0
|
1 |
// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
2 |
// All rights reserved.
|
|
3 |
// This component and the accompanying materials are made available
|
|
4 |
// under the terms of the License "Eclipse Public License v1.0"
|
|
5 |
// which accompanies this distribution, and is available
|
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
7 |
//
|
|
8 |
// Initial Contributors:
|
|
9 |
// Nokia Corporation - initial contribution.
|
|
10 |
//
|
|
11 |
// Contributors:
|
|
12 |
//
|
|
13 |
// Description:
|
|
14 |
// f32test\virus\t_vshook.cpp
|
|
15 |
//
|
|
16 |
//
|
|
17 |
|
|
18 |
#include "t_vshook.h"
|
|
19 |
#include <f32pluginutils.h>
|
|
20 |
|
|
21 |
|
|
22 |
_LIT(KVirusScannerName, "This is a test virus scanner");
|
|
23 |
|
|
24 |
|
|
25 |
/**
|
|
26 |
Leaving New function for the plugin
|
|
27 |
@internalComponent
|
|
28 |
*/
|
|
29 |
CTestVirusHook* CTestVirusHook::NewL()
|
|
30 |
{
|
|
31 |
return new(ELeave) CTestVirusHook;
|
|
32 |
}
|
|
33 |
|
|
34 |
|
|
35 |
/**
|
|
36 |
Constructor for the plugin
|
|
37 |
@internalComponent
|
|
38 |
*/
|
|
39 |
CTestVirusHook::CTestVirusHook()
|
|
40 |
{
|
|
41 |
// RDebug::Print(_L("EMaxClientOperations %d, size of CFsPlugin %d, iSignatureOffset %d"), EMaxClientOperations, sizeof(CFsPlugin), _FOFF(CTestVirusHook, iSignature));
|
|
42 |
ASSERT(iSignature == 0);
|
|
43 |
iSignature = 0x1234;
|
|
44 |
}
|
|
45 |
|
|
46 |
|
|
47 |
/**
|
|
48 |
The destructor for the test virus scanner hook. This would
|
|
49 |
not be a part of a normal virus scanner implementation as
|
|
50 |
normal virus scanners cannot be unloaded - it must be
|
|
51 |
provided in the test virus scanner server so that it can
|
|
52 |
be tested with the F32 test suite.
|
|
53 |
@internalComponent
|
|
54 |
*/
|
|
55 |
CTestVirusHook::~CTestVirusHook()
|
|
56 |
{
|
|
57 |
iFs.Close();
|
|
58 |
|
|
59 |
for (TInt i = 0; i < iSignaturesLoaded; i++)
|
|
60 |
{
|
|
61 |
if (iKnownSignatures[i])
|
|
62 |
{
|
|
63 |
delete iKnownSignatures[i];
|
|
64 |
}
|
|
65 |
}
|
|
66 |
ASSERT(iSignature == 0x1234);
|
|
67 |
}
|
|
68 |
|
|
69 |
/**
|
|
70 |
Initialise the virus scanner.
|
|
71 |
Reads the virus definition file and then waits for
|
|
72 |
notification that files containing a virus have been
|
|
73 |
detected.
|
|
74 |
@internalComponent
|
|
75 |
*/
|
|
76 |
void CTestVirusHook::InitialiseL()
|
|
77 |
{
|
|
78 |
User::LeaveIfError(RegisterIntercept(EFsFileOpen, EPreIntercept));
|
|
79 |
User::LeaveIfError(RegisterIntercept(EFsFileSubClose, EPostIntercept));
|
|
80 |
User::LeaveIfError(RegisterIntercept(EFsFileRename, EPreIntercept));
|
|
81 |
User::LeaveIfError(RegisterIntercept(EFsRename, EPreIntercept));
|
|
82 |
User::LeaveIfError(RegisterIntercept(EFsDelete, EPreIntercept));
|
|
83 |
User::LeaveIfError(RegisterIntercept(EFsReplace, EPreIntercept));
|
|
84 |
User::LeaveIfError(RegisterIntercept(EFsReadFileSection, EPreIntercept));
|
|
85 |
|
|
86 |
ReadVirusDefinitionFile();
|
|
87 |
}
|
|
88 |
|
|
89 |
/**
|
|
90 |
Read the virus definition file C:\virusdef.txt and parse
|
|
91 |
its contents. Any virus definitions found in that file
|
|
92 |
are added to the KnownSignatures array so they can be
|
|
93 |
used by the virus scanning hook.
|
|
94 |
|
|
95 |
@internalComponent
|
|
96 |
|
|
97 |
@return KErrNone if the file was read and parsed
|
|
98 |
successfuly.
|
|
99 |
*/
|
|
100 |
TInt CTestVirusHook::ReadVirusDefinitionFile()
|
|
101 |
{
|
|
102 |
TInt r = iFs.Connect();
|
|
103 |
if (r != KErrNone)
|
|
104 |
return r;
|
|
105 |
|
|
106 |
r = iFs.SetNotifyChange(EFalse); // Disable change notifications
|
|
107 |
if (r != KErrNone)
|
|
108 |
return r;
|
|
109 |
|
|
110 |
//Open the virus definition file
|
|
111 |
RFile vsDefFile;
|
|
112 |
r = vsDefFile.Open(iFs, _L("C:\\virusdef.txt"), EFileShareAny);
|
|
113 |
if (r != KErrNone)
|
|
114 |
return r;
|
|
115 |
|
|
116 |
TInt fileSize=0;
|
|
117 |
r = vsDefFile.Size(fileSize);
|
|
118 |
if (r != KErrNone)
|
|
119 |
{
|
|
120 |
vsDefFile.Close();
|
|
121 |
return r;
|
|
122 |
}
|
|
123 |
|
|
124 |
HBufC8* defBuf=NULL;
|
|
125 |
|
|
126 |
TRAP(r,defBuf = HBufC8::NewL(fileSize));
|
|
127 |
if (r != KErrNone)
|
|
128 |
{
|
|
129 |
vsDefFile.Close();
|
|
130 |
return r;
|
|
131 |
}
|
|
132 |
|
|
133 |
TPtr8 ptr(defBuf->Des());
|
|
134 |
r = vsDefFile.Read(ptr);
|
|
135 |
if (r != KErrNone)
|
|
136 |
{
|
|
137 |
delete defBuf;
|
|
138 |
vsDefFile.Close();
|
|
139 |
return r;
|
|
140 |
}
|
|
141 |
|
|
142 |
//Now parse the definition file, putting the definitions into the hook's
|
|
143 |
//array of known virus signatures.
|
|
144 |
TInt bytesParsed = 0;
|
|
145 |
TInt stringBeginPos = 0;
|
|
146 |
TInt stringEndPos = 0;
|
|
147 |
TInt stringLength = 0;
|
|
148 |
HBufC8* signatureBuf = NULL;
|
|
149 |
while (bytesParsed < fileSize)
|
|
150 |
{
|
|
151 |
ptr.Set(defBuf->Des());
|
|
152 |
ptr.Set(&ptr[bytesParsed], fileSize-bytesParsed, fileSize-bytesParsed);
|
273
|
153 |
stringBeginPos = ptr.MatchF(_L8(":*;*"));
|
0
|
154 |
|
|
155 |
if (stringBeginPos < 0)
|
|
156 |
{
|
|
157 |
break;
|
|
158 |
}
|
|
159 |
|
273
|
160 |
stringBeginPos += 1; //:
|
0
|
161 |
stringBeginPos += bytesParsed;
|
|
162 |
ptr.Set(defBuf->Des());
|
|
163 |
ptr.Set(&ptr[stringBeginPos], fileSize-stringBeginPos, fileSize-stringBeginPos);
|
273
|
164 |
stringEndPos = ptr.MatchF(_L8("*;*"));
|
0
|
165 |
|
|
166 |
if (stringEndPos < 0)
|
|
167 |
{
|
|
168 |
break;
|
|
169 |
}
|
|
170 |
|
|
171 |
stringEndPos += bytesParsed;
|
273
|
172 |
stringLength = stringEndPos - stringBeginPos + 1;
|
0
|
173 |
|
|
174 |
ptr.Set(defBuf->Des());
|
|
175 |
TRAP(r,signatureBuf = HBufC8::NewL(stringLength));
|
|
176 |
|
|
177 |
TPtrC8 actualSig(ptr.Mid(stringBeginPos, stringLength));
|
|
178 |
|
|
179 |
TPtr8 ptr2(signatureBuf->Des());
|
|
180 |
ptr2.Append(actualSig);
|
|
181 |
iKnownSignatures[iSignaturesLoaded] = signatureBuf;
|
|
182 |
iSignaturesLoaded++;
|
|
183 |
|
273
|
184 |
bytesParsed += 1; //:
|
0
|
185 |
bytesParsed += stringLength;
|
273
|
186 |
bytesParsed += 1; //;
|
0
|
187 |
}
|
|
188 |
|
|
189 |
//Cleanup
|
|
190 |
delete defBuf;
|
|
191 |
vsDefFile.Close();
|
|
192 |
|
|
193 |
return r;
|
|
194 |
}
|
|
195 |
|
|
196 |
/**
|
|
197 |
@internalComponent
|
|
198 |
*/
|
|
199 |
TInt CTestVirusHook::DoRequestL(TFsPluginRequest& aRequest)
|
|
200 |
{
|
|
201 |
TInt err = KErrNotSupported;
|
|
202 |
|
|
203 |
TInt function = aRequest.Function();
|
|
204 |
|
|
205 |
iDrvNumber = aRequest.DriveNumber();
|
|
206 |
|
|
207 |
switch(function)
|
|
208 |
{
|
|
209 |
case EFsFileOpen:
|
|
210 |
err = VsFileOpen(aRequest);
|
|
211 |
break;
|
|
212 |
|
|
213 |
case EFsFileSubClose:
|
|
214 |
VsFileClose(aRequest);
|
|
215 |
break;
|
|
216 |
|
|
217 |
case EFsFileRename:
|
|
218 |
case EFsRename:
|
|
219 |
case EFsReplace:
|
|
220 |
err = VsFileRename(aRequest);
|
|
221 |
break;
|
|
222 |
|
|
223 |
case EFsDelete:
|
|
224 |
err = VsFileDelete(aRequest);
|
|
225 |
break;
|
|
226 |
|
|
227 |
case EFsReadFileSection:
|
|
228 |
err = VsReadFileSection(aRequest);
|
|
229 |
break;
|
|
230 |
|
|
231 |
default:
|
|
232 |
break;
|
|
233 |
}
|
|
234 |
|
|
235 |
return err;
|
|
236 |
}
|
|
237 |
|
|
238 |
|
|
239 |
/**
|
|
240 |
@internalComponent
|
|
241 |
*/
|
|
242 |
TInt CTestVirusHook::VsFileOpen(TFsPluginRequest& aRequest)
|
|
243 |
{
|
|
244 |
TFileName fileName;
|
|
245 |
TInt err = ValidateRequest(aRequest, fileName);
|
|
246 |
if (err == KErrNone)
|
|
247 |
{
|
|
248 |
err = ScanFile(fileName);
|
|
249 |
if (err != KErrNone)
|
|
250 |
{
|
|
251 |
// Clean the infected file
|
|
252 |
CleanFile(fileName, EFileOpen);
|
|
253 |
}
|
|
254 |
}
|
|
255 |
|
|
256 |
return err;
|
|
257 |
}
|
|
258 |
|
|
259 |
/**
|
|
260 |
@internalComponent
|
|
261 |
*/
|
|
262 |
void CTestVirusHook::VsFileClose(TFsPluginRequest& aRequest)
|
|
263 |
{
|
|
264 |
TFileName fileName;
|
|
265 |
TInt err = GetName(&aRequest, fileName);
|
|
266 |
if(err == KErrNone)
|
|
267 |
{
|
|
268 |
err = ScanFile(fileName);
|
|
269 |
if (err != KErrNone)
|
|
270 |
{
|
|
271 |
// Clean the infected file
|
|
272 |
CleanFile(fileName, EFileClose);
|
|
273 |
}
|
|
274 |
}
|
|
275 |
}
|
|
276 |
|
|
277 |
/**
|
|
278 |
@internalComponent
|
|
279 |
*/
|
|
280 |
TInt CTestVirusHook::VsFileRename(TFsPluginRequest& aRequest)
|
|
281 |
{
|
|
282 |
|
|
283 |
TInt err = VsDirRename(aRequest);
|
|
284 |
if(err != KErrAccessDenied)
|
|
285 |
{
|
|
286 |
TFileName fileName;
|
|
287 |
err = ValidateRequest(aRequest, fileName);
|
|
288 |
if (err == KErrNone)
|
|
289 |
{
|
|
290 |
err = ScanFile(fileName);
|
|
291 |
if (err != KErrNone)
|
|
292 |
{
|
|
293 |
// Clean the infected file
|
|
294 |
CleanFile(fileName, EFileRename);
|
|
295 |
}
|
|
296 |
}
|
|
297 |
}
|
|
298 |
|
|
299 |
return err;
|
|
300 |
}
|
|
301 |
|
|
302 |
/**
|
|
303 |
@internalComponent
|
|
304 |
*/
|
|
305 |
TInt CTestVirusHook::VsDirRename(TFsPluginRequest& aRequest)
|
|
306 |
{
|
|
307 |
|
|
308 |
TFileName fileName;
|
|
309 |
TInt err = GetName(&aRequest, fileName);
|
|
310 |
if(err != KErrNone)
|
|
311 |
return(err);
|
|
312 |
|
|
313 |
err = fileName.Find(_L("\\system\\lib\\"));
|
|
314 |
if (err != KErrNotFound)
|
|
315 |
{
|
|
316 |
//Don't allow sys\bin to be ever renamed
|
|
317 |
return KErrAccessDenied;
|
|
318 |
}
|
|
319 |
err = fileName.Find(_L("\\sys\\bin\\"));
|
|
320 |
if (err != KErrNotFound)
|
|
321 |
{
|
|
322 |
//Don't allow sys\bin to be ever renamed
|
|
323 |
return KErrAccessDenied;
|
|
324 |
}
|
|
325 |
|
|
326 |
return err;
|
|
327 |
}
|
|
328 |
|
|
329 |
/**
|
|
330 |
@internalComponent
|
|
331 |
*/
|
|
332 |
TInt CTestVirusHook::VsFileDelete(TFsPluginRequest& aRequest)
|
|
333 |
{
|
|
334 |
|
|
335 |
TFileName fileName;
|
|
336 |
TInt err = ValidateRequest(aRequest, fileName);
|
|
337 |
return err;
|
|
338 |
}
|
|
339 |
|
|
340 |
/**
|
|
341 |
@internalComponent
|
|
342 |
*/
|
|
343 |
TInt CTestVirusHook::VsReadFileSection(TFsPluginRequest& aRequest)
|
|
344 |
{
|
|
345 |
|
|
346 |
// The t_virus test uses a filename clean.txt, a read length of 8 and a read position of 0.
|
|
347 |
TFileName fileName;
|
|
348 |
TInt len;
|
|
349 |
TInt pos;
|
|
350 |
|
|
351 |
// test getting name on read file section intercept
|
|
352 |
TInt err = GetName(&aRequest, fileName);
|
|
353 |
if(err != KErrNone)
|
|
354 |
{
|
|
355 |
return(err);
|
|
356 |
}
|
|
357 |
TParse parse;
|
|
358 |
parse.Set(fileName,NULL,NULL);
|
|
359 |
TPtrC name = parse.Name();
|
|
360 |
if(name.CompareF(_L("clean"))!=0)
|
|
361 |
{
|
|
362 |
return(KErrGeneral);
|
|
363 |
}
|
|
364 |
TPtrC ext = parse.Ext();
|
|
365 |
if(ext.CompareF(_L(".txt"))!=0)
|
|
366 |
{
|
|
367 |
return(KErrGeneral);
|
|
368 |
}
|
|
369 |
|
|
370 |
// test getting read length and required file position on read file section intercept
|
|
371 |
err = GetFileAccessInfo(&aRequest, len, pos);
|
|
372 |
if(err != KErrNone)
|
|
373 |
{
|
|
374 |
return(err);
|
|
375 |
}
|
|
376 |
if ((len != 8) || (pos != 0))
|
|
377 |
{
|
|
378 |
return(KErrGeneral);
|
|
379 |
}
|
|
380 |
|
|
381 |
return KErrNone;
|
|
382 |
}
|
|
383 |
|
|
384 |
|
|
385 |
/**
|
|
386 |
@internalComponent
|
|
387 |
*/
|
|
388 |
TInt CTestVirusHook::VirusScannerName(TDes& aName)
|
|
389 |
{
|
|
390 |
aName = KVirusScannerName;
|
|
391 |
return KErrNone;
|
|
392 |
}
|
|
393 |
|
|
394 |
/**
|
|
395 |
Reads the contents of the file passed in and checks
|
|
396 |
whether it contains any of the specified virus
|
|
397 |
signatures
|
|
398 |
|
|
399 |
@return A value depending on whether a known virus is
|
|
400 |
found within the file.
|
|
401 |
|
|
402 |
@param aFile A CFileCB object which can be used to read the file.
|
|
403 |
@internalComponent
|
|
404 |
*/
|
|
405 |
TInt CTestVirusHook::ScanFile(const TDesC& aName)
|
|
406 |
{
|
|
407 |
|
|
408 |
TInt r = KErrNone;
|
|
409 |
TInt pos = 0;
|
|
410 |
TInt size = 0;
|
|
411 |
|
|
412 |
// Rename the file
|
|
413 |
TPtrC tmpFile = _L("VS_RENAMED.VSH");
|
|
414 |
TParse parse;
|
|
415 |
parse.Set(aName, NULL, NULL);
|
|
416 |
parse.Set(parse.DriveAndPath(), &tmpFile, NULL);
|
|
417 |
|
|
418 |
r = iFs.Rename(aName, parse.FullName());
|
|
419 |
if(r != KErrNone)
|
|
420 |
return r;
|
|
421 |
|
|
422 |
RFile file;
|
|
423 |
r = file.Open(iFs, parse.FullName(), EFileRead);
|
|
424 |
if(r == KErrNone)
|
|
425 |
{
|
|
426 |
r = file.Size(size);
|
|
427 |
}
|
|
428 |
|
|
429 |
//If the file size is 0, then the file
|
|
430 |
//has just been created - so it can't contain
|
|
431 |
//a virus.
|
|
432 |
if(r != KErrNone || size == 0)
|
|
433 |
{
|
|
434 |
file.Close();
|
|
435 |
|
|
436 |
// Rename the file back
|
|
437 |
TInt err = iFs.Rename(parse.FullName(), aName);
|
|
438 |
if(err != KErrNone)
|
|
439 |
return err;
|
|
440 |
|
|
441 |
return r;
|
|
442 |
}
|
|
443 |
|
|
444 |
do
|
|
445 |
{
|
|
446 |
r = file.Read(pos, iScanBuf);
|
|
447 |
|
|
448 |
if (r != KErrNone)
|
|
449 |
{
|
|
450 |
break;
|
|
451 |
}
|
|
452 |
|
|
453 |
r = ScanBuffer();
|
|
454 |
pos += iScanBuf.Length();
|
|
455 |
} while ((r == KErrNotFound) && (iScanBuf.Length() == iScanBuf.MaxLength()));
|
|
456 |
|
|
457 |
file.Close();
|
|
458 |
|
|
459 |
// Rename the file back
|
|
460 |
TInt err = iFs.Rename(parse.FullName(), aName);
|
|
461 |
if(err != KErrNone)
|
|
462 |
return err;
|
|
463 |
|
|
464 |
if (r > 0)
|
|
465 |
{
|
|
466 |
//We've found an infection
|
|
467 |
return KErrAccessDenied;
|
|
468 |
}
|
|
469 |
else
|
|
470 |
{
|
|
471 |
return KErrNone;
|
|
472 |
}
|
|
473 |
}
|
|
474 |
|
|
475 |
/**
|
|
476 |
Scans the internal buffer which has been loaded with fresh
|
|
477 |
file contents, to see if it contains any known virus
|
|
478 |
signatures.
|
|
479 |
|
|
480 |
@return A value depending on whether a known virus signature
|
|
481 |
is found within the buffer.
|
|
482 |
|
|
483 |
@internalComponent
|
|
484 |
*/
|
|
485 |
TInt CTestVirusHook::ScanBuffer()
|
|
486 |
{
|
|
487 |
//Look through the internal buffer for all known virus signatures.
|
|
488 |
|
|
489 |
TInt r;
|
|
490 |
for (TInt i = 0; i < iSignaturesLoaded; i++)
|
|
491 |
{
|
|
492 |
r = iScanBuf.Find(iKnownSignatures[i]->Des());
|
|
493 |
|
|
494 |
if (r != KErrNotFound)
|
|
495 |
{
|
|
496 |
return r;
|
|
497 |
}
|
|
498 |
}
|
|
499 |
return KErrNone;
|
|
500 |
}
|
|
501 |
|
|
502 |
/**
|
|
503 |
Validate that nobody is trying to touch the virus scanner files.
|
|
504 |
|
|
505 |
@internalComponent
|
|
506 |
|
|
507 |
@return A value depending on whethe the virus scanner files are
|
|
508 |
being fiddled with.
|
|
509 |
|
|
510 |
@param aDriveNum The drive number of the request which called into
|
|
511 |
the test virus scanning hook.
|
|
512 |
|
|
513 |
@param aName The full pathname of the file being accessed by the
|
|
514 |
request to the file server hook.
|
|
515 |
*/
|
|
516 |
TInt CTestVirusHook::ValidateRequest(TFsPluginRequest& aRequest, TFileName& aFileName)
|
|
517 |
{
|
|
518 |
TInt driveNumber = aRequest.DriveNumber();
|
|
519 |
|
|
520 |
TInt err = GetName(&aRequest, aFileName);
|
|
521 |
if(err != KErrNone)
|
|
522 |
return(err);
|
|
523 |
|
|
524 |
if (driveNumber == EDriveC)
|
|
525 |
{
|
|
526 |
TInt r = aFileName.Find(_L("\\virusdef.txt"));
|
|
527 |
|
|
528 |
if (r != KErrNotFound)
|
|
529 |
{
|
|
530 |
//Do not allow the deletion of the virus definition file.
|
|
531 |
return KErrAccessDenied;
|
|
532 |
}
|
|
533 |
|
|
534 |
r = aFileName.Find(_L("\\system\\libs\\t_vshook.pxt"));
|
|
535 |
if (r != KErrNotFound)
|
|
536 |
{
|
|
537 |
//Do not allow the deletion of the this dll
|
|
538 |
return KErrAccessDenied;
|
|
539 |
}
|
|
540 |
r = aFileName.Find(_L("\\sys\\bin\\t_vshook.pxt"));
|
|
541 |
if (r != KErrNotFound)
|
|
542 |
{
|
|
543 |
//Do not allow the deletion of the this dll
|
|
544 |
return KErrAccessDenied;
|
|
545 |
}
|
|
546 |
}
|
|
547 |
return KErrNone;
|
|
548 |
}
|
|
549 |
|
|
550 |
/**
|
|
551 |
Processes a message which describes the detection of an
|
|
552 |
infected file. Appends the relevant text at the end of the
|
|
553 |
file to say that it has been "cleaned". This allows the virus
|
|
554 |
test program to confirm that the test virus scanner is
|
|
555 |
behaving as expected.
|
|
556 |
|
|
557 |
@internalComponent
|
|
558 |
@param aMessage The message to be processed.
|
|
559 |
*/
|
|
560 |
void CTestVirusHook::CleanFile(const TDesC& aName, TInt aOperation)
|
|
561 |
{
|
|
562 |
|
|
563 |
RFile infectedFile;
|
|
564 |
TBool bChangedToRw=EFalse;
|
|
565 |
TInt pos=0;
|
|
566 |
|
|
567 |
TUint fileAtt;
|
|
568 |
TInt r = iFs.Att(aName, fileAtt);
|
|
569 |
if (r != KErrNone)
|
|
570 |
{
|
|
571 |
return;
|
|
572 |
}
|
|
573 |
|
|
574 |
if (fileAtt & KEntryAttReadOnly)
|
|
575 |
{
|
|
576 |
bChangedToRw = ETrue;
|
|
577 |
r = iFs.SetAtt(aName, 0, KEntryAttReadOnly);
|
|
578 |
}
|
|
579 |
|
|
580 |
r = infectedFile.Open(iFs, aName, EFileShareAny | EFileWrite);
|
|
581 |
|
|
582 |
if (r != KErrNone)
|
|
583 |
{
|
|
584 |
return;
|
|
585 |
}
|
|
586 |
|
|
587 |
//To show we've fixed the file, append "Infection deleted" to the end of it.
|
|
588 |
infectedFile.Seek(ESeekEnd, pos);
|
|
589 |
switch (aOperation)
|
|
590 |
{
|
|
591 |
case EFileOpen:
|
|
592 |
infectedFile.Write(_L8("infection detected - file open\\n"));
|
|
593 |
break;
|
|
594 |
case EFileDelete:
|
|
595 |
infectedFile.Write(_L8("infection detected - file delete\\n"));
|
|
596 |
break;
|
|
597 |
case EFileRename:
|
|
598 |
infectedFile.Write(_L8("infection detected - file rename\\n"));
|
|
599 |
break;
|
|
600 |
case EFileClose:
|
|
601 |
infectedFile.Write(_L8("infection detected - file close\\n"));
|
|
602 |
break;
|
|
603 |
}
|
|
604 |
|
|
605 |
infectedFile.Close();
|
|
606 |
|
|
607 |
if (bChangedToRw)
|
|
608 |
{
|
|
609 |
iFs.SetAtt(aName, KEntryAttReadOnly,0);
|
|
610 |
}
|
|
611 |
}
|
|
612 |
|
|
613 |
//factory functions
|
|
614 |
|
|
615 |
class CVsHookFactory : public CFsPluginFactory
|
|
616 |
{
|
|
617 |
public:
|
|
618 |
CVsHookFactory();
|
|
619 |
virtual TInt Install();
|
|
620 |
virtual CFsPlugin* NewPluginL();
|
|
621 |
virtual CFsPlugin* NewPluginConnL();
|
|
622 |
virtual TInt UniquePosition();
|
|
623 |
};
|
|
624 |
|
|
625 |
/**
|
|
626 |
Constructor for the plugin factory
|
|
627 |
@internalComponent
|
|
628 |
*/
|
|
629 |
CVsHookFactory::CVsHookFactory()
|
|
630 |
{
|
|
631 |
}
|
|
632 |
|
|
633 |
/**
|
|
634 |
Install function for the plugin factory
|
|
635 |
@internalComponent
|
|
636 |
*/
|
|
637 |
TInt CVsHookFactory::Install()
|
|
638 |
{
|
|
639 |
iSupportedDrives = KPluginAutoAttach;
|
|
640 |
|
|
641 |
_LIT(KVsHookName,"VsHook");
|
|
642 |
return(SetName(&KVsHookName));
|
|
643 |
}
|
|
644 |
|
|
645 |
/**
|
|
646 |
@internalComponent
|
|
647 |
*/
|
|
648 |
TInt CVsHookFactory::UniquePosition()
|
|
649 |
{
|
|
650 |
return(0x3EC);
|
|
651 |
}
|
|
652 |
|
|
653 |
/**
|
|
654 |
Plugin factory function
|
|
655 |
@internalComponent
|
|
656 |
*/
|
|
657 |
CFsPlugin* CVsHookFactory::NewPluginL()
|
|
658 |
|
|
659 |
{
|
|
660 |
return CTestVirusHook::NewL();
|
|
661 |
}
|
|
662 |
|
|
663 |
/**
|
|
664 |
Plugin factory function
|
|
665 |
@internalComponent
|
|
666 |
*/
|
|
667 |
CFsPlugin* CVsHookFactory::NewPluginConnL()
|
|
668 |
|
|
669 |
{
|
|
670 |
return CTestVirusHook::NewL();
|
|
671 |
}
|
|
672 |
|
|
673 |
/**
|
|
674 |
Create a new Plugin
|
|
675 |
@internalComponent
|
|
676 |
*/
|
|
677 |
extern "C" {
|
|
678 |
|
|
679 |
EXPORT_C CFsPluginFactory* CreateFileSystem()
|
|
680 |
{
|
|
681 |
return(new CVsHookFactory());
|
|
682 |
}
|
|
683 |
}
|
|
684 |
|