From 4537a401deffc216f94d6e6bd2a2099392994ab1 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Mon, 14 Apr 2025 10:29:19 +0200 Subject: [PATCH 1/8] Initial commit From 75158584a61f76ae54e277953bb40bf789e7c0e1 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Tue, 22 Apr 2025 09:58:55 +0200 Subject: [PATCH 2/8] Add function to return all supported AVS in av_manager.py --- maldump/av_manager.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/maldump/av_manager.py b/maldump/av_manager.py index c7047ae..ca133f1 100755 --- a/maldump/av_manager.py +++ b/maldump/av_manager.py @@ -39,3 +39,8 @@ class AVManager: def detect(cls) -> list[Quarantine]: """Returns a list of avs installed on the system""" return [av for av in cls.avs if av.location.exists()] + + @classmethod + def retrieve(cls) -> list[Quarantine]: + """Returns a list of all supported avs""" + return cls.avs From 780d73e9afb6512219a2dd3056c0d5aaa12dc539 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Tue, 22 Apr 2025 10:00:19 +0200 Subject: [PATCH 3/8] Add --all-avs argument and skip detection This allows to skip the initial detection of all the installed Antivirus solutions and go directly to files extraction --- maldump/__main__.py | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/maldump/__main__.py b/maldump/__main__.py index 7c18300..d820e75 100755 --- a/maldump/__main__.py +++ b/maldump/__main__.py @@ -37,8 +37,12 @@ def main() -> None: # Switch to root partition os.chdir(args.root_dir) - # Get a list of all installed avs - avs = AVManager.detect() + if args.all_avs: + # Get a list of all supported avs + avs = AVManager.retrieve() + else: + # Get a list of all installed avs + avs = AVManager.detect() if args.quar: export_files(avs, dest) @@ -156,6 +160,12 @@ def parse_cli() -> argparse.Namespace: parser.add_argument( "-a", "--all", action="store_true", help="equivalent of running both -q and -m" ) + parser.add_argument( + "-r", + "--all-avs", + action="store_true", + help="skip detection of existing avs and try every supported one", + ) parser.add_argument( "-v", "--version", action="version", version="%(prog)s " + __version__ ) From 8d79fef4ca088da6d209465507e6a562d59e6c11 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Tue, 22 Apr 2025 10:03:13 +0200 Subject: [PATCH 4/8] Fix ruff errors --- maldump/__main__.py | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/maldump/__main__.py b/maldump/__main__.py index d820e75..f782171 100755 --- a/maldump/__main__.py +++ b/maldump/__main__.py @@ -37,12 +37,8 @@ def main() -> None: # Switch to root partition os.chdir(args.root_dir) - if args.all_avs: - # Get a list of all supported avs - avs = AVManager.retrieve() - else: - # Get a list of all installed avs - avs = AVManager.detect() + # Get a list of all supported or all installed avs + avs = AVManager.retrieve() if args.all_avs else AVManager.detect() if args.quar: export_files(avs, dest) From 9f51ee3b7d9247c7cf79dd9056c3e82e9bbb5da6 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Tue, 22 Apr 2025 15:56:40 +0200 Subject: [PATCH 5/8] Change the argument for detecting avs and set default behavior to skip the detection --- maldump/__main__.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/maldump/__main__.py b/maldump/__main__.py index f782171..c5a221f 100755 --- a/maldump/__main__.py +++ b/maldump/__main__.py @@ -38,7 +38,7 @@ def main() -> None: os.chdir(args.root_dir) # Get a list of all supported or all installed avs - avs = AVManager.retrieve() if args.all_avs else AVManager.detect() + avs = AVManager.detect() if args.detect_avs else AVManager.retrieve() if args.quar: export_files(avs, dest) @@ -157,10 +157,10 @@ def parse_cli() -> argparse.Namespace: "-a", "--all", action="store_true", help="equivalent of running both -q and -m" ) parser.add_argument( - "-r", - "--all-avs", - action="store_true", - help="skip detection of existing avs and try every supported one", + "-c", + "--detect-avs", + action="store_false", + help="try only avs which were detected in the system", ) parser.add_argument( "-v", "--version", action="version", version="%(prog)s " + __version__ From 817e2cc4e93778ba41ab9144f3655b7faa7c7076 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Thu, 24 Apr 2025 14:15:49 +0200 Subject: [PATCH 6/8] Fix formatting Remove space in __main__.py file which caused ruff failure --- maldump/__main__.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/maldump/__main__.py b/maldump/__main__.py index 45c2440..7a9e761 100755 --- a/maldump/__main__.py +++ b/maldump/__main__.py @@ -43,7 +43,7 @@ def main() -> None: # Switch to root partition os.chdir(args.root_dir) - + logger.debug( 'Working in directory "%s", files would be stored into "%s"', os.getcwd(), dest ) @@ -170,7 +170,6 @@ def parse_cli() -> argparse.Namespace: "-a", "--all", action="store_true", help="equivalent of running both -q and -m" ) parser.add_argument( - "-c", "--detect-avs", action="store_false", From aea87861b9d6b7e03bc761db8f6ac71900a214fe Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Thu, 24 Apr 2025 14:16:42 +0200 Subject: [PATCH 7/8] Add new syscalls to exception handling process in Avast --- maldump/parsers/avast_parser.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/maldump/parsers/avast_parser.py b/maldump/parsers/avast_parser.py index 3013ed0..1aed838 100644 --- a/maldump/parsers/avast_parser.py +++ b/maldump/parsers/avast_parser.py @@ -29,8 +29,21 @@ def __init__(self): @log.log(lgr=logger) def __del__(self): if hasattr(self, "db"): - self.db.close() - unlink(self.tmpfile) + logger.debug( + "Deleting parser object, closing database file, unlinking tmp file" + ) + + if self.db is not None: + self.db.close() + + try: + logger.debug('Trying to delete temporary file "%s"', self.tmpfile) + if self.tmpfile is not None: + unlink(self.tmpfile) + except OSError as e: + logger.exception( + 'Cannot unlink temporary file "%s"', self.tmpfile, exc_info=e + ) @log.log(lgr=logger) def _initDB(self) -> bool: @@ -40,7 +53,7 @@ def _initDB(self) -> bool: 'Trying to parse index.xml file "%s"', self.location / "index.xml" ) self.root = ET.parse(self.location / "index.xml").getroot() - except ParseError as e: + except (ParseError, OSError) as e: logger.exception("Cannot open and parse index.xml", exc_info=e) return False From 4f09494ac63b47da05d5a77c1a89f667ffac0776 Mon Sep 17 00:00:00 2001 From: Jozef Sabo <31158086+jozef-sabo@users.noreply.github.com> Date: Thu, 24 Apr 2025 14:16:47 +0200 Subject: [PATCH 8/8] Add new syscalls to exception handling process in AVG --- maldump/parsers/avg_parser.py | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/maldump/parsers/avg_parser.py b/maldump/parsers/avg_parser.py index 06415d6..bb7ab53 100644 --- a/maldump/parsers/avg_parser.py +++ b/maldump/parsers/avg_parser.py @@ -29,8 +29,21 @@ def __init__(self): @log.log(lgr=logger) def __del__(self): if hasattr(self, "db"): - self.db.close() - unlink(self.tmpfile) + logger.debug( + "Deleting parser object, closing database file, unlinking tmp file" + ) + + if self.db is not None: + self.db.close() + + try: + logger.debug('Trying to delete temporary file "%s"', self.tmpfile) + if self.tmpfile is not None: + unlink(self.tmpfile) + except OSError as e: + logger.exception( + 'Cannot unlink temporary file "%s"', self.tmpfile, exc_info=e + ) @log.log(lgr=logger) def _initDB(self) -> bool: @@ -40,7 +53,7 @@ def _initDB(self) -> bool: 'Trying to parse index.xml file "%s"', self.location / "index.xml" ) self.root = ET.parse(self.location / "index.xml").getroot() - except ParseError as e: + except (ParseError, OSError) as e: logger.exception("Cannot open and parse index.xml", exc_info=e) return False