import json import os from subprocess import check_output from restore_infected import helpers AGENT_BIN = '/usr/bin/imunify360-agent' def agent_malware_cmd(*args): cmd = [AGENT_BIN, 'malware'] + list(args) + ['--json'] out = check_output(cmd) out = out.decode('utf-8', 'ignore') try: return json.loads(out) except (json.JSONDecodeError, TypeError): return None def agent_start_scan(file_name): agent_malware_cmd('on-demand', 'start', '--path', file_name) def agent_scan_running(file_name): status_json = agent_malware_cmd('on-demand', 'status') status_json = status_json.get('items', status_json) status = status_json.get('status', 'stopped') if status == 'running' and status_json.get('path', '') == file_name: return True return False def agent_is_suspicious(file_name): scan_result = agent_malware_cmd('suspicious', 'list', '--search', file_name) if scan_result is not None: for item in scan_result['items']: if item['file'] == file_name: return True return False def await_scan_result(file_name): while agent_scan_running(file_name): pass def scan(files): """ Scan files for malware :param files: list of files to scan :return: list of malware detected files """ if not os.path.exists(AGENT_BIN): helpers.warning("Can't find imunify360-agent binary, " "malware scanning disabled", once=True) return [] infected = [] for file_name in files: agent_start_scan(file_name) await_scan_result(file_name) if agent_is_suspicious(file_name): infected.append(file_name) return infected