Documentation ¶
Overview ¶
Package amsi encapsulates Microsoft's Antimalware Scan Interface for scanning files from Golang for any Windows 10 or Windows Server 2016 system. Supports the Azure extension for integrating Microsoft Antimalware Protection in Windows VMs. Since the interface itself is generic, may also support scanning via the primary anti-virus present on the machine.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CloseSession ¶
func CloseSession(session *Session)
CloseSession from the initialized context's open session function.
func Initialize ¶
func Initialize() error
Initialize the AMSI API. Automatically uses the name of the calling application to initialize. Returns the AMSI context for calling API functions.
func Uninitialize ¶
func Uninitialize()
Uninitialize the AMSI API. Removes the instance opened by Initialize.
Types ¶
type Context ¶
type Context uintptr
Context is the application's handle to AMSI's scan API. Can request API sessions for scanning files through the context.
type ScanResult ¶
type ScanResult int
ScanResult is an enumeration which specifies the types of results returned by scans from AMSI.
const ( ResultClean ScanResult = 0 ResultNotDetected ScanResult = 1 CannotInitializeAmsi ScanResult = 2 ResultBlockedByAdminStart ScanResult = 16384 ResultBlockedByAdminEnd ScanResult = 20479 ResultDetected ScanResult = 32768 )
Enum values for ScanResult
type Session ¶
type Session uintptr
Session for scanning multiple files.
func OpenSession ¶
func OpenSession() *Session
OpenSession opens an AMSI session for requesting scans on one or multiple files. Returns a session object for requesting scans.
func (*Session) ScanBuffer ¶
func (session *Session) ScanBuffer(fileContent []byte) ScanResult
ScanBuffer scans a buffer of content for malware. Returns the scan result.
func (*Session) ScanString ¶
func (session *Session) ScanString(str string) ScanResult
ScanString scans a string for malware. Returns the scan result.