amsi

package module

v0.0.0-...-e5d93b7 Latest Latest Go to latest Published: Jun 8, 2020 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Velocidex/amsi

Links

Open Source Insights

README ¶

Microsoft Antimalware Golang API

This package implements a Golang API for Microsoft's Antimalware Scan Interface (AMSI). This package allows Go programs to integrate with any antimalware product present on a Windows 10 or Windows Server 2016 machine.

Example

package main

import (
    "warry.io/amsi"
)

func main() {
    err := amsi.Initialize()
    if err != nil { panic(err) }
    defer amsi.Uninitialize()

    session := amsi.OpenSession()
    defer amsi.CloseSession(session)
    result := session.ScanString("Hello World")
    if result != amsi.ResultNotDetected {
        panic("Hello world is not a virus")
    } 

    result = session.ScanString(
        `X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*`)
    if result != amsi.ResultDetected {
        panic("Test virus string is a \"virus\"")
    } 
}

Documentation ¶

Overview ¶

Package amsi encapsulates Microsoft's Antimalware Scan Interface for scanning files from Golang for any Windows 10 or Windows Server 2016 system. Supports the Azure extension for integrating Microsoft Antimalware Protection in Windows VMs. Since the interface itself is generic, may also support scanning via the primary anti-virus present on the machine.

Index ¶

func CloseSession(session *Session)
func Initialize() error
func Uninitialize()
type Context
type ScanResult
type Session
- func OpenSession() *Session
- func (session *Session) ScanBuffer(fileContent []byte) ScanResult
- func (session *Session) ScanString(str string) ScanResult

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CloseSession ¶

func CloseSession(session *Session)

CloseSession from the initialized context's open session function.

func Initialize ¶

func Initialize() error

Initialize the AMSI API. Automatically uses the name of the calling application to initialize. Returns the AMSI context for calling API functions.

func Uninitialize ¶

func Uninitialize()

Uninitialize the AMSI API. Removes the instance opened by Initialize.

Types ¶

type Context ¶

type Context uintptr

Context is the application's handle to AMSI's scan API. Can request API sessions for scanning files through the context.

type ScanResult ¶

type ScanResult int

ScanResult is an enumeration which specifies the types of results returned by scans from AMSI.

const (
	ResultClean               ScanResult = 0
	ResultNotDetected         ScanResult = 1
	CannotInitializeAmsi      ScanResult = 2
	ResultBlockedByAdminStart ScanResult = 16384
	ResultBlockedByAdminEnd   ScanResult = 20479
	ResultDetected            ScanResult = 32768
)

Enum values for ScanResult

type Session ¶

type Session uintptr

Session for scanning multiple files.

func OpenSession ¶

func OpenSession() *Session

OpenSession opens an AMSI session for requesting scans on one or multiple files. Returns a session object for requesting scans.

func (*Session) ScanBuffer ¶

func (session *Session) ScanBuffer(fileContent []byte) ScanResult

ScanBuffer scans a buffer of content for malware. Returns the scan result.

func (*Session) ScanString ¶

func (session *Session) ScanString(str string) ScanResult

ScanString scans a string for malware. Returns the scan result.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL