From 42a011541c868659a781401c874e0314784916ec Mon Sep 17 00:00:00 2001
From: Marcel Baumgartner <marcel.kbkm@gmail.com>
Date: Wed, 30 Aug 2023 16:20:57 +0200
Subject: [PATCH] Added proxy scan

---
 Moonlight/App/MalwareScans/ProxyScan.cs      | 36 ++++++++++++++++++++
 Moonlight/App/Services/MalwareScanService.cs |  3 +-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 Moonlight/App/MalwareScans/ProxyScan.cs

diff --git a/Moonlight/App/MalwareScans/ProxyScan.cs b/Moonlight/App/MalwareScans/ProxyScan.cs
new file mode 100644
index 00000000..f6d26d76
--- /dev/null
+++ b/Moonlight/App/MalwareScans/ProxyScan.cs
@@ -0,0 +1,36 @@
+using Moonlight.App.Database.Entities;
+using Moonlight.App.Models.Misc;
+using Moonlight.App.Services;
+
+namespace Moonlight.App.MalwareScans;
+
+public class ProxyScan : MalwareScan
+{
+    public override string Name => "Proxy software";
+    public override string Description => "Software to use nodes as a proxy";
+    public override async Task<MalwareScanResult?> Scan(Server server, IServiceProvider serviceProvider)
+    {
+        var serverService = serviceProvider.GetRequiredService<ServerService>();
+        var access = await serverService.CreateFileAccess(server, null!);
+
+        var files = await access.Ls();
+
+        foreach (var file in files.Where(x => x.Name.EndsWith(".sh")))
+        {
+            var fileContent = await access.Read(file);
+            var processableContent = fileContent.ToLower();
+
+            if (processableContent.Contains("t-e-s-tweb"))
+            {
+                return new MalwareScanResult()
+                {
+                    Title = "Proxy software",
+                    Description = "Software to use nodes as a proxy",
+                    Author = "Marcel Baumgartner"
+                };
+            }
+        }
+
+        return null;
+    }
+}
\ No newline at end of file
diff --git a/Moonlight/App/Services/MalwareScanService.cs b/Moonlight/App/Services/MalwareScanService.cs
index 3674cdd0..999f0070 100644
--- a/Moonlight/App/Services/MalwareScanService.cs
+++ b/Moonlight/App/Services/MalwareScanService.cs
@@ -24,7 +24,8 @@ public MalwareScanService(PluginService pluginService, IServiceScopeFactory serv
             new MinerJarScan(),
             new SelfBotCodeScan(),
             new FakePlayerPluginScan(),
-            new MinerScan()
+            new MinerScan(),
+            new ProxyScan()
         };
 
         var scans = await PluginService.BuildMalwareScans(defaultScans.ToArray());