __LOG = logging.getLogger("IkarusScanner") ft@0: ft@0: __MINOPTS = { "Main" : ["LocalScanserverURL", "RemoteScanserverURL", "MaxFileSize", "RetryTimeout"]} ft@0: __CONFIG_NOT_READABLE = "Configfile is not readable" ft@0: __CONFIG_WRONG = "Something is wrong with the config" ft@0: __CONFIG_MISSING = "Section: \"%s\" Option: \"%s\" in configfile is missing" ft@0: __LOCAL_SCANSERVER_URL = "" ft@0: __REMOTE_SCANSERVER_URL = "" ft@0: __STATUS_CODE_OK = 200 ft@0: __STATUS_CODE_INFECTED = 210 ft@0: __STATUS_CODE_NOT_FOUND = 404 ft@0: __MAX_SCAN_FILE_SIZE = 50 * 0x100000 ft@0: __SCANSERVER_RETRY_TIMEOUT = 60 ft@0: ft@0: # Global http pool manager used to connect to the scan server ft@0: __remoteScanserverReachable = True ft@0: __scanserverTimestamp = 0 ft@0: __httpPool = urllib3.PoolManager(num_pools = 1, timeout = 3) ft@0: ft@0: def __init__ (self, scanner_config_path): ft@0: config = self.loadConfig (scanner_config_path) ft@0: ft@0: self.__scanserverTimestamp = time.time() ft@0: ck@1: self.__LOCAL_SCANSERVER_URL = config.get("Main", "LocalScanserverURL") ck@1: self.__REMOTE_SCANSERVER_URL = config.get("Main", "RemoteScanserverURL") ck@1: self.__SCANSERVER_RETRY_TIMEOUT = int(config.get("Main", "RetryTimeout")) ft@0: ft@0: # Convert file size from MB to byte ck@1: self.__MAX_SCAN_FILE_SIZE = int(config.get("Main", "MaxFileSize")) * 0x100000 ft@0: ft@0: ft@0: def checkMinimumOptions (self, config): ft@0: for section, options in self.__MINOPTS.iteritems (): ft@0: for option in options: ft@0: if (config.has_option(section, option) == False): ft@0: self.__LOG.error (self.__CONFIG_MISSING % (section, option)) ft@0: exit (129) ft@0: ft@0: def loadConfig (self, scanner_config_path): ft@0: ft@0: configfile = scanner_config_path ft@0: config = ConfigParser.SafeConfigParser () ft@0: ft@0: if ((os.path.exists (scanner_config_path) == False) or (os.path.isfile (scanner_config_path) == False) or (os.access (scanner_config_path, os.R_OK) == False)): ft@0: self.__LOG.error(self.__CONFIG_NOT_READABLE); ft@0: raise SystemError(self.__CONFIG_NOT_READABLE) ft@0: ft@0: try: ft@0: config.read (scanner_config_path) ft@0: except Exception, e: ft@0: self.__LOG.error("Error: %s" % (e)); ft@0: raise SystemError("Error: %s" % (e)) ft@0: ft@0: self.checkMinimumOptions (config) ft@0: ft@0: return config ft@0: ft@0: def contactScanserver(self, url, fields): ck@1: self.__LOG.debug("Contacting server %s" % url) ck@1: return self.__httpPool.request_encode_body('POST', url, fields = fields, retries = 0) ft@0: ft@0: def scanFile (self, path, fileobject): ft@0: return self.scanFileIkarus (path, fileobject) ft@0: ft@0: def scanFileIkarus (self, path, fileobject): ft@0: retval = { "infected" : False, "virusname" : "Unknown" } ft@0: self.__LOG.debug ("Scan File: %s" % (path)) ft@0: ft@0: if (os.fstat(fileobject.fileno()).st_size > self.__MAX_SCAN_FILE_SIZE): ft@0: self.__LOG.info("File max size exceeded. The file is not scanned.") ck@1: retval["infected"] = False ft@0: retval["virusname"] = "File is to big to be scanned." ft@0: return retval ft@0: ft@0: fields = { 'up_file' : fileobject.read() } ft@0: ft@0: if (self.__remoteScanserverReachable == False) and ((self.__scanserverTimestamp + self.__SCANSERVER_RETRY_TIMEOUT) < time.time()): ft@0: self.__remoteScanserverReachable = True ft@0: ft@0: if self.__remoteScanserverReachable: ft@0: try: ck@1: response = self.contactScanserver(self.__REMOTE_SCANSERVER_URL, fields) ft@0: # We should catch socket.error here, but this does not work. Needs checking. ft@0: except: ft@0: self.__LOG.info("Remote scan server unreachable, using local scan server.") ck@1: self.__LOG.debug("Exception: %s: %s" % (sys.exc_info()[0], sys.exc_info()[1])) ft@0: self.__LOG.info("Next check for remote server in %s seconds." % (self.__SCANSERVER_RETRY_TIMEOUT)) ft@0: ft@0: self.__remoteScanserverReachable = False ft@0: self.__scanserverTimestamp = time.time() ft@0: ft@0: try: ck@1: response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields) ft@0: except: ft@0: self.__LOG.error ("Connection to local scan server could not be established.") ck@1: self.__LOG.debug ("Exception: %s" % (sys.exc_info()[0])) ft@0: return retval ft@0: else: ft@0: try: ck@1: response = self.contactScanserver(self.__LOCAL_SCANSERVER_URL, fields) ft@0: except: ft@0: self.__LOG.error ("Connection to local scan server could not be established.") ft@0: self.__LOG.error ("Exception: %s" %(sys.exc_info()[0])) ft@0: return retval ft@0: ft@0: ft@0: if response.status == self.__STATUS_CODE_OK: ft@0: retval["infected"] = False ft@0: elif response.status == self.__STATUS_CODE_INFECTED: ck@1: # Parse xml for info ck@1: root = ET.fromstring(response.data) ck@1: ck@1: # this should be done in a more generic way ck@1: retval["virusname"] = root[1][3][0].text ft@0: retval["infected"] = True ft@0: else: ft@0: self.__LOG.error ("Connection error to scan server.") ft@0: ft@0: if (retval["infected"] == True): ft@0: self.__LOG.error ("Virus found, denying access.") ft@0: else: ft@0: self.__LOG.debug ("No virus found.") ft@0: ft@0: return retval ft@0: ft@0: ft@0: