Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can a Worker Role process call Antimalware for Azure Cloud Services programmatically?

I'm trying to find a solution that I can use to perform virus scanning on files that have been uploaded to Azure blob storage. I wanted to know if it is possible to copy the file to local storage on a Worker Role instance, call Antimalware for Azure Cloud Services to perform the scan on that specific file, and then depending on whether the file is clean, process the file accordingly.

If the Worker Role cannot call the scan programmatically, is there a definitive way to check if a file has been scanned and whether it is clean or not once it has been copied to local storage (I don't know if the service does a real-time scan when new files are added, or only runs on a schedule)?

like image 578
CM_DEV Avatar asked Nov 01 '22 08:11

CM_DEV


1 Answers

There isn't a direct API that we've found, but the anti-malware services conform to the standards used by Windows desktop virus checkers in that they implement the IAttachmentExecute COM API.

So we ended up implementing a file upload service that writes the uploaded file to a Quarantine local resource, then calling the IAttachmentExecute API. If the file is infected then, depending on the anti-malware service in use, it will either throw an exception, silently delete the file or mark it as inaccessible. So by attempting to read the first byte of the file, we can test if the file remains accessible.

var type = Type.GetTypeFromCLSID(new Guid("4125DD96-E03A-4103-8F70-E0597D803B9C"));
var svc = (IAttachmentExecute)Activator.CreateInstance(type);
try {
    svc.SetClientGuid(ref clientGuid);
    svc.SetLocalPath(path);
    svc.Save();
}
finally
{
    svc.ClearClientState();
}

using (var fileStream = File.OpenRead(path))
{
    fileStream.ReadByte();
}

[Guid("73DB1241-1E85-4581-8E4F-A81E1D0F8C57")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IAttachmentExecute
{
    void SetClientGuid(ref Guid guid);

    void SetLocalPath(string pszLocalPath);

    void Save();

    void ClearClientState();
}
like image 158
Darran Avatar answered Nov 12 '22 22:11

Darran