mirekvales / mvsdotnetamsiclient Goto Github PK
View Code? Open in Web Editor NEW๐ก๏ธ Convenient .NET Library for Invoking Antimalware Scan Interface (AMSI)
License: MIT License
๐ก๏ธ Convenient .NET Library for Invoking Antimalware Scan Interface (AMSI)
License: MIT License
Calling Scan.File sometimes returns IsSafe == false with ResultDetail: "System.ComponentModel.Win32Exception (0x8007139F): The group or resource is not in the correct state to complete the operation.".
Some file was scanned fine and in a few seconds same file on the same computer ended with this error result.
We use Windows Defender and ESET.
I wrote a simple console app to test MVsDotNetAMSIClient features.
using System;
using MVsDotNetAMSIClient;
using System.IO;
using MVsDotNetAMSIClient.Contracts;
using MVsDotNetAMSIClient.Contracts.Enums;
namespace AMSIConsoleTest
{
class Program
{
static void Main(string[] args)
{
var filename = @"C:\src\eicar-com.txt";
//string virus = @"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
if (File.Exists(filename))
{
var scan = new Scan();
//var configuration = new AMSIClientConfiguration();
//configuration.DetectionEngine = DetectionEngine.WindowsDefender;
//configuration.SkipScanResultDetailRetrieval = false;
//configuration.MaximumScanResultRetrievalTime = TimeSpan.FromSeconds(10.0);
//var client = AMSIClient.Create(configuration);
var client = AMSIClient.Create();
ScanResult result = client.ScanFile(filename);
var malwareID = result.DetectionResultInfo.MalwareID;
var threatLevel = result.DetectionResultInfo.ThreatLevel;
var engineResultDetail = result.DetectionEngineInfo.DetectionEngine;
var elapsedTime = result.DetectionResultInfo.ElapsedTime;
var resultDetails = result.ResultDetail;
var isSafe = result.IsSafe;
var engineResDetails = result.DetectionResultInfo.EngineResultDetail;
Console.WriteLine(String.Format("Malware ID: {0}", malwareID));
Console.WriteLine(String.Format("Threat Level: {0}", threatLevel));
Console.WriteLine(String.Format("Engine Details: {0}", engineResultDetail));
Console.WriteLine(String.Format("Elapsed time: {0}", elapsedTime));
Console.WriteLine(String.Format("Result details: {0}", resultDetails));
Console.WriteLine(String.Format("IS safe?: {0}", isSafe.ToString()));
Console.WriteLine(String.Format("Engine result details: {0}", engineResDetails));
}
Console.ReadKey();
}
}
}
Windows Defender catches the file:
but it seems that nothing is reported in my app :
I did so many attempts without any success, I read the code of the libs, tried with and without configuration, etc.etc.
I'm sure I missed something (or I didn't understand something).
Any idea? Could you help me?
Many thanks in advance.
Windows 10 Enterprise 21H1
Visual Studio 2017
Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz 2.40 GHz
16GB RAM
I created a new WinForm project using .NET 4.7.1 framework version.
I Installed via NuGet tool MVsDotNetAMSIClient.
I created a Button with the following OnClick event:
var filename = @"C:\temp\TestCopia.exe";
if (File.Exists(filename)) {
var result = new Scan().File(filename);
}
The call to new Scan().File
generates an Access Violation Error
.
Am I doing something wrong or missed something?
Any idea?
Thanks
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.