Hacked By AnonymousFox

Current Path : /opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/__pycache__/
Upload File :
Current File : //opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/__pycache__/cleanup.cpython-311.pyc

�

��g�q��2�dZddlZddlZddlZddlZddlZddlmZddlm	Z	ddl
mZddlm
Z
ddlmZmZmZmZddlmZdd	lmZdd
lmZmZddlmZddlmZdd
lm Z ddl!m"Z"ddl#m$Z$m%Z%m&Z&ddl'm(Z(ddl)m*Z*m+Z+m,Z,m-Z-ddl.m/Z/m0Z0m1Z1ddl2m3Z3m4Z4m5Z5ddl6m7Z7ddl8m9Z9m:Z:m;Z;ddl<m=Z=m>Z>ddl?m@Z@ddlAmBZBddlCmDZDmEZEddlFmGZGddlHmIZImJZJddlKmLZLddlMmNZNmOZOeeP��ZQdZRe	e>jSd� ��ZTe	e>jSd!� ��ZUe1e/eQjV�"��eQjW��ZXd#ee>d$efd%�ZYGd&�d'e$e%��ZZGd(�d)e$e%��Z[Gd*�d+e$��Z\d,�Z]Gd-�d.e[��Z^Gd/�d0e$��Z_Gd1�d2e$��Z`dS)3u

This program is free software: you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.


This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
See the GNU General Public License for more details.


You should have received a copy of the GNU General Public License
 along with this program.  If not, see <https://www.gnu.org/licenses/>.

Copyright © 2019 Cloud Linux Software Inc.

This software is also available under ImunifyAV commercial license,
see <https://www.imunify360.com/legal/eula>
�N)�suppress)�partial)�	getLogger)�Path)�Dict�Iterable�List�Tuple)�utils)�
inactivity)�Malware�MyImunifyConfig)�	HookEvent)�
LicenseCLN)�MessageType)�myimunify_protection_enabled)�MessageSink�
MessageSource�expect)�g)�Scope�
nice_iterator�recurring_check�split_for_chunk)�DAY�MINUTE�
rate_limit)�
CleanupResult�MalwareCleaner�MalwareCleanupProxy)�CleanupStorage)�MalwareHitStatus�MalwareScanResourceType�MalwareScanType)�MalwareHistory�
MalwareHit)�ScanAlreadyCompleteError)�MalwareDatabaseCleaner)�MDSDetachedCleanup�MDSDetachedRestore)�MalwareDatabaseRestore)�HackerTrapHitsSaver�
MalwareAction)�malware_response)�get_username_by_uid�is_uid��status)�	attribute�owner)�period�on_drop�hits�returnc��d�|D��S)Nc3�DK�|]}|jtjk�|V��dS�N)r2r"�FOUND��.0�hits  �T/opt/imunify360/venv/lib/python3.11/site-packages/imav/malwarelib/plugins/cleanup.py�	<genexpr>z#filter_cleanable.<locals>.<genexpr>_s2����H�H�C�3�:�1A�1G�#G�#G�C�#G�#G�#G�#G�H�H���r7s r@�filter_cleanablerE^s��H�H�4�H�H�H�HrBc	�V�eZdZd�Zd�Zd�Zd�Zeej	��de
fd���Zede
deed	ee
e
ffd
���Zede
deded	e
fd
���Zde
d	e
fd�Zde
d	e
fd�Zd�Zd�Zed���Zd�Zd�Z						dd�Zd�Zed��d���ZdS)�Cleanupc�h�d|_d|_d|_d|_d|_d|_d|_dS)NF)�
_cleanup_task�_store_original_task�_running�_loop�_sink�_proxy�_cleaner��selfs r@�__init__zCleanup.__init__cs9��!���$(��!���
���
���
������
�
�
rBc���K�||_||_t��|_t	||���|_|�|�����|_dS)N)�loop�sink)	rLrMr rNrrO�create_task�cleanuprI�rQrTrUs   r@�
create_sourcezCleanup.create_sourcelsY������
���
�)�+�+���&�D�t�<�<�<��
�!�-�-�d�l�l�n�n�=�=����rBc��
K�dSr;rC�rQrTs  r@�create_sinkzCleanup.create_sinks������rBc���K�|jrZ|j���ttj��5|j�d{V��ddd��dS#1swxYwYdSdSr;)rI�cancelr�asyncio�CancelledErrorrPs r@�shutdownzCleanup.shutdownvs�������	)���%�%�'�'�'��'�0�1�1�
)�
)��(�(�(�(�(�(�(�(�
)�
)�
)�
)�
)�
)�
)�
)�
)�
)�
)�
)����
)�
)�
)�
)�
)�
)�	)�	)��A�A�A�messagec
�� K�|�d��}|�d��}|�d��}|�d��}|�d��}|du}t|d��}tj|d|���}	t	|	��}	d�|	D��}	|sh|�|	tjtjg��\}
}	|�	|
���d{V��}
|
|�
|	���d{V��z}	|t|	��z
x}rt�d	||��|j
�|�|	|||||����|_dS)
N�cause�	initiator�post_action�scan_id�
standard_onlyr7)�include_scan_infoc�F�g|]}|jtjjk�|��SrC)�
resource_typer#�FILE�valuer=s  r@�
<listcomp>z0Cleanup.process_cleanup_task.<locals>.<listcomp>�s7��
�
�
��� �$;�$@�$F�F�F�
�F�F�FrBz"%s/%s hits filtered before cleanup)�get�lenr&�refresh_hitsrE�_split_hits_by_scan_typer$�RESCAN�RESCAN_OUTDATED�_filter_rescan_hits�_filter_failed_to_cleanup_hits�logger�inforLrV�_store_originalrJ)rQrdrfrgrhrirj�manual_cleanup�origin_hits_numr7�rescan_hits�filtereds            r@�process_cleanup_taskzCleanup.process_cleanup_task|s��������G�$�$���K�K��,�,�	��k�k�-�0�0���+�+�i�(�(�����O�4�4�
��$����g�f�o�.�.���&��F�O�>�/A�
�
�
�� ��%�%��
�
��
�
�
���		�!%� =� =���-��/N�O�!�!��K��!%� 8� 8�� E� E�E�E�E�E�E�E�K��t�'J�'J��(�(�"�"�"�"�"�"��D�'��T���2�2�8�	��K�K�4���
�
�
�
%)�J�$:�$:�� � ��e�Y��W�m�
�
�%
�%
��!�!�!rBr7�
scan_typesr8c��gg}}|D];}|jj|vr|�|���&|�|���<||fSr;)�scanid�type�append)r7r��target_hits�
other_hitsr?s     r@rtz Cleanup._split_hits_by_scan_type�sd��#%�b�Z���	'�	'�C��z��*�,�,��"�"�3�'�'�'�'��!�!�#�&�&�&�&��J�&�&rB�
time_range�allowed_attemptsc	���K�g}|r�tj��|z
}i}t|d���D]\}|�tt	jd�|D��|�������t
jd���d{V���]|D]P}|�|j	d��}||krtd|j	||���;|�|���Q|S)N����
chunk_sizec��g|]	}|j��
SrC��	orig_filer=s  r@rpz5Cleanup._filter_failed_to_cleanup.<locals>.<listcomp>�s��A�A�A�s�S�]�A�A�ArB)�sincerzVSkip cleanup file '%s', since there are too many attempts to cleanup it in %s sec [%s])�timer�update�dictr%�get_failed_cleanup_events_countr`�sleeprqr��throttled_log_errorr�)	r7r�r��
hits_to_cleanr��failed_cleanup_count�
hits_chunkr?�failuress	         r@�_filter_failed_to_cleanupz!Cleanup._filter_failed_to_cleanup�s3�����
��	*��I�K�K�*�,�E�#%� �-�d�s�C�C�C�	
'�	
'�
�$�+�+��&�F�A�A�j�A�A�A�"'����������m�A�&�&�&�&�&�&�&�&�&�&��
*�
*��/�3�3�C�M�1�E�E���/�/�/�'�@��
�"� ������$�$�S�)�)�)�)��rBc��RK�|�|dtzd����d{V��S)N���r�r�)r�r�rQr7s  r@rwzCleanup._filter_rescan_hits�sL�����3�3��Q��Z�!�4�
�
�
�
�
�
�
�
�	
rBc��VK�|�|tt����d{V��S)zl
        Don't try to cleanup the same hit more than
        *COUNT_OF_ATTEMPTS_TO_CLEANUP_PER_DAY*
        r�N)r�r�$COUNT_OF_ATTEMPTS_TO_CLEANUP_PER_DAYr�s  r@rxz&Cleanup._filter_failed_to_cleanup_hits�sL����
�3�3���A�4�
�
�
�
�
�
�
�
�	
rBc
���
K�tj|tj��t	|��}t
j�d��5tj	|���d{V��\}}	}
ddd��n#1swxYwY|	D]w}|j
�tj
d�|jtj��t#t%j����������d{V���x|�||||||��|���D]&\}�
tj�
fd�|	D��|���'tj|
��t-j|
||����d{V��dS)N�cleanup_storagez*Failed to store the original from {} to {})rd�	timestampc���g|]}|�v�|��	SrCrC)r>�h�hit_lists  �r@rpz+Cleanup._store_original.<locals>.<listcomp>�s���"F�"F�"F���X�
�
�1�
�
�
rB�rfrg)r&�
set_statusr"�CLEANUP_STARTED�_group_by_statusr�track�taskr!�	store_allrM�process_messager�
CleanupFailed�formatr��path�intr��
_add_to_proxy�items�delete_instancesr-�cleanup_failed)rQr7rfrgrhrirj�original_status�	succeeded�failed�	not_existr?r2r�s             @r@r{zCleanup._store_original�s5�����	��d�$4�$D�E�E�E�*�4�0�0��
�
�
"�
"�#4�
5�
5�	P�	P�1?�1I�$�1O�1O�+O�+O�+O�+O�+O�+O�(�I�v�y�	P�	P�	P�	P�	P�	P�	P�	P�	P�	P�	P����	P�	P�	P�	P��
	�
	�C��*�,�,��)�D�K�K��M�>�+>���"�$�)�+�+�.�.�
���	�	�	
�	
�	
�	
�	
�	
�	
�	
�	
����u�i��g�}�	
�	
�	
�!0� 5� 5� 7� 7�	P�	P��F�H��!�"F�"F�"F�"F�f�"F�"F�"F��O�O�O�O��#�I�.�.�.��*��U�i�
�
�
�	
�	
�	
�	
�	
�	
�	
�	
�	
s�A<�<B�Bc��g}g}|D]?}	t||��}
|
r|�|	���*|�|	���@|j�||||d|��|j�||||||��dS)NT)�"decide_if_standard_signatures_onlyr�rN�add)rQr7rfrgrhrirj�standard_only_hits�
advanced_hitsr?�standard_only_users           r@r�zCleanup._add_to_proxys��� ���
��	*�	*�C�!C��=�"�"��"�
*�"�)�)�#�.�.�.�.��$�$�S�)�)�)�)�����������
	
�	
�	
�	
����������
	
�	
�	
�	
�	
rBc�$�t|��}|Sr;)�_group_by_user)r7�	user_hitss  r@�
_user_hitszCleanup._user_hits s��"�4�(�(�	��rBc#��	K�|j���}|D].\}}}}}}d�|D���	�	fd�|D��}|�	|||||fV��/dS)Nc�F�g|]}tjd|j���|��S)z\w+-BLKH-|cloudhash\.|cld-)�re�matchr�r=s  r@rpz0Cleanup._cloud_assisted_hits.<locals>.<listcomp>0s=�������8�9�3�8�D�D�����rBc���g|]}|�v�|��	SrCrC)r>r?�	blacklists  �r@rpz0Cleanup._cloud_assisted_hits.<locals>.<listcomp>5s#���L�L�L�C�s�)�7K�7K�C�7K�7K�7KrB)rN�flush)
rQ�action_hitsrfrgrhrirj�all_hits�regular_hitsr�s
         @r@�_cloud_assisted_hitszCleanup._cloud_assisted_hits%s�������k�'�'�)�)���	�	�
���������#����I�
M�L�L�L�8�L�L�L�L���������
�
�
�
�	�	rBc��K�d�|D��}tj||t|��|���}|j�|���d{V��dS)Nc�6�g|]}|�����SrC)�as_dictr=s  r@rpz'Cleanup._start_hook.<locals>.<listcomp>As ��.�.�.�#����
�
�.�.�.rB)�
cleanup_id�started�total_files�DUMP)r�MalwareCleanupStartedrrrMr�)rQr�r�r7�dump�cleanup_starteds      r@�_start_hookzCleanup._start_hook@sr����.�.��.�.�.��#�9�!���D�	�	��	
�
�
���j�(�(��9�9�9�9�9�9�9�9�9�9�9rBNc��&K�|�|��}|�|pg��}	h|�|	�D�]�}
|�|
g��}|	�|
g��}||z}
d�|D��}d�|D��}t�d||z��t	j��j}tj��}t|
��r�|
}tj
��s\t�d|�d���|j�
tj|
i||d||||g��
�
���d{V����t!|���d{V��x}s t�d|�d	�����L|}
|�|||
���d{V��|j�|
|t(j||�
���d{V��\}}}|j�
tj|
|||||||||��
�
���d{V�����dS)Nc��g|]	}|j��
SrCr�r=s  r@rpz(Cleanup._clean_files.<locals>.<listcomp>\s��;�;�;�s�S�]�;�;�;rBc��g|]	}|j��
SrCr�r=s  r@rpz(Cleanup._clean_files.<locals>.<listcomp>]s��9�9�9�s�S�]�9�9�9rBzCleaning files: %sz)Can't clean files for non panel user uid=z, since license is limitedz#Cleanup failed. License restriction)
r7�resultr�r��errorrfrgrhri�argszCan't find username for uid=z. Skip cleanup)�softr�rj)r�rqry�debug�uuid�uuid4�hexr�r0r�is_unlimitedr�rMr�r�MalwareCleanupr/r�rO�start�Config�CLEANUP_TRIM)rQr7r�rfrgrhrirjr��user_hits_black�user�hits_regular�
hits_black�
user_hits_all�files�blackr�r��uid�usernamer�r��cmds                       r@�_clean_fileszCleanup._clean_filesJs������O�O�D�)�)�	��/�/�)�/�r�:�:��2�i�2�/�2�<	�<	�D�$�=�=��r�2�2�L�(�,�,�T�2�6�6�J�(�:�5�M�;�;�l�;�;�;�E�9�9�j�9�9�9�E��L�L�-�u�u�}�=�=�=�����)�J��i�k�k�G��d�|�|�
 ���!�.�0�0���L�L�3��3�3�3�����*�4�4�#�2�!.�#%�'1�$+�"G�"'�&/�(3�$+�!#����
�
�
�
�
�
�
�
�
��*=�c�*B�*B�$B�$B�$B�$B�$B�$B�B����L�L�G�3�G�G�G��������"�"�:�w�
�F�F�F�F�F�F�F�F�F�'+�}�':�':����(��+�(;�(�(�"�"�"�"�"�"��F�E�3��*�,�,��*�&�!�)�#���'� +�#�����
�
�

�

�

�

�

�

�

�

�_<	�<	rBc��K�|jrdS|jjs|j���dSd|_tj�d��5	|���}|D],\}}}}}}}|�|||||||����d{V���-	d|_n#d|_wxYw	ddd��dS#1swxYwYdS)NTrW)r�rfrgrhrirjF)	rKrNr7�resetrr�r�r�r�)	rQ�datar�r�rfrgrhrirjs	         r@�_cleanupzCleanup._cleanup�sv�����=�	��F��{��	��K�������F���
�
�
�
"�
"�9�
-�
-�	&�	&�
&��0�0�2�2������������!��+�+� �"+�#�"+�$/� '�&3�,������������&!&��
�
����
�%�%�%�%�
�-	&�	&�	&�	&�	&�	&�	&�	&�	&�	&�	&�	&����	&�	&�	&�	&�	&�	&s+�C�AB'�C�'	B0�0C�C�C�c��>K�|����d{V��dSr;)r�rPs r@rWzCleanup.cleanup�s,�����m�m�o�o���������rB)NNNNNN) �__name__�
__module__�__qualname__rRrYr\rbrr�MalwareCleanupTaskrr��staticmethod�listr	r$r
rt�floatr�r�rwrxr{r�r�r�r�r�r�rrWrCrBr@rGrGbs
���������>�>�>�
�
�
�)�)�)��V�K�*�+�+�(
�$�(
�(
�(
�,�+�(
�T�	'��	'� $�_� 5�	'�	�t�T�z�	�	'�	'�	'��\�	'�����#(��<?��	
�����\��>
�d�
�t�
�
�
�
�
	
��	
�$�	
�	
�	
�	
�
�
�
�<
�
�
�>����\�����6:�:�:�������I�I�I�I�V&�&�&�B�_�Q���������rBrGc��eZdZejZd�Zd�Zed	de	e
defd���Ze
ej��d���Zd�ZdS)
�ResultProcessorc��
K�dSr;rCr[s  r@r\zResultProcessor.create_sink�r]rBc��K�||_dSr;)rMrXs   r@rYzResultProcessor.create_source�s������
�
�
rBNr7r2c�X�tj|||��|D]}||_||_�dSr;)r&r�r2�
cleaned_at)r7r2rr?s    r@�_set_hit_statuszResultProcessor._set_hit_status�s@����d�F�J�7�7�7��	(�	(�C��C�J�'�C�N�N�	(�	(rBc���K�|d}|d�|�d��}|�d��}tj��}�fd�|D��}�fd�|D��}g}t|d���23d{V��}	�|	���rD|	j���r|�|	���P|�|	���f6tj|||�	���d{V���fd
�|D��}
tj	|
||�	���d{V��|�
|
tj|���fd�|D��}tj
|||�	���d{V���fd�|D��}tj|||�	���d{V��|�
|tj|���fd
�|D��}
tj|
||�	���d{V��|�
|
tj|��t%j|��t)||�����D]\}}|�
||���|�|���d{V��|S)Nr7r�rfrgc���g|]}|�v�|��	SrCrC�r>r?r�s  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>�s���:�:�:�S�C�6�M�M�S�M�M�MrBc���g|]}|�v�|��	SrCrCrs  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>�s#���@�@�@�s�c��.?�.?�s�.?�.?�.?rB�dr�r�c�H��g|]}�|����|��SrC)�requires_myimunify_protectionrs  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>�s?���)
�)
�)
���c�{�8�8�:�:�)
��)
�)
�)
rBc�H��g|]}�|����|��SrC)�	is_failedrs  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>�s.���F�F�F�#�f�S�k�.C�.C�.E�.E�F�#�F�F�FrBc�H��g|]}�|����|��SrC)�
is_cleanedrs  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>��.���H�H�H�3�v�c�{�/E�/E�/G�/G�H�3�H�H�HrBc�H��g|]}�|����|��SrC)�
is_removedrs  �r@rpz0ResultProcessor.store_result.<locals>.<listcomp>�rrB)rqr�rr��orig_file_path�existsr�r-�cleanup_unable�%cleanup_requires_myimunify_protectionrr"�%CLEANUP_REQUIRES_MYIMUNIFY_PROTECTIONr��cleanup_done�CLEANUP_DONE�cleanup_removed�CLEANUP_REMOVEDr&r�r�r��"send_failed_to_cleanup_hits_to_mrs)rQrdr7rfrg�now�	processed�unprocessedr�r?rr��cleaned�removedr2r�r�s                @r@�store_resultzResultProcessor.store_result�s������!(���� '�� 1�����G�$�$���K�K��,�,�	��i�k�k��:�:�:�:�D�:�:�:�	�@�@�@�@�d�@�@�@���	�&�y�S�A�A�A�	*�	*�	*�	*�	*�	*�	*�#��c�{�$�$�&�&�
*��%�,�,�.�.�*��&�&�s�+�+�+�+��$�$�S�)�)�)��B��*��u�	�
�
�
�	
�	
�	
�	
�	
�	
�	
�)
�)
�)
�)
� �)
�)
�)
�%�
�A�)��)�
�
�
�	
�	
�	
�	
�	
�	
�	
�	
���)��B��	
�	
�	
�G�F�F�F��F�F�F���*��%�9�
�
�
�	
�	
�	
�	
�	
�	
�	
�I�H�H�H�)�H�H�H���(��5�I�
�
�
�	
�	
�	
�	
�	
�	
�	
�	
���W�&6�&C�S�I�I�I�H�H�H�H�)�H�H�H���+��5�I�
�
�
�	
�	
�	
�	
�	
�	
�	
�	
���W�&6�&F��L�L�L��#�I�.�.�.� 0��f� E� E� K� K� M� M�	3�	3��F�H�� � ��6�2�2�2�2��5�5�f�=�=�=�=�=�=�=�=�=��s�C&c��
K�|r~|j�tjd�|D��d������d{V��|j�tjd�|D��d������d{V��dSdS)Nc�L�g|]!}tj|j|j����"SrC)r.�HitInfor��hashr=s  r@rpzFResultProcessor.send_failed_to_cleanup_hits_to_mrs.<locals>.<listcomp>s9������)�0�����I�I���rB�cleanup_failure_current)r7�
upload_reasonc	��g|];}tjttj|����|j����<SrC)r.r-�strr!�get_hit_store_pathr.r=s  r@rpzFResultProcessor.send_failed_to_cleanup_hits_to_mrs.<locals>.<listcomp>sR�����
 �	)�0��� A�#� F� F�G�G��H�����rB�cleanup_failure_original)rMr�r�MalwareMRSUpload)rQ�failed_to_cleanup_hitss  r@r$z2ResultProcessor.send_failed_to_cleanup_hits_to_mrss����!�	��*�,�,��,���#9����#<������
�
�
�
�
�
�
��*�,�,��,���
$:����#=�	�	�	���
�
�
�
�
�
�
�
�
�	�	rBr;)r�rrr�AV�SCOPEr\rYrr	r&r2rrrr�r*r$rCrBr@rr�s��������H�E�
�
�
�����(�(�d�:�.�(��(�(�(��\�(��V�K�&�'�'�=�=�(�'�=�~����rBrc��eZdZdZd�Zd�Zd�Zd�Zee	j
��ej��d�����Z
ee��d���ZdS)	�StorageControllerz'Remove old backed up files from storagec�6�d|_tj|_dSr;)�_clear_taskr��CLEANUP_KEEP�_keeprPs r@rRzStorageController.__init__'s������(��
�
�
rBc��bK�|�|�����|_dSr;)rV�daily_clearr<r[s  r@r\zStorageController.create_sink+s.�����+�+�D�,<�,<�,>�,>�?�?����rBc���K�|jrZ|j���ttj��5|j�d{V��ddd��dS#1swxYwYdSdSr;)r<r_rr`rarPs r@rbzStorageController.shutdown.s�������	'���#�#�%�%�%��'�0�1�1�
'�
'��&�&�&�&�&�&�&�&�
'�
'�
'�
'�
'�
'�
'�
'�
'�
'�
'�
'����
'�
'�
'�
'�
'�
'�	'�	'rcc��|K�tj��}||jtzz
}||jdztzz
}tj���tj|k�����tj	|���d{V��}|rt�d|��dSdS)Nr�z/Cleanup storage have cleaned. Files removed: %s)r�r>rr&�delete�wherer�executer!�clearryrz)rQr%�	keep_hits�	keep_orig�cleareds     r@�_clearzStorageController._clear4s������i�k�k���$�*�s�*�*�	��4�:��>�S�0�0�	�����!�!�*�"7�)�"C�D�D�L�L�N�N�N�&�,�Y�7�7�7�7�7�7�7�7���	��K�K�A�7�
�
�
�
�
�	�	rBc��K�|jtjkr-tj|_|����d{V��dSdSr;)r>r�r=rJ)rQ�_s  r@�config_updatedz StorageController.config_updated?sP�����:��,�,�,��,�D�J��+�+�-�-����������-�,rBc��>K�|����d{V��dSr;)rJrPs r@r@zStorageController.daily_clearFs,�����k�k�m�m���������rBN)r�rr�__doc__rRr\rbrJrr�ConfigUpdater�log_error_and_ignorerMrrr@rCrBr@r:r:$s�������1�1�)�)�)�@�@�@�'�'�'�	�	�	��V�K�$�%�%��U��!�!� � �"�!�&�%� �
�_�S���������rBr:c�T�tjsdS|�|dkst|��r|SdS)z<Root user or user with MyImunify can use advanced signaturesFN�rootT)r�ENABLEDr)r�rjs  r@r�r�Ks9���"���u��|�t�v�~�~�)E�d�)K�)K�~����4rBc�\��eZdZdZejZeej	���fd���Z
�xZS)�ResultProcessorIm360zrImunify360 specialization of ResultProcessor, which removes all
    cleaned and removed files from HackerTrap
    c����K�t���|���d{V��}d�|d���D��}tjg|���d{V��dS)Nc��g|]<\}}|���s|����-t|����=SrC)rrr)r>r?�states   r@rpz5ResultProcessorIm360.store_result.<locals>.<listcomp>asZ��
�
�
���U�� � �"�"�
�',�&6�&6�&8�&8�
���I�I�
�
�
rBr�)�superr*r�r,�update_sa_hits)rQrd�	to_remove�	__class__s   �r@r*z!ResultProcessorIm360.store_result^s���������,�,�W�5�5�5�5�5�5�5�5��
�
�%�h�/�5�5�7�7�
�
�
�	�
"�0��Y�?�?�?�?�?�?�?�?�?�?�?rB)r�rrrOr�IM360r8rrr�r*�
__classcell__)r]s@r@rVrVWsl���������
�K�E��V�K�&�'�'�@�@�@�@�(�'�@�@�@�@�@rBrVc�^�eZdZejZd�Zed���Zd�Z	d�Z
eej
��d���Zeej��d���Zeej��dejfd���Zeej��d	���Zeej��dejfd
���ZdS)�	CleanupDbc��d|_dSr;)rLrPs r@rRzCleanupDb.__init__ls
����
�
�
rBc��K�tj��j}t|||������d{V��dSr;)r�r�r�r(r�)r��app_namer�s   r@�_start_cleanerzCleanupDb._start_cleanerosJ�����Z�\�\�%�
�$�Z��x�@�@�F�F�H�H�H�H�H�H�H�H�H�H�HrBc���K�tj�����sWtj���tj��������x}	�dSt�	d|j
|j��tj|gtj��|�|j
|j���d{V��dS)NzCleaning hit: (%s::%s))r&�db_hits_under_cleanupr�db_hits_pending_cleanup�order_byr��asc�firstryrzr�rdr�r"r�re)rQ�next_hits  r@�
_cleanup_nextzCleanupDb._cleanup_nextts������,�.�.�5�5�7�7�		�'�>�@�@���*�.�2�2�4�4�5�5���������
�F����$�h�&8�(�:K�	
�	
�	
�	��x�j�*:�*J�K�K�K��!�!�(�"4�h�6G�H�H�H�H�H�H�H�H�H�H�HrBc��LK�||_|����d{V��dSr;)rLrmr[s  r@r\zCleanupDb.create_sink�s7������
�� � �"�"�"�"�"�"�"�"�"�"�"rBc���K�tj|d��}t|��}d�|D��}|sdStj|tj��|����d{V��dS)Nr7c�F�g|]}|jtjjk�|��SrC)rmr#�DBror=s  r@rpz2CleanupDb.process_cleanup_task.<locals>.<listcomp>�s7��
�
�
��� �$;�$>�$D�D�D�
�D�D�DrB)r&rsrEr�r"�CLEANUP_PENDINGrm)rQrdr7r��db_hitss     r@r�zCleanupDb.process_cleanup_task�s������&�w�v��7�7��(��.�.�
�
�
�$�
�
�
��
�	��F���g�'7�'G�H�H�H�� � �"�"�"�"�"�"�"�"�"�"�"rBc��K�|d}t|��}	|����d{V��}nT#t$rGt�d|��Ytjt|j��d���dSwxYw	tjt|j��d���n-#tjt|j��d���wxYwtj
�|���d{V��dS)Nriz;Cannot complete cleanup %s, assuming it is already completeT��
ignore_errors)r)�completer'ry�warning�shutil�rmtreer2�detached_dirrrUr�)rQrd�clean_id�detached_cleanup�cleanup_outcomes     r@�parse_cleanup_resultszCleanupDb.parse_cleanup_results�sP�����9�%��-�h�7�7��	�$4�$=�$=�$?�$?�?�?�?�?�?�?�O�O��'�	�	�	��N�N�M��
�
�
�
��M��$�1�2�2�$�
�
�
�
�
�
�	����
�
�M��$�1�2�2�$�
�
�
�
�
��F�M��$�1�2�2�$�
�
�
�
�
�����f�$�$�_�5�5�5�5�5�5�5�5�5�5�5�&�6�B4�%B�B4�B�B4�4*Crdc��BK�tj|j��}tj|j��}tj|t
jtj����tj|t
j��|�	���d{V��dSr;)
r&�db_hits_under_cleanup_inr�r�r�r"r!r�r<rm)rQrd�cleaned_hits�failed_hitss    r@�update_cleaned_hits_statusz$CleanupDb.update_cleaned_hits_status�s�����"�:�7�;L�M�M�� �9�'�.�I�I�����*�7�����	
�	
�	
�	��k�+;�+A�B�B�B�� � �"�"�"�"�"�"�"�"�"�"�"rBc��K�tj��}tj|tj��|����d{V��dS)zc
        Clear the queue when the cleanup fails,
        set hits' status back to infected
        N)r&rgr�r"r<rm�rQrdr7s   r@�update_failed_hits_statusz#CleanupDb.update_failed_hits_status�sW�����/�1�1����d�$4�$:�;�;�;�� � �"�"�"�"�"�"�"�"�"�"�"rBc���K�d}d}tj|j��}tj|||����d{V��tj|j��}tj|||����d{V��dS)Nr�)r&�get_db_hitsr�r-r r�r�)rQrdrfrgr�r�s      r@�save_cleanup_events_in_historyz(CleanupDb.save_cleanup_events_in_history�s��������	�!�-�g�.?�@�@���(����
�
�
�	
�	
�	
�	
�	
�	
�	
�!�,�W�^�<�<���*��u�	�
�
�
�	
�	
�	
�	
�	
�	
�	
�	
�	
rBN)r�rrrr^r8rRrrermr\rrrr��MalwareCleanCompleter�MalwareDatabaseCleanupr��MalwareDatabaseCleanupFailedr�r�rCrBr@raraisV�������K�E�����I�I��\�I�I�I�I�"#�#�#��V�K�*�+�+�#�#�,�+�#��V�K�,�-�-�6�6�.�-�6�$�V�K�.�/�/�	#�"�9�	#�	#�	#�0�/�	#��V�K�4�5�5�	#�	#�6�5�	#��V�K�.�/�/�
�"�9�
�
�
�0�/�
�
�
rBrac�p�eZdZejZd�Zed���Zd�Z	ede
ede
efd���Ze
ej��d���Ze
ej��d���Ze
ej��d	���Ze
ej��d
���Ze
ej��d���ZdS)
�RestoreOriginalDbc��d|_dSr;)rTrPs r@rRzRestoreOriginalDb.__init__�s
����	�	�	rBc��K�tj�����sWtj���tj��������x}	�dSt�	d|j
|j��t|j
|j����
���d{V��tj|gtj��dS)Nz$Restoring from cleanup hit: (%s::%s))r�rd)r&�db_hits_under_cleanup_restorer�db_hits_pending_cleanup_restorerir�rjrkryrzr�rdr+�restorer�r"�CLEANUP_RESTORE_STARTED)�hit_to_restores r@�
_restore_nextzRestoreOriginalDb._restore_next�s
����
�4�6�6�=�=�?�?�		�#-�"L�"N�"N���*�.�2�2�4�4�5�5���������
�F����2��$��#�	
�	
�	
�
%��)�N�4K�
�
�
�
�'�)�)�	�	�	�	�	�	�	�	��
��.�F�	
�	
�	
�	
�	
rBc��LK�||_|����d{V��dSr;)rTr�r[s  r@r\zRestoreOriginalDb.create_sink�s7������	�� � �"�"�"�"�"�"�"�"�"�"�"rBr7r8c��d�|D��S)Nc3�DK�|]}|jtjk�|V��dSr;)r2r"r�r=s  r@rAz:RestoreOriginalDb._filter_under_restore.<locals>.<genexpr>�s?����
�
���z�-�E�E�E�
�E�E�E�E�
�
rBrCrDs r@�_filter_under_restorez'RestoreOriginalDb._filter_under_restore�s#��
�
��
�
�
�	
rBc��6K�tjtj���tj|jk���tj|jk��tj��|�	���d{V��dSr;)
r&r�rsrDr�r�rdr"�CLEANUP_RESTORE_PENDINGr�)rQrds  r@�queue_db_restorez"RestoreOriginalDb.queue_db_restore�s��������� � �
�U�:�'�7�<�7�
8�
8�
�U�:�&�'�*:�:�
;�
;��4�		
�	
�	
�� � �"�"�"�"�"�"�"�"�"�"�"rBc��K�|d}t|��}	|����d{V��}nT#t$rGt�d|��Ytjt|j��d���dSwxYw	tjt|j��d���n-#tjt|j��d���wxYwtj
�|���d{V��dS)Nriz;Cannot complete restore %s, assuming it is already completeTru)r*rwr'ryrxryrzr2r{rrUr�)rQrd�
restore_id�detached_restore�restore_messages     r@�parse_restore_resultsz'RestoreOriginalDb.parse_restore_results	sP�����Y�'�
�-�j�9�9��	�$4�$=�$=�$?�$?�?�?�?�?�?�?�O�O��'�	�	�	��N�N�M��
�
�
�
��M��$�1�2�2�$�
�
�
�
�
�
�	����
�
�M��$�1�2�2�$�
�
�
�
�
��F�M��$�1�2�2�$�
�
�
�
�
�����f�$�$�_�5�5�5�5�5�5�5�5�5�5�5r�c���K�tj|j��}tj|�|��t
j��|����d{V��dSr;)r&r�r�r�r�r"r<r�)rQrd�
restored_hitss   r@�update_restored_hits_statusz-RestoreOriginalDb.update_restored_hits_statussq����"�.�w�/@�A�A�
����&�&�}�5�5�7G�7M�	
�	
�	
�� � �"�"�"�"�"�"�"�"�"�"�"rBc
��.K�|�d��}|�d��}tj|j��}|D]X}t	j|j|jtj	j
|j|j|||j
|j|j��
�
�d{V���Ytj|j��}|D]X}t	j|j|jtj	j
|j|j|||j
|j|j��
�
�d{V���YdS)Nrfrg)
r�rdrm�
file_owner�	file_userrgrf�db_host�db_port�db_name)rqr&r�r�r-�cleanup_restored_originalr�rdr#rqror4r�r�r�r�r��cleanup_failed_restore)rQrdrfrgr�r?r�s       r@�save_restore_events_in_historyz0RestoreOriginalDb.save_restore_events_in_history&sW�������G�$�$���K�K��,�,�	�"�.�w�/@�A�A�
� �	�	�C� �9��]���5�8�>��9��(�#�����������
�
�
�
�
�
�
�
�!�,�W�^�<�<���	�	�C��6��]���5�8�>��9��(�#�����������
�
�
�
�
�
�
�
�	�	rBc��K�tj��}tj|tj��|����d{V��dS)zg
        Clear the queue when the restore fails,
        set hits' status back to cleanup_done
        N)r&�db_hits_under_restorationr�r"r!r�r�s   r@r�z+RestoreOriginalDb.update_failed_hits_statusIsW�����3�5�5����d�$4�$A�B�B�B�� � �"�"�"�"�"�"�"�"�"�"�"rBN)r�rrrr^r8rRrr�r\rr&r�rr�MalwareDatabaseRestoreTaskr��MalwareRestoreCompleter�r+r�r��MalwareDatabaseRestoreFailedr�rCrBr@r�r��s\�������K�E�����
�
��\�
�.#�#�#��
��z�"�
�	�*�	�
�
�
��\�
��V�K�2�3�3�#�#�4�3�#��V�K�.�/�/�6�6�0�/�6�(�V�K�.�/�/�#�#�0�/�#��V�K�.�/�/� � �0�/� �D�V�K�4�5�5�#�#�6�5�#�#�#rBr�)arOr`r�ryr�r��
contextlibr�	functoolsr�loggingr�pathlibr�typingrrr	r
�defence360agentr�defence360agent.apir� defence360agent.contracts.configr
r�r�%defence360agent.contracts.hook_eventsr�!defence360agent.contracts.licenser�"defence360agent.contracts.messagesr�%defence360agent.contracts.permissionsr�!defence360agent.contracts.pluginsrrr�&defence360agent.internals.global_scoper�defence360agent.utilsrrrr�defence360agent.utils.commonrrr�imav.malwarelib.cleanup.cleanerrrr �imav.malwarelib.cleanup.storager!�imav.malwarelib.configr"r#r$�imav.malwarelib.modelr%r&�imav.malwarelib.scanr'� imav.malwarelib.scan.mds.cleanerr(�!imav.malwarelib.scan.mds.detachedr)r*� imav.malwarelib.scan.mds.restorer+�imav.malwarelib.subsys.malwarer,r-�imav.malwarelib.utilsr.�imav.malwarelib.utils.user_listr/r0r�ryr��group_by_attributer�r�rxr�r�rErGrr:r�rVrar�rCrBr@�<module>r�s
����*����	�	�	�	�
�
�
�
���������������������������������.�.�.�.�.�.�.�.�.�.�.�.�!�!�!�!�!�!�*�*�*�*�*�*���������<�;�;�;�;�;�8�8�8�8�8�8�:�:�:�:�:�:�N�N�N�N�N�N�����������
5�4�4�4�4�4�������������A�@�@�@�@�@�@�@�@�@�����������
;�:�:�:�:�:�����������
=�<�<�<�<�<�<�<�9�9�9�9�9�9�C�C�C�C�C�C���������D�C�C�C�C�C�M�M�M�M�M�M�M�M�2�2�2�2�2�2���������

��8�	�	��'(�$��7�:�8�H�M�M�M�����6�'�J�J�J��D�j�j��V�^�D�D�D�
�L����
I�8�J�/�I�H�I�I�I�I�V�V�V�V�V�k�=�V�V�V�r
f�f�f�f�f�k�=�f�f�f�R$�$�$�$�$��$�$�$�N	�	�	�@�@�@�@�@�?�@�@�@�$g
�g
�g
�g
�g
��g
�g
�g
�T~#�~#�~#�~#�~#��~#�~#�~#�~#�~#rB

Hacked By AnonymousFox1.0, Coded By AnonymousFox