class ThreatScanner

Runs a virus/malware check against the given path, using ClamAV.

Sample usage:

# Call with a file object:
ThreatScanner.new(@unknown_tempfile).check!

# ...or with a path:
ThreatScanner.new('path/to/README').check!

Attributes

path[R]

Public Class Methods

installed?() click to toggle source
# File lib/ndr_support/threat_scanner.rb, line 22
def self.installed?
  system('which clamdscan > /dev/null 2>&1')
end
new(path) click to toggle source
# File lib/ndr_support/threat_scanner.rb, line 28
def initialize(path)
  @path = path.respond_to?(:path) ? path.path : path
end

Public Instance Methods

check() click to toggle source

Returns true if the given file is deemed safe, and false if it could not be checked. Raises if a threat is detected, or the file did not exist.

# File lib/ndr_support/threat_scanner.rb, line 34
def check
  check!
rescue MissingScannerError, ScannerOperationError
  false
end
check!() click to toggle source

Returns true if the given file is deemed safe, and raises an exception otherwise (if the file is unsafe / does not exist / scanner broke etc).

# File lib/ndr_support/threat_scanner.rb, line 42
def check!
  check_existence! && check_installed! && run_scanner!
end

Private Instance Methods

check_existence!() click to toggle source
# File lib/ndr_support/threat_scanner.rb, line 48
def check_existence!
  File.exist?(@path) || raise(MissingFileError, "#{@path} does not exist!")
end
check_installed!() click to toggle source
# File lib/ndr_support/threat_scanner.rb, line 52
def check_installed!
  self.class.installed? || raise(MissingScannerError, 'no scanner is available')
end
run_scanner!() click to toggle source
# File lib/ndr_support/threat_scanner.rb, line 56
def run_scanner!
  `clamdscan --fdpass --quiet #{Shellwords.escape(@path)}`

  case $CHILD_STATUS.exitstatus
  when 0 then true
  when 1 then raise(ThreatDetectedError, "possible virus detected at #{@path}!")
  else        raise(ScannerOperationError, 'the scan was unable to complete')
  end
end