diff --git a/IPA.Loader/AntiMalware/AntiMalwareEngine.cs b/IPA.Loader/AntiMalware/AntiMalwareEngine.cs index 9ca16586..3c70c09f 100644 --- a/IPA.Loader/AntiMalware/AntiMalwareEngine.cs +++ b/IPA.Loader/AntiMalware/AntiMalwareEngine.cs @@ -7,8 +7,16 @@ using System.Threading.Tasks; namespace IPA.AntiMalware { + /// + /// Provides a way to access BSIPA's Anti-Malware engine. + /// + /// + /// public static class AntiMalwareEngine { + /// + /// Gets the current Anti-Malware engine. + /// public static IAntiMalware Engine { get; } = InitializeEngine(); private static IAntiMalware InitializeEngine() diff --git a/IPA.Loader/AntiMalware/IAntiMalware.cs b/IPA.Loader/AntiMalware/IAntiMalware.cs index 0d974a34..5c8d37a6 100644 --- a/IPA.Loader/AntiMalware/IAntiMalware.cs +++ b/IPA.Loader/AntiMalware/IAntiMalware.cs @@ -3,9 +3,23 @@ using System.IO; namespace IPA.AntiMalware { + /// + /// An Anti-Malware engine that can be used to scan and detect potentially harmful files. + /// public interface IAntiMalware { + /// + /// Scans a particular file for malware. + /// + /// The file to scan. + /// A indicating whether the file is safe or not. ScanResult ScanFile(FileInfo file); + /// + /// Scans a particular in-memory blob for malware. + /// + /// The binary blob to scan. + /// The name of the content. If this is left , one will be automatically generated. + /// A indicating whether the file is safe or not. ScanResult ScanData(byte[] data, string? contentName = null); } } diff --git a/IPA.Loader/AntiMalware/ScanResult.cs b/IPA.Loader/AntiMalware/ScanResult.cs index ba17fde9..43d501eb 100644 --- a/IPA.Loader/AntiMalware/ScanResult.cs +++ b/IPA.Loader/AntiMalware/ScanResult.cs @@ -1,11 +1,27 @@  namespace IPA.AntiMalware { + /// + /// The result of an Anti-Malware scan. + /// public enum ScanResult { + /// + /// The object is known to be safe. + /// KnownSafe, + /// + /// No malware was detected, but it is not known to be safe. + /// NotDetected, + /// + /// Malware was detected, and the content should not be executed. + /// Detected, - BlockedByPolicy + /// + /// The malware engine returned a threat level less than the max, so this object may be dangerous. + /// Proceed with caution. + /// + MaybeMalware } } diff --git a/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs b/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs index d5bc671c..048dca96 100644 --- a/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs +++ b/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs @@ -40,8 +40,7 @@ namespace IPA.AntiMalware AmsiResult.Clean => ScanResult.KnownSafe, AmsiResult.NotDetected => ScanResult.NotDetected, AmsiResult.Detected => ScanResult.Detected, - var a when a is >= AmsiResult.BlockedByAdminStart and <= AmsiResult.BlockedByAdminEnd => ScanResult.BlockedByPolicy, - _ => ScanResult.NotDetected, + _ => ScanResult.MaybeMalware }; public ScanResult ScanFile(FileInfo file)