📁 File Manager Pro
v10.0.2 | PHP: 8.1.34
Server: LiteSpeed
2026-06-29 04:07:09
📂
/
/
opt
/
imunify360
/
venv
/
lib
/
python3.11
/
site-packages
/
imav
/
malwarelib
/
advanced
/
rpc
/
endpoints
✏️
Editing: malicious.py
""" This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <https://www.gnu.org/licenses/>. Copyright © 2019 Cloud Linux Software Inc. This software is also available under ImunifyAV commercial license, see <https://www.imunify360.com/legal/eula> """ import asyncio from functools import partial from pathlib import Path from defence360agent.feature_management.constants import AV, AV_REPORT, FULL from defence360agent.feature_management.lookup import feature from defence360agent.model.simplification import run_in_executor from defence360agent.rpc_tools.lookup import bind from defence360agent.utils import Scope from imav.malwarelib.config import MalwareScanResourceType from imav.malwarelib.model import MalwareHit from imav.malwarelib.rpc.endpoints.base import ( MaliciousEndpointStatus, MaliciousEndpoints as MaliciousEndpointsAV, ) from imav.malwarelib.subsys.malware import HackerTrapHitsSaver class MaliciousEndpoints(MaliciousEndpointsAV): """Ignore or drop malicious files. On top of the AV base endpoints this scope also keeps ``malware_standalone_b64.list`` (consumed by modsec rule 77316817) in sync, so a path the operator marks as not-actually-malware is no longer blocked at the WAF layer. See DEF-38724. """ SCOPE = Scope.IM360 @feature(AV, [FULL, AV_REPORT]) @bind("malware", "malicious", "move-to-ignore") async def malicious_move_to_ignore(self, ids, user=None): ignored = await self._malicious_move_to_ignore(ids, user) await HackerTrapHitsSaver.update_sa_hits( files_to_add=[], files_to_remove=[Path(f) for f in ignored], ) return len(ignored) @feature(AV, [FULL, AV_REPORT]) @bind("malware", "malicious", "remove-from-list") async def malicious_remove_from_list(self, ids, user=None): # AV-base drops MalwareHit rows but leaves the path in # malware_standalone_b64.list, so modsec rule 77316817 keeps # blocking it. Mirror _malicious_move_to_ignore's run_in_executor # wrap of the peewee calls. hits_to_remove = await run_in_executor( asyncio.get_event_loop(), partial(MalwareHit.malicious_select, ids, user=user), ) sa_paths_to_remove = [ Path(hit.orig_file) for hit in hits_to_remove if hit.resource_type == MalwareScanResourceType.FILE.value ] await run_in_executor( asyncio.get_event_loop(), partial(MalwareHit.delete_instances, hits_to_remove), ) await HackerTrapHitsSaver.update_sa_hits( files_to_add=[], files_to_remove=sa_paths_to_remove ) return MaliciousEndpointStatus(hits_to_remove, [])
💾 Save Changes
❌ Cancel