Fix allows symantec to run correctly. Also fixes allowing the finding…

probe/modules/antivirus/base.py

@@ -236,7 +236,7 @@ def _locate(cls, pattern, paths, syspath):
         elif not paths:
             paths = [Path('/')]
 
-        return (f for path in paths for f in path.glob(pattern) if f.is_file())
+        return (f for path in paths for f in path.glob(pattern) if (f.is_file()) or (f.is_file()))
 
     def identify_threat(self, filename, out):
         for pattern in self.scan_patterns:

probe/modules/antivirus/eset_win/eset_win.py

@@ -0,0 +1,71 @@
+#
+# Copyright (c) 2013-2018 Quarkslab.
+# This file is part of IRMA project.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the top-level directory
+# of this distribution and at:
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# No part of the project, including this file, may be copied,
+# modified, propagated, or distributed except according to the
+# terms contained in the LICENSE file.
+
+import logging
+import re
+
+from modules.antivirus.base import AntivirusWindows
+
+log = logging.getLogger(__name__)
+
+
+class ESETWin(AntivirusWindows):
+    name = "ESET Anti-Virus (Windows)"
+
+    # ==================================
+    #  Constructor and destructor stuff
+    # ==================================
+
+    def __init__(self, *args, **kwargs):
+        # class super class constructor
+        super().__init__(*args, **kwargs)
+        # scan tool variables
+        # other flag
+        # archivemaxrecursion=N default 10
+        self.scan_args = (
+            "/files",
+        )
+        # return code
+        # 0 Normal nothing found
+        # 1 Found converning file
+        # 3 Suspicious files found (maybe need regex for this one and I think
+        # is used when heurlevel is set)
+        self._scan_retcodes[self.ScanResult.INFECTED] = lambda x: x in [1, 50]
+        self.scan_patterns = [
+            re.compile('name="(?P<file>[^\s]+)", threat="(?P<name>.+)", action="", info=""',re.IGNORECASE)
+        ]
+
+    # ==========================================
+    #  Antivirus methods (need to be overriden)
+    # ==========================================
+    def get_version(self):
+        """return the version of the antivirus"""
+        return self._run_and_parse(
+            '--version',
+            regexp='ecls.exe\s+(?P<version>\d+(\.\d+)+)',
+            group='version')
+        # match VDF version is for database
+        # matches = re.search(r'VDF Version:\s+'
+        #                     r'(?P<version>\d+(\.\d+)+)',
+        #                    stdout, re.IGNORECASE)
+        # match engine version
+
+    def get_database(self):
+        """return list of files in the database"""
+        return None
+
+    def get_scan_path(self):
+        """return the full path of the scan tool"""
+        return self.locate_one("ESET/ESET Security/ecls.exe")

probe/modules/antivirus/eset_win/plugin.py

@@ -0,0 +1,43 @@
+#
+# Copyright (c) 2013-2018 Quarkslab.
+# This file is part of IRMA project.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the top-level directory
+# of this distribution and at:
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# No part of the project, including this file, may be copied,
+# modified, propagated, or distributed except according to the
+# terms contained in the LICENSE file.
+
+from .eset_win import ESETWin
+from ..interface import AntivirusPluginInterface
+
+from irma.common.plugins import PluginMetaClass, PlatformDependency
+from irma.common.base.utils import IrmaProbeType
+
+
+class ESETWinPlugin(AntivirusPluginInterface, metaclass=PluginMetaClass):
+
+    # =================
+    #  plugin metadata
+    # =================
+
+    _plugin_name_ = "ESETWin"
+    _plugin_display_name_ = ESETWin.name
+    _plugin_author_ = "clandestine"
+    _plugin_version_ = "0.0.1"
+    _plugin_category_ = IrmaProbeType.antivirus
+    _plugin_description_ = "Plugin for ESET AV on Windows"
+    _plugin_dependencies_ = [
+        PlatformDependency('win32')
+    ]
+
+    # ================
+    #  interface data
+    # ================
+
+    module_cls = ESETWin

probe/modules/antivirus/interface.py

@@ -46,6 +46,7 @@ def run(self, paths):
                 results.database = {str(fp): self.file_metadata(fp)
                                     for fp in self.module.database}
             # launch an antivirus scan, automatically append scan results
+	    fpath = str(fpath)
             started = timestamp(datetime.utcnow())
             results.status = self.module.scan(fpath)
             stopped = timestamp(datetime.utcnow())

probe/modules/antivirus/symantec_win/symantec_win.py

@@ -63,7 +63,7 @@ def get_version(self):
 
     def get_scan_path(self):
         """return the full path of the scan tool"""
-        return self.locate_one("/Symantec/*/DoScan.exe")
+        return self.locate_one("Symantec/*/DoScan.exe")
 
     ##########################################################################
     # specific scan method
@@ -94,6 +94,7 @@ def check_scan_results(self, paths, results):
                 mtime = self._log_path.stat().st_mtime
                 delay -= 1
             # look for the line corresponding to this filename
+	    paths = str(paths)
             stdout = "".join(
                 line + '\n'
                 for line in self._log_path.read_text().splitlines()