h*@dZddlZddlZddlmZddlmZmZddlm Z ddl m Z ddl m Z mZmZddlmZdd lmZmZdd lmZdd lmZmZdd lmZdd lmZddlm Z ddl!m"Z"ddl#m$Z$ee%Z&Gdde eZ'GddZ(Gdde'Z)dS)u  This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program.  If not, see . Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see N) getLogger)OptionalUnion) HookEvent) MessageType) MessageSink MessageSourceexpect)Scope)MalwareScanResourceTypeMalwareScanType) MalwareScan)ScanAlreadyCompleteError ScanInfoErrorAiBolitDetachedScan)MDSDetachedScan)QueueSupervisorSync)aggregate_result)fill_results_ownerc:eZdZejjZejZ d\Z Z iZ dZ dZeejddZdZdZed efd Zdd Zed eeeeffdZeejdZe dZ!dZ"d S)DetachedScanPlugin)NNc&K||_||_dSN)loopsink)selfrrs Z/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/detached_scan.py create_sourcez DetachedScanPlugin.create_source=s  c KdSr)rrs r create_sinkzDetachedScanPlugin.create_sinkAs  r T) async_lockcKt|}|js(||d{V}||dd<|S|jr||d{VS||d{VS)Nsummarytotal_malicious)MalwareScanMessageInfo is_detached_count_total_malicious is_summary_handle_summary_handle_results)rmessage message_typer's r complete_scanz DetachedScanPlugin.complete_scanDs-g66 ' 7$($?$?$H$HHHHHHHO4CGI 0 1N  $ 7--g66666666 6))'222222222r cK|dd}||jvrtj|dd<|j||d<||d{V}||dd<tj|dd}|rtj|||d|r|j nid{V|S)Nr&scanid completedresultsr'r2) results_cachetimepopr*rqueuefindremove_call_scan_finished_hookargs)rr.scan_idr' queued_scans rr,z"DetachedScanPlugin._handle_summaryRs')$X. d( ( (.2ikkGI { +!%!3!7!7!@!@GI $($?$?$H$HHHHHHHO4CGI 0 1-388y)(39K >#)00===// " $KK$4$4       r cK||d{V}t|}|d}tdtj|d}|j|r?|jd|d<|jd|d<tj || ds| dr$d |d <| |i d{V|S|dd}|d |j |<t|j }|d krtd|dS|j}|j|d<|j|d<|j|d<t%j|d<| d |j|d<|j|d<| dd|d<||d<||d{V}||dd <|r?|jd|d<|jd|d<tj || ||r|jnid{V|S)Nr&z Scan stoppedr2r5 file_patternsexclude_patternspatherrorrr') scan_argsr4zMalwareScan cache size is %dstartedr3 total_filestype)rr(loggerinforr9r:summary_from_dbr=r;getr<r6lenrDr2rCrGr7total_resourcesrIr*) rr.r/r&r?r> cache_sizescanr's rr-z"DetachedScanPlugin._handle_resultsds--g66666666-g66 )$ N###)/44GH+6+;O+L(.9.>&/*+$)00==={{6"" gkk'&:&: -.)*33Gr3JJJJJJJJJi(2G*1)*z=DetachedScanPlugin._count_total_malicious..s>   AqV9Q< -66666r r4)rNitemsr.s rr*z)DetachedScanPlugin._count_total_malicioussE  #I.4466      r NcKtj|d|d|d|d|d|d|d|drdnd |id |Dd|di }|j|d{V|d{VdS) Nr2rIrCrGrHr'rDfailedokc"i|] \}}|dv || S)) scan_time scan_time_hsscan_time_preg smart_time_hssmart_time_preg finder_timecas_timedeobfuscate_timemem_peakr")rWkeyvalues r z?DetachedScanPlugin._call_scan_finished_hook..s@"U      r ) r> scan_typerCrGrHr'rDstatus scan_paramsstats)rMalwareScanningFinishedrMr[rprocess_message_recheck_scan_queue)rr&rE scan_finisheds rr<z+DetachedScanPlugin._call_scan_finished_hooks !9H%foI& .#$56++g&&&{{733=88!&-mmoo"!'-"89#   <i'' 666666666&&(((((((((((r resource_typec t|Srrrur>s r_get_detached_scanz%DetachedScanPlugin._get_detached_scans#7+++r c,K|d}|d}|||} |d{V}n#t$rO}td||Yd}~t jt|j ddSd}~wt$rZ}t d|j j ||Yd}~t jt|j ddSd}~wwxYw t jt|j dn-#t jt|j dwxYw|j|d{VdS)Nr>ruzru detached_scan scan_messageerrs rcomplete_detached_scanz)DetachedScanPlugin.complete_detached_scans++i(( O44 // wGG  O!.!7!7!9!9999999LL'    NN     FFF M#m899 N N N N N N    LLN+1     FFF M#m899 N N N N N N  & M#m899 N N N N NFM#m899 N N N N Ni'' 55555555555sBAE D)B3E3 D'D'EDE*E1cpKt|d|d<t|dd{V|SNr4)rr)clsr.s rrz#DetachedScanPlugin.aggregate_resultsG-gi.@AA  !3444444444r clK|jtjd{VdSr)rrrrMalwareScanQueueRecheckrs rrsz&DetachedScanPlugin._recheck_scan_queues=i'' (K(M(MNNNNNNNNNNNr )rRN)#__name__ __module__ __qualname__rProcessingOrderPRE_PROCESS_MESSAGEPROCESSING_ORDERr AVSCOPErrr6rr#r rrr0r,r- staticmethodintr*r<rrrr rxMalwareScanCompleter classmethodrrsr"r rrr7sl"2F HEJD$M    VK #555 3 365 3$222h    \  ) ) ) )D,c+B&B CD,,,\,  VK +,,66-,6:[ OOOOOr rcZeZdZdZdZedZedZedZdS)r(z_A helper class that allows to receive information about scan from MalwareScan message. cR||_d|_|jdd|_dS)Nr&r2)r._summary_from_dbr>)rr.s r__init__zMalwareScanMessageInfo.__init__s( $|I.x8 r c|jd}|dtjtjtjdfvS)Nr&rI)r.rMr ON_DEMAND BACKGROUNDUSER)rr&s rr)z"MalwareScanMessageInfo.is_detachedsA,y){{6""  %  &   '   r c |jdduSrr\rs rr+z!MalwareScanMessageInfo.is_summarys|I&$..r c|js[tjtj|jkd}|r |d|_|jS)NrFr)rMalwareScanModelselectwherer2r>limit)rrLs rrLz&MalwareScanMessageInfo.summary_from_db sa$ ; '))'.$,>??q   ;(7(:%$$r N) rrr__doc__rpropertyr)r+rLr"r rr(r(s~999   X //X/ % %X % % %r r(ceZdZejZedeee e ffdZ e e jdZdS)DetachedScanPluginIm360rucx|*t|tjurt|St|Sr)r DBrrrws rrxz*DetachedScanPluginIm360._get_detached_scansC  $ #M 2 2&) * *#7++ +"7+++r cbKtj|d}|rtj|t j|d|d|d}|j|d{V|d{VdSdS)Nr>r5rIrC)r>rmrC) rr9r:r;rrqrrrrs)rr.r?scan_finished_events rcomplete_scan_dbz(DetachedScanPluginIm360.complete_scan_db%s)/44GIrs.* """""""";;;;;;:::::: ('''''BAAAAA>=====JJJJJJ======>>>>>> 8  xOxOxOxOxOmxOxOxOv"%"%"%"%"%"%"%"%J-----0-----r