From aa51aa4a59980220df1f8ed8c81f6373d0682308 Mon Sep 17 00:00:00 2001
From: Robert Putt <robert.putt@rackspace.co.uk>
Date: Wed, 9 May 2018 19:54:02 +0100
Subject: [PATCH] Add clamav scanning plugin

Adds clamav scanning plugging to perform malware scanning via
clamd unix socket

Change-Id: I8a1288080c861c6e75adb37f7bc94500150ed3c0
---
 python_nemesis/plugins/clamav.py.plugin | 41 +++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 python_nemesis/plugins/clamav.py.plugin

diff --git a/python_nemesis/plugins/clamav.py.plugin b/python_nemesis/plugins/clamav.py.plugin
new file mode 100644
index 0000000..ae2fdfd
--- /dev/null
+++ b/python_nemesis/plugins/clamav.py.plugin
@@ -0,0 +1,41 @@
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+import clamd
+
+
+class NemesisPlugin(object):
+    plugin_name = 'ClamAV'
+
+    def __init__(self, file_data):
+        self.file_data = file_data
+        self.cd = clamd.ClamdUnixSocket()
+
+    def analyse(self):
+        file_name = '/tmp/%s' %  self.file_data['file_uuid']
+        scan_data = self.cd.scan(file_name)
+
+        for k,v in scan_data.items():
+            malware = v[0]
+            classification = v[1]
+
+        if malware == 'OK':
+            malware = False
+        else:
+            malware = True
+
+        result = {"success": True,
+                  "result": {'is_malware': malware,
+                             'malware_type': classification},
+                  "message": None}
+        return result
+