简体   繁体   English

工作者角色流程是否可以通过编程方式为Azure云服务调用Antimalware?

[英]Can a Worker Role process call Antimalware for Azure Cloud Services programmatically?

I'm trying to find a solution that I can use to perform virus scanning on files that have been uploaded to Azure blob storage. 我正在尝试找到一种解决方案,我可以使用该解决方案对已上载到Azure blob存储的文件执行病毒扫描。 I wanted to know if it is possible to copy the file to local storage on a Worker Role instance, call Antimalware for Azure Cloud Services to perform the scan on that specific file, and then depending on whether the file is clean, process the file accordingly. 我想知道是否可以将文件复制到Worker Role实例上的本地存储,调用Antimalware for Azure Cloud Services以对该特定文件执行扫描,然后根据文件是否干净,相应地处理文件。

If the Worker Role cannot call the scan programmatically, is there a definitive way to check if a file has been scanned and whether it is clean or not once it has been copied to local storage (I don't know if the service does a real-time scan when new files are added, or only runs on a schedule)? 如果工作者角色无法以编程方式调用扫描,是否有一种确定的方法来检查文件是否已被扫描以及文件是否已被清除(一旦将其复制到本地存储)(我不知道该服务是否真实存在)添加新文件时的时间扫描,还是只按计划运行?

There isn't a direct API that we've found, but the anti-malware services conform to the standards used by Windows desktop virus checkers in that they implement the IAttachmentExecute COM API. 我们没有找到直接的API,但反恶意软件服务符合Windows桌面病毒检查程序使用的标准,因为它们实现了IAttachmentExecute COM API。

So we ended up implementing a file upload service that writes the uploaded file to a Quarantine local resource, then calling the IAttachmentExecute API. 因此,我们最终实现了一个文件上载服务,该服务将上载的文件写入隔离区本地资源,然后调用IAttachmentExecute API。 If the file is infected then, depending on the anti-malware service in use, it will either throw an exception, silently delete the file or mark it as inaccessible. 如果文件被感染,那么根据使用的反恶意软件服务,它将抛出异常,静默删除文件或将其标记为无法访问。 So by attempting to read the first byte of the file, we can test if the file remains accessible. 因此,通过尝试读取文件的第一个字节,我们可以测试文件是否仍然可访问。

var type = Type.GetTypeFromCLSID(new Guid("4125DD96-E03A-4103-8F70-E0597D803B9C"));
var svc = (IAttachmentExecute)Activator.CreateInstance(type);
try {
    svc.SetClientGuid(ref clientGuid);
    svc.SetLocalPath(path);
    svc.Save();
}
finally
{
    svc.ClearClientState();
}

using (var fileStream = File.OpenRead(path))
{
    fileStream.ReadByte();
}

[Guid("73DB1241-1E85-4581-8E4F-A81E1D0F8C57")]
[InterfaceType(ComInterfaceType.InterfaceIsIUnknown)]
public interface IAttachmentExecute
{
    void SetClientGuid(ref Guid guid);

    void SetLocalPath(string pszLocalPath);

    void Save();

    void ClearClientState();
}

I think the best way for you to know is simply take an Azure VM (IaaS) and activate Microsoft Antimalware extension. 我认为最好的方法就是使用Azure VM(IaaS)并激活Microsoft Antimalware扩展。 Then you may log into it and do all the necessary check and tests against the service. 然后,您可以登录并对服务进行所有必要的检查和测试。 Later, you will apply all this into the Worker Role (there is a similar PaaS extension available for that, calles PaaSAntimalware). 稍后,您将把所有这些应用到Worker角色(有一个类似的PaaS扩展可用于此,calles PaaSAntimalware)。

See the next excerpt from https://msdn.microsoft.com/en-us/library/azure/dn832621.aspx : 请参阅https://msdn.microsoft.com/en-us/library/azure/dn832621.aspx的下一部分摘录:

"In PaaS, the VM agent is called GuestAgent, and is always available on Web and Worker Role VMs. (For more information, see Azure Role Architecture.) The VM agent for Role VMs can now add extensions to the cloud service VMs in the same way that it does for persistent Virtual Machines. The biggest difference between VM Extensions on role VMs and persistent VMs is that with role VMs, extensions are added to the cloud service first and then to the deployments within that cloud service. “在PaaS中,VM代理称为GuestAgent,并且始终可在Web和辅助角色VM上使用。(有关详细信息,请参阅Azure角色体系结构。)角色VM的VM代理现在可以向云服务VM添加扩展。与持久性虚拟机相同的方式。角色虚拟机和持久虚拟机上的虚拟机扩展之间的最大区别在于,对于角色虚拟机,首先将扩展添加到云服务,然后再添加到该云服务中的部署。

Use the Get-AzureServiceAvailableExtension cmdlet to list all available role VM extensions." 使用Get-AzureServiceAvailableExtension cmdlet列出所有可用的角色VM扩展。“

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM