1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of the License "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
14 // f32test\virus\t_vshook.cpp
19 #include <f32pluginutils.h>
22 _LIT(KVirusScannerName, "This is a test virus scanner");
26 Leaving New function for the plugin
29 CTestVirusHook* CTestVirusHook::NewL()
31 return new(ELeave) CTestVirusHook;
36 Constructor for the plugin
39 CTestVirusHook::CTestVirusHook()
41 // RDebug::Print(_L("EMaxClientOperations %d, size of CFsPlugin %d, iSignatureOffset %d"), EMaxClientOperations, sizeof(CFsPlugin), _FOFF(CTestVirusHook, iSignature));
42 ASSERT(iSignature == 0);
48 The destructor for the test virus scanner hook. This would
49 not be a part of a normal virus scanner implementation as
50 normal virus scanners cannot be unloaded - it must be
51 provided in the test virus scanner server so that it can
52 be tested with the F32 test suite.
55 CTestVirusHook::~CTestVirusHook()
59 for (TInt i = 0; i < iSignaturesLoaded; i++)
61 if (iKnownSignatures[i])
63 delete iKnownSignatures[i];
66 ASSERT(iSignature == 0x1234);
70 Initialise the virus scanner.
71 Reads the virus definition file and then waits for
72 notification that files containing a virus have been
76 void CTestVirusHook::InitialiseL()
78 User::LeaveIfError(RegisterIntercept(EFsFileOpen, EPreIntercept));
79 User::LeaveIfError(RegisterIntercept(EFsFileSubClose, EPostIntercept));
80 User::LeaveIfError(RegisterIntercept(EFsFileRename, EPreIntercept));
81 User::LeaveIfError(RegisterIntercept(EFsRename, EPreIntercept));
82 User::LeaveIfError(RegisterIntercept(EFsDelete, EPreIntercept));
83 User::LeaveIfError(RegisterIntercept(EFsReplace, EPreIntercept));
84 User::LeaveIfError(RegisterIntercept(EFsReadFileSection, EPreIntercept));
86 ReadVirusDefinitionFile();
90 Read the virus definition file C:\virusdef.txt and parse
91 its contents. Any virus definitions found in that file
92 are added to the KnownSignatures array so they can be
93 used by the virus scanning hook.
97 @return KErrNone if the file was read and parsed
100 TInt CTestVirusHook::ReadVirusDefinitionFile()
102 TInt r = iFs.Connect();
106 r = iFs.SetNotifyChange(EFalse); // Disable change notifications
110 //Open the virus definition file
112 r = vsDefFile.Open(iFs, _L("C:\\virusdef.txt"), EFileShareAny);
117 r = vsDefFile.Size(fileSize);
126 TRAP(r,defBuf = HBufC8::NewL(fileSize));
133 TPtr8 ptr(defBuf->Des());
134 r = vsDefFile.Read(ptr);
142 //Now parse the definition file, putting the definitions into the hook's
143 //array of known virus signatures.
144 TInt bytesParsed = 0;
145 TInt stringBeginPos = 0;
146 TInt stringEndPos = 0;
147 TInt stringLength = 0;
148 HBufC8* signatureBuf = NULL;
149 while (bytesParsed < fileSize)
151 ptr.Set(defBuf->Des());
152 ptr.Set(&ptr[bytesParsed], fileSize-bytesParsed, fileSize-bytesParsed);
153 stringBeginPos = ptr.MatchF(_L8("startdef:*:enddef*"));
155 if (stringBeginPos < 0)
160 stringBeginPos += 9; //stardef:
161 stringBeginPos += bytesParsed;
162 ptr.Set(defBuf->Des());
163 ptr.Set(&ptr[stringBeginPos], fileSize-stringBeginPos, fileSize-stringBeginPos);
164 stringEndPos = ptr.MatchF(_L8("*:enddef*"));
166 if (stringEndPos < 0)
171 stringEndPos += 9; //stardef:
172 stringEndPos += bytesParsed;
173 stringLength = stringEndPos - stringBeginPos;
175 ptr.Set(defBuf->Des());
176 TRAP(r,signatureBuf = HBufC8::NewL(stringLength));
178 TPtrC8 actualSig(ptr.Mid(stringBeginPos, stringLength));
180 TPtr8 ptr2(signatureBuf->Des());
181 ptr2.Append(actualSig);
182 iKnownSignatures[iSignaturesLoaded] = signatureBuf;
185 bytesParsed += 9; //startdef:
186 bytesParsed += stringLength;
187 bytesParsed += 9; //:enddef\n
200 TInt CTestVirusHook::DoRequestL(TFsPluginRequest& aRequest)
202 TInt err = KErrNotSupported;
204 TInt function = aRequest.Function();
206 iDrvNumber = aRequest.DriveNumber();
211 err = VsFileOpen(aRequest);
214 case EFsFileSubClose:
215 VsFileClose(aRequest);
221 err = VsFileRename(aRequest);
225 err = VsFileDelete(aRequest);
228 case EFsReadFileSection:
229 err = VsReadFileSection(aRequest);
243 TInt CTestVirusHook::VsFileOpen(TFsPluginRequest& aRequest)
246 TInt err = ValidateRequest(aRequest, fileName);
249 err = ScanFile(fileName);
252 // Clean the infected file
253 CleanFile(fileName, EFileOpen);
263 void CTestVirusHook::VsFileClose(TFsPluginRequest& aRequest)
266 TInt err = GetName(&aRequest, fileName);
269 err = ScanFile(fileName);
272 // Clean the infected file
273 CleanFile(fileName, EFileClose);
281 TInt CTestVirusHook::VsFileRename(TFsPluginRequest& aRequest)
284 TInt err = VsDirRename(aRequest);
285 if(err != KErrAccessDenied)
288 err = ValidateRequest(aRequest, fileName);
291 err = ScanFile(fileName);
294 // Clean the infected file
295 CleanFile(fileName, EFileRename);
306 TInt CTestVirusHook::VsDirRename(TFsPluginRequest& aRequest)
310 TInt err = GetName(&aRequest, fileName);
314 err = fileName.Find(_L("\\system\\lib\\"));
315 if (err != KErrNotFound)
317 //Don't allow sys\bin to be ever renamed
318 return KErrAccessDenied;
320 err = fileName.Find(_L("\\sys\\bin\\"));
321 if (err != KErrNotFound)
323 //Don't allow sys\bin to be ever renamed
324 return KErrAccessDenied;
333 TInt CTestVirusHook::VsFileDelete(TFsPluginRequest& aRequest)
337 TInt err = ValidateRequest(aRequest, fileName);
344 TInt CTestVirusHook::VsReadFileSection(TFsPluginRequest& aRequest)
347 // The t_virus test uses a filename clean.txt, a read length of 8 and a read position of 0.
352 // test getting name on read file section intercept
353 TInt err = GetName(&aRequest, fileName);
359 parse.Set(fileName,NULL,NULL);
360 TPtrC name = parse.Name();
361 if(name.CompareF(_L("clean"))!=0)
365 TPtrC ext = parse.Ext();
366 if(ext.CompareF(_L(".txt"))!=0)
371 // test getting read length and required file position on read file section intercept
372 err = GetFileAccessInfo(&aRequest, len, pos);
377 if ((len != 8) || (pos != 0))
389 TInt CTestVirusHook::VirusScannerName(TDes& aName)
391 aName = KVirusScannerName;
396 Reads the contents of the file passed in and checks
397 whether it contains any of the specified virus
400 @return A value depending on whether a known virus is
401 found within the file.
403 @param aFile A CFileCB object which can be used to read the file.
406 TInt CTestVirusHook::ScanFile(const TDesC& aName)
414 TPtrC tmpFile = _L("VS_RENAMED.VSH");
416 parse.Set(aName, NULL, NULL);
417 parse.Set(parse.DriveAndPath(), &tmpFile, NULL);
419 r = iFs.Rename(aName, parse.FullName());
424 r = file.Open(iFs, parse.FullName(), EFileRead);
430 //If the file size is 0, then the file
431 //has just been created - so it can't contain
433 if(r != KErrNone || size == 0)
437 // Rename the file back
438 TInt err = iFs.Rename(parse.FullName(), aName);
447 r = file.Read(pos, iScanBuf);
455 pos += iScanBuf.Length();
456 } while ((r == KErrNotFound) && (iScanBuf.Length() == iScanBuf.MaxLength()));
460 // Rename the file back
461 TInt err = iFs.Rename(parse.FullName(), aName);
467 //We've found an infection
468 return KErrAccessDenied;
477 Scans the internal buffer which has been loaded with fresh
478 file contents, to see if it contains any known virus
481 @return A value depending on whether a known virus signature
482 is found within the buffer.
486 TInt CTestVirusHook::ScanBuffer()
488 //Look through the internal buffer for all known virus signatures.
491 for (TInt i = 0; i < iSignaturesLoaded; i++)
493 r = iScanBuf.Find(iKnownSignatures[i]->Des());
495 if (r != KErrNotFound)
504 Validate that nobody is trying to touch the virus scanner files.
508 @return A value depending on whethe the virus scanner files are
511 @param aDriveNum The drive number of the request which called into
512 the test virus scanning hook.
514 @param aName The full pathname of the file being accessed by the
515 request to the file server hook.
517 TInt CTestVirusHook::ValidateRequest(TFsPluginRequest& aRequest, TFileName& aFileName)
519 TInt driveNumber = aRequest.DriveNumber();
521 TInt err = GetName(&aRequest, aFileName);
525 if (driveNumber == EDriveC)
527 TInt r = aFileName.Find(_L("\\virusdef.txt"));
529 if (r != KErrNotFound)
531 //Do not allow the deletion of the virus definition file.
532 return KErrAccessDenied;
535 r = aFileName.Find(_L("\\system\\libs\\t_vshook.pxt"));
536 if (r != KErrNotFound)
538 //Do not allow the deletion of the this dll
539 return KErrAccessDenied;
541 r = aFileName.Find(_L("\\sys\\bin\\t_vshook.pxt"));
542 if (r != KErrNotFound)
544 //Do not allow the deletion of the this dll
545 return KErrAccessDenied;
552 Processes a message which describes the detection of an
553 infected file. Appends the relevant text at the end of the
554 file to say that it has been "cleaned". This allows the virus
555 test program to confirm that the test virus scanner is
556 behaving as expected.
559 @param aMessage The message to be processed.
561 void CTestVirusHook::CleanFile(const TDesC& aName, TInt aOperation)
565 TBool bChangedToRw=EFalse;
569 TInt r = iFs.Att(aName, fileAtt);
575 if (fileAtt & KEntryAttReadOnly)
577 bChangedToRw = ETrue;
578 r = iFs.SetAtt(aName, 0, KEntryAttReadOnly);
581 r = infectedFile.Open(iFs, aName, EFileShareAny | EFileWrite);
588 //To show we've fixed the file, append "Infection deleted" to the end of it.
589 infectedFile.Seek(ESeekEnd, pos);
593 infectedFile.Write(_L8("infection detected - file open\\n"));
596 infectedFile.Write(_L8("infection detected - file delete\\n"));
599 infectedFile.Write(_L8("infection detected - file rename\\n"));
602 infectedFile.Write(_L8("infection detected - file close\\n"));
606 infectedFile.Close();
610 iFs.SetAtt(aName, KEntryAttReadOnly,0);
616 class CVsHookFactory : public CFsPluginFactory
620 virtual TInt Install();
621 virtual CFsPlugin* NewPluginL();
622 virtual CFsPlugin* NewPluginConnL();
623 virtual TInt UniquePosition();
627 Constructor for the plugin factory
630 CVsHookFactory::CVsHookFactory()
635 Install function for the plugin factory
638 TInt CVsHookFactory::Install()
640 iSupportedDrives = KPluginAutoAttach;
642 _LIT(KVsHookName,"VsHook");
643 return(SetName(&KVsHookName));
649 TInt CVsHookFactory::UniquePosition()
655 Plugin factory function
658 CFsPlugin* CVsHookFactory::NewPluginL()
661 return CTestVirusHook::NewL();
665 Plugin factory function
668 CFsPlugin* CVsHookFactory::NewPluginConnL()
671 return CTestVirusHook::NewL();
680 EXPORT_C CFsPluginFactory* CreateFileSystem()
682 return(new CVsHookFactory());