예제 #1
0
function ScanFileOnVirusTotal($file, $rescan = false)
{
    if (!isset($file->vtscore)) {
        $file->vtscore = 0;
    }
    if (!isset($file->vtlink)) {
        $file->vtlink = "";
    }
    if (!isset($file->vendor)) {
        $file->vendor = "";
    }
    $file->scanned = 0;
    $api = new VirusTotalAPIV2($GLOBALS["config"]["virustotal"]["key"]);
    // Check size
    if ($file->size >= 30000000) {
        $file->scanned = -5;
        //file is too big
        SetVTResults($file);
        return;
    }
    // First, check if file exists
    $report = $api->getFileReport(isset($file->scan_id) && !empty($file->scan_id) ? $file->scan_id : $file->name);
    if (isset($report->response_code)) {
        if ($report->response_code == -3) {
            //API limit exceeded. Retry later.
            $file->scanned = -3;
        } else {
            if ($report->response_code == -2) {
                //Being scanned; Keep the permalink to check later
                $file->scanned = -2;
                if (isset($report->permalink)) {
                    $file->vtlink = $report->permalink;
                }
            } else {
                if ($report->response_code == -1) {
                    //Error occured
                    $file->scanned = -1;
                } else {
                    if ($report->response_code == 0) {
                        //No results; upload the file
                        if ($GLOBALS["config"]["virustotal"]["automatic_upload"] == True || $rescan == True) {
                            ForceScanFileOnVirusTotal($file, true);
                        }
                    } else {
                        if ($report->response_code == 1 && isset($report->permalink)) {
                            if ($rescan) {
                                ForceScanFileOnVirusTotal($file, false);
                            } else {
                                //Results
                                if (isset($report->positives)) {
                                    $file->vtscore = $report->positives;
                                }
                                if (isset($report->permalink)) {
                                    $file->vtlink = $report->permalink;
                                }
                                if (isset($report->scan_id)) {
                                    $file->scan_id = $report->scan_id;
                                }
                                $file->scanned = 1;
                                if (isset($report->scans)) {
                                    if (isset($report->scans->Microsoft) && !empty($report->scans->Microsoft->result)) {
                                        $file->vendor = $report->scans->Microsoft->result;
                                    } else {
                                        if (isset($report->scans->Kaspersky) && !empty($report->scans->Kaspersky->result)) {
                                            $file->vendor = $report->scans->Kaspersky->result;
                                        } else {
                                            if (isset($report->scans->BitDefender) && !empty($report->scans->BitDefender->result)) {
                                                $file->vendor = $report->scans->BitDefender->result;
                                            } else {
                                                if (isset($report->scans->Malwarebytes) && !empty($report->scans->Malwarebytes->result)) {
                                                    $file->vendor = $report->scans->Malwarebytes->result;
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
        //==============
        SetVTResults($file);
    }
}
예제 #2
0
 private function scanFileOnVirusTotal(&$file, $forceScanFile = false)
 {
     if (!isset($file->vtscore)) {
         $file->vtscore = 0;
     }
     if (!isset($file->vtlink)) {
         $file->vtlink = "";
     }
     if (!isset($file->vendor)) {
         $file->vendor = "";
     }
     if (!isset($file->is_vtscanned)) {
         $this->setVTScannedStatus($file, 0);
     }
     $api = new VirusTotalAPIV2($_ENV['VT_API_KEY']);
     $report = $api->getFileReport($file->md5);
     if (isset($report->response_code)) {
         if ($report->response_code == -3) {
             //API limit exceeded. Retry later.
             $this->setVTScannedStatus($file, $report->response_code);
         } else {
             if ($report->response_code == -2 && isset($report->permalink)) {
                 //Being scanned; Keep the permalink to check later
                 $this->setVTScannedStatus($file, $report->response_code);
                 $file->vtlink = $report->permalink;
             } else {
                 if ($report->response_code == -1) {
                     //Error occured
                     $this->setVTScannedStatus($file, $report->response_code);
                 } else {
                     if ($report->response_code == 0) {
                         //No results; upload the file
                         if ($forceScanFile) {
                             $this->forceScanFileOnVirusTotal($file);
                         }
                     } else {
                         if ($report->response_code == 1 && isset($report->permalink)) {
                             //Results
                             $file->vtscore = $report->positives;
                             $file->vtlink = $report->permalink;
                             $this->setVTScannedStatus($file, $report->response_code);
                             if (isset($report->scans)) {
                                 if (isset($report->scans->Microsoft) && !empty($report->scans->Microsoft->result)) {
                                     $file->vendor = $report->scans->Microsoft->result;
                                 } else {
                                     if (isset($report->scans->Kaspersky) && !empty($report->scans->Kaspersky->result)) {
                                         $file->vendor = $report->scans->Kaspersky->result;
                                     } else {
                                         if (isset($report->scans->BitDefender) && !empty($report->scans->BitDefender->result)) {
                                             $file->vendor = $report->scans->BitDefender->result;
                                         } else {
                                             if (isset($report->scans->Malwarebytes) && !empty($report->scans->Malwarebytes->result)) {
                                                 $file->vendor = $report->scans->Malwarebytes->result;
                                             }
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
         }
     }
 }
        } else {
            echo "File," . $row['name'] . " Queued Successfully, Refresh page.<br>";
        }
    }
}
if (isset($_POST['report_button'])) {
    $antivirus_array = array();
    $data = $_POST['report_file'];
    foreach ($data as $id) {
        $query = "SELECT `scan_id`,`name` from `file_scan` WHERE `id`=" . $id;
        //echo $query;
        if (!($result = $db->query($query))) {
            echo $db->error;
        }
        $row = $result->fetch_assoc();
        $report_file = $obj->getFileReport($row['scan_id']);
        if (isset($report_file->scans)) {
            $virus_data = $report_file->scans;
            //var_dump($report_file);
            foreach ($virus_data as $virus => $result) {
                if ($result->result != null) {
                    $antivirus_array[] = $virus;
                }
                $query = "Insert into `" . strtolower($virus) . "`(`id`,`result`) VALUES('" . $id . "','" . $result->result . "')";
                if (!($result = $db->query($query))) {
                    echo "Error:" . $db->error;
                }
            }
            $antivirus_string = implode(",", $antivirus_array);
            //var_dump($antivirus_string);
            $query = "UPDATE `file_scan` SET  `report` =1,`antivirus`='" . $antivirus_string . "' WHERE `id` =" . $id;