Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

.NET virus scanning API

I'm building a web application in which I need to scan the user-uploaded files for viruses.

Does anyone with experience in building something like this can provide information on how to get this up and running? I'm guessing antivirus software packages have APIs to access their functionality programatically, but it seems it's not easy to get a hand on the details.

FYI, the application is written in C#.

like image 752
Farinha Avatar asked Jun 10 '09 11:06

Farinha


People also ask

What is Scanii?

Scanii is a simple REST API you can use to identify malware, phishing, NSFW images/language and other dangerous content. scanii Details. scanii. scanii Community. Scanii is a simple REST API you can use to identify malware, phishing, NSFW images/language and other dangerous content.

How scan upload Virus for virus programmatically in PHP?

In the PHP side, you can shell_exec('clamscan myuploadedfile. zip'); then parse the output. Lines ending with OK are safe files, lines ending with FOUND are malicious files.


2 Answers

Important note before use: Be aware of TOS agreement. You give them full access to everything: "When you upload or otherwise submit content, you give VirusTotal (and those we work with) a worldwide, royalty free, irrevocable and transferable licence to use, edit, host, store, reproduce, modify, create derivative works, communicate, publish, publicly perform, publicly display and distribute such content."

Instead of using a local Antivirus program (and thus binding your program to that particular Antivirus product and requesting your customers to install that Antivirus product) you could use the services of VirusTotal.com

This site provides a free service in which your file is given as input to numerous antivirus products and you receive back a detailed report with the evidences resulting from the scanning process. In this way your solution is no more binded to a particular Antivirus product (albeit you are binded to Internet availability)

The site provides also an Application Programming Interface that allows a programmatically approach to its scanning engine.

Here a VirusTotal.NET a library for this API
Here the comprensive documentation about their API
Here the documentation with examples in Python of their interface

And because no answer is complete without code, this is taken directly from the sample client shipped with the VirusTotal.NET library

static void Main(string[] args) {     VirusTotal virusTotal = new VirusTotal(ConfigurationManager.AppSettings["ApiKey"]);      //Use HTTPS instead of HTTP     virusTotal.UseTLS = true;      //Create the EICAR test virus. See http://www.eicar.org/86-0-Intended-use.html     FileInfo fileInfo = new FileInfo("EICAR.txt");     File.WriteAllText(fileInfo.FullName, @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*");      //Check if the file has been scanned before.     FileReport fileReport = virusTotal.GetFileReport(fileInfo);      bool hasFileBeenScannedBefore = fileReport.ResponseCode == ReportResponseCode.Present;      Console.WriteLine("File has been scanned before: " + (hasFileBeenScannedBefore ? "Yes" : "No"));      //If the file has been scanned before, the results are embedded inside the report.     if (hasFileBeenScannedBefore)     {         PrintScan(fileReport);     }     else     {         ScanResult fileResult = virusTotal.ScanFile(fileInfo);         PrintScan(fileResult);     }     ... continue with testing a web site .... 

}

DISCLAIMER
I am in no way involved with them. I am writing this answer just because it seems to be a good update for these 4 years old answers.

like image 70
Steve Avatar answered Sep 18 '22 02:09

Steve


You can use IAttachmentExecute API.

Windows OS provide the common API to calling the anti virus software which is installed (Of course, the anti virus software required support the API). But, the API to calling the anti virus software provide only COM Interface style, not supported IDispatch. So, calling this API is too difficult from any .NET language and script language.

Download this library from here Anti Virus Scanner for .NET or add reference your VS project from "NuGet" AntiVirusScanner

For example bellow code scan a file :

var scanner = new AntiVirus.Scanner(); var result = scanner.ScanAndClean(@"c:\some\file\path.txt"); Console.WriteLine(result); // console output is "VirusNotFound". 
like image 22
Fred Avatar answered Sep 19 '22 02:09

Fred