-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathbitdefender-agent.py
executable file
·78 lines (68 loc) · 2.58 KB
/
bitdefender-agent.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# Copyright 2014, 2015 Robert Simmons
#
# This file is part of PlagueScanner.
#
# PlagueScanner is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Foobar is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Foobar. If not, see <http://www.gnu.org/licenses/>.
import configparser
import io
import os
import re
import tempfile
import subprocess
import requests
import zmq
working_dir = os.path.dirname(os.path.realpath(__file__))
config = configparser.ConfigParser()
config_file = os.path.join(working_dir, 'plaguescanner.conf')
config.read(config_file)
port = int(config['PlagueScanner']['Port'])
context = zmq.Context()
socket = context.socket(zmq.REP)
socket.bind('tcp://*:{}'.format(port))
def get_scanner_results(sample):
scanner_output = scan_file(sample)
results = parse_output(scanner_output)
return results
def scan_file(sample):
sample_data = sample.read()
with tempfile.NamedTemporaryFile(delete=True) as fp:
fp.write(sample_data)
scanner = subprocess.Popen(['/opt/BitDefender-scanner/bin/bdscan', '--action=ignore', fp.name], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
stdout, stderr = scanner.communicate()
output = stdout.splitlines()
fp.close()
return output
def parse_output(output):
response = {'engine': 'BitDefender'}
pest_name = re.match(b'.+ infected: (.+)$', output[6])
if pest_name:
response['pest_name'] = pest_name.group(1).decode(encoding='utf-8')
else:
response['pest_name'] = None
engine_version = re.match(b'BitDefender Antivirus Scanner for Unices v(.+) .+', output[0])
if engine_version:
response['engine_version'] = engine_version.group(1).decode(encoding='utf-8')
return response
while True:
message = socket.recv_string()
print('Received request: {}'.format(message))
message_parts = re.match('SCAN:(.+):(.+)', message)
file = message_parts.group(2)
response = requests.get('http://{}/{}'.format(config['PlagueScanner']['IP'], file))
sample = io.BytesIO(response.content)
reply = get_scanner_results(sample)
socket.send_json(reply)