From f4f8f7d12e85f247cee45278fd8c744ae72bfa2a Mon Sep 17 00:00:00 2001 From: Tad Date: Sat, 16 Dec 2017 14:30:21 -0500 Subject: [PATCH] Tweaks, more databases, and scan more aggressively --- app/build.gradle | 2 +- .../spotco/malwarescanner/BootReceiver.java | 2 +- .../us/spotco/malwarescanner/Database.java | 23 +++++++++++++++---- .../spotco/malwarescanner/MalwareScanner.java | 3 ++- .../malwarescanner/MalwareScannerService.java | 17 ++++++++------ .../malwarescanner/SignatureDatabase.java | 4 ++-- 6 files changed, 34 insertions(+), 17 deletions(-) diff --git a/app/build.gradle b/app/build.gradle index 9e5c9b3..d3f0f21 100644 --- a/app/build.gradle +++ b/app/build.gradle @@ -6,7 +6,7 @@ android { applicationId "us.spotco.malwarescanner" minSdkVersion 21 targetSdkVersion 26 - versionCode 10 + versionCode 11 versionName "1.5" } buildTypes { release { diff --git a/app/src/main/java/us/spotco/malwarescanner/BootReceiver.java b/app/src/main/java/us/spotco/malwarescanner/BootReceiver.java index fb8e3ab..d3eea5d 100644 --- a/app/src/main/java/us/spotco/malwarescanner/BootReceiver.java +++ b/app/src/main/java/us/spotco/malwarescanner/BootReceiver.java @@ -11,7 +11,7 @@ public class BootReceiver extends BroadcastReceiver { public void onReceive(Context context, Intent intent) { if (intent.getAction().equals(Intent.ACTION_BOOT_COMPLETED)) { SharedPreferences prefs = context.getSharedPreferences(BuildConfig.APPLICATION_ID, Context.MODE_PRIVATE); - boolean autostart = prefs.getBoolean("autostart", true); + boolean autostart = prefs.getBoolean("autostart", false); if (autostart) { Intent realtimeScanner = new Intent(context, MalwareScannerService.class); diff --git a/app/src/main/java/us/spotco/malwarescanner/Database.java b/app/src/main/java/us/spotco/malwarescanner/Database.java index 8ff27b2..1fd9523 100644 --- a/app/src/main/java/us/spotco/malwarescanner/Database.java +++ b/app/src/main/java/us/spotco/malwarescanner/Database.java @@ -29,11 +29,23 @@ public class Database { databasePath = new File(context.getFilesDir() + "/signatures/"); databasePath.mkdir(); - signatureDatabases.add(new SignatureDatabase("https://spotco.us/clamav-main.hdb", "clamav-main.hdb")); - signatureDatabases.add(new SignatureDatabase("https://spotco.us/clamav-main.hsb", "clamav-main.hsb")); - //signatureDatabases.add(new SignatureDatabase("http://cdn.rfxn.com/downloads/rfxn.hdb", "rfxn.hdb")); - //signatureDatabases.add(new SignatureDatabase("http://clamav.bofhland.org/bofhland_malware_attach.hdb", "bofhland_malware_attach.hdb")); - //signatureDatabases.add(new SignatureDatabase("http://cdn.malware.expert/malware.expert.hdb", "malware.expert.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/bofhland_malware_attach.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/crdfam.clamav.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/doppelstern.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/hackingteam.hsb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/main.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/main.hsb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/malware.expert.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/malwarehash.hsb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/porcupine.hsb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/rfxn.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/rogue.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/spamattach.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/spamimg.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/winnow.attachments.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/winnow_bad_cw.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/winnow_extended_malware.hdb")); + signatureDatabases.add(new SignatureDatabase("https://spotco.us/Theia/winnow_malware.hdb")); } public static boolean areDatabasesAvailable() { @@ -139,6 +151,7 @@ public class Database { connection.disconnect(); } catch (Exception e) { e.printStackTrace(); + out.delete(); publishProgress("Failed to download, check logcat\n"); } return null; diff --git a/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java b/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java index a5e0bc9..be2fc43 100644 --- a/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java +++ b/app/src/main/java/us/spotco/malwarescanner/MalwareScanner.java @@ -5,6 +5,7 @@ import android.app.Notification; import android.app.NotificationManager; import android.content.Context; import android.os.AsyncTask; +import android.os.Environment; import android.os.SystemClock; import android.support.v4.app.NotificationCompat; import android.widget.TextView; @@ -106,7 +107,7 @@ public class MalwareScanner extends AsyncTask, Object, String> { for (Map.Entry file : signaturesToCheck.entrySet()) { if (signatureDatabase.containsKey(file.getKey())) { String result = signatureDatabase.get(file.getKey()); - publishProgress(result + " in " + file.getValue(), false); + publishProgress(result + " in " + file.getValue().toString().replaceAll(Environment.getExternalStorageDirectory().toString(), "~"), false); } } publishProgress("Checked all " + hashType + " hashes against signature databases\n", true); diff --git a/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java b/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java index 58d727b..c9cd379 100644 --- a/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java +++ b/app/src/main/java/us/spotco/malwarescanner/MalwareScannerService.java @@ -76,13 +76,16 @@ public class MalwareScannerService extends Service { @Override public void onEvent(int eventID, String path) { - if (eventID == FileObserver.CLOSE_WRITE) { - File file = new File(rootPath + path); - if (file.exists() && file.length() > 0) { - Set filesToScan = new HashSet<>(); - filesToScan.add(file); - new MalwareScanner(null, getApplicationContext(), false).execute(filesToScan); - } + switch (eventID) { + case FileObserver.MOVED_TO: + case FileObserver.CLOSE_WRITE: + File file = new File(rootPath + path); + if (file.exists() && file.length() > 0) { + Set filesToScan = new HashSet<>(); + filesToScan.add(file); + new MalwareScanner(null, getApplicationContext(), false).execute(filesToScan); + } + break; } } } diff --git a/app/src/main/java/us/spotco/malwarescanner/SignatureDatabase.java b/app/src/main/java/us/spotco/malwarescanner/SignatureDatabase.java index 167fbc4..c5637c3 100644 --- a/app/src/main/java/us/spotco/malwarescanner/SignatureDatabase.java +++ b/app/src/main/java/us/spotco/malwarescanner/SignatureDatabase.java @@ -5,9 +5,9 @@ public class SignatureDatabase { private String url = null; private String name = null; - public SignatureDatabase(String url, String name) { + public SignatureDatabase(String url) { this.url = url; - this.name = name; + this.name = url.replaceAll("https://spotco.us/Theia/", ""); } public String getUrl() {