diff --git a/IPA.Loader/AntiMalware/AntiMalwareEngine.cs b/IPA.Loader/AntiMalware/AntiMalwareEngine.cs
index 9ca16586..3c70c09f 100644
--- a/IPA.Loader/AntiMalware/AntiMalwareEngine.cs
+++ b/IPA.Loader/AntiMalware/AntiMalwareEngine.cs
@@ -7,8 +7,16 @@ using System.Threading.Tasks;
namespace IPA.AntiMalware
{
+ ///
+ /// Provides a way to access BSIPA's Anti-Malware engine.
+ ///
+ ///
+ ///
public static class AntiMalwareEngine
{
+ ///
+ /// Gets the current Anti-Malware engine.
+ ///
public static IAntiMalware Engine { get; } = InitializeEngine();
private static IAntiMalware InitializeEngine()
diff --git a/IPA.Loader/AntiMalware/IAntiMalware.cs b/IPA.Loader/AntiMalware/IAntiMalware.cs
index 0d974a34..5c8d37a6 100644
--- a/IPA.Loader/AntiMalware/IAntiMalware.cs
+++ b/IPA.Loader/AntiMalware/IAntiMalware.cs
@@ -3,9 +3,23 @@ using System.IO;
namespace IPA.AntiMalware
{
+ ///
+ /// An Anti-Malware engine that can be used to scan and detect potentially harmful files.
+ ///
public interface IAntiMalware
{
+ ///
+ /// Scans a particular file for malware.
+ ///
+ /// The file to scan.
+ /// A indicating whether the file is safe or not.
ScanResult ScanFile(FileInfo file);
+ ///
+ /// Scans a particular in-memory blob for malware.
+ ///
+ /// The binary blob to scan.
+ /// The name of the content. If this is left , one will be automatically generated.
+ /// A indicating whether the file is safe or not.
ScanResult ScanData(byte[] data, string? contentName = null);
}
}
diff --git a/IPA.Loader/AntiMalware/ScanResult.cs b/IPA.Loader/AntiMalware/ScanResult.cs
index ba17fde9..43d501eb 100644
--- a/IPA.Loader/AntiMalware/ScanResult.cs
+++ b/IPA.Loader/AntiMalware/ScanResult.cs
@@ -1,11 +1,27 @@
namespace IPA.AntiMalware
{
+ ///
+ /// The result of an Anti-Malware scan.
+ ///
public enum ScanResult
{
+ ///
+ /// The object is known to be safe.
+ ///
KnownSafe,
+ ///
+ /// No malware was detected, but it is not known to be safe.
+ ///
NotDetected,
+ ///
+ /// Malware was detected, and the content should not be executed.
+ ///
Detected,
- BlockedByPolicy
+ ///
+ /// The malware engine returned a threat level less than the max, so this object may be dangerous.
+ /// Proceed with caution.
+ ///
+ MaybeMalware
}
}
diff --git a/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs b/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs
index d5bc671c..048dca96 100644
--- a/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs
+++ b/IPA.Loader/AntiMalware/_HideInNet3/WindowsAntiMalware.cs
@@ -40,8 +40,7 @@ namespace IPA.AntiMalware
AmsiResult.Clean => ScanResult.KnownSafe,
AmsiResult.NotDetected => ScanResult.NotDetected,
AmsiResult.Detected => ScanResult.Detected,
- var a when a is >= AmsiResult.BlockedByAdminStart and <= AmsiResult.BlockedByAdminEnd => ScanResult.BlockedByPolicy,
- _ => ScanResult.NotDetected,
+ _ => ScanResult.MaybeMalware
};
public ScanResult ScanFile(FileInfo file)