diff --git a/App.xaml.cs b/App.xaml.cs
index 50f620c..91cb726 100644
--- a/App.xaml.cs
+++ b/App.xaml.cs
@@ -53,7 +53,7 @@ protected override void OnStartup(StartupEventArgs e) {
if (isOnlyInstance) {
NotifyIcon notifyIcon = new() {
Visible = true,
- Icon = new Icon(AppDomain.CurrentDomain.BaseDirectory+"\\res\\at.ico"),
+ Icon = new Icon(AppDomain.CurrentDomain.BaseDirectory + "at.ico"),
Text = AutoTotal.Properties.Resources.WorkingInBackground,
ContextMenuStrip = new ContextMenuStrip {
Items = {
diff --git a/AutoTotal.csproj b/AutoTotal.csproj
index 0fb8c2a..580708e 100644
--- a/AutoTotal.csproj
+++ b/AutoTotal.csproj
@@ -22,6 +22,9 @@
$(OutputPath)
ru
README.md
+ 1.1.0.0
+ 1.1
+ $(VersionPrefix)
@@ -31,12 +34,14 @@
-
+
+ Always
+
-
+
diff --git a/FolderSpy+Utils.cs b/FolderSpy+Utils.cs
index d8f3c8f..9b16d34 100644
--- a/FolderSpy+Utils.cs
+++ b/FolderSpy+Utils.cs
@@ -23,6 +23,9 @@ internal static class FolderSpy {
".ppam", ".ppsm", ".pptm", ".py", ".pyc", ".pyo", ".xlam", ".xlsm", ".xltm", ".hta",
".dll", ".sys", ".drv", ".zip", ".rar", ".7z", ".iso", ".img", ".tar", ".wim",
".xz"};
+ private static readonly string[] confirm_extensions = new string[9] {
+ ".bat", ".cmd", ".js", ".pdf", ".ps1", ".py", ".pyc", ".pyo", ".vbs"
+ };
public static void Add(string? path) {
if (path == null) return;
@@ -45,9 +48,50 @@ public static void Remove(string? path) {
private static async Task OnFileCreated(object sender, FileSystemEventArgs e) {
if (extensions.Contains(Path.GetExtension(e.FullPath), StringComparer.OrdinalIgnoreCase)) {
- if (Properties.Settings.Default.BlockFiles) Blocker.Block(e.FullPath);
- await Utils.ScanFile(e.FullPath);
- if (Properties.Settings.Default.BlockFiles) Blocker.Unblock(e.FullPath);
+
+ async Task ScanTask() {
+ if (Properties.Settings.Default.BlockFiles) Blocker.Block(e.FullPath);
+ await Utils.ScanFile(e.FullPath);
+ if (Properties.Settings.Default.BlockFiles) Blocker.Unblock(e.FullPath);
+ }
+
+ if (e.Name!.Contains("AyuGram Desktop\\") || e.Name.Contains("Telegram Desktop\\")) {
+ TaskCompletionSource notificationWaiter = new();
+ System.Windows.Application.Current.Dispatcher.Invoke(() => {
+ Data.notificationManager.Show(new NotificationContent {
+ Title = Properties.Resources.DidFileDownload.Replace("%name%", Path.GetFileName(e.Name)),
+ Message = Properties.Resources.CantTrackTelegram,
+ Type = NotificationType.Notification,
+ TrimType = NotificationTextTrimType.NoTrim,
+ Icon = Icon.ExtractAssociatedIcon(e.FullPath)?.ToBitmap().ToBitmapImage(),
+ LeftButtonContent = Properties.Resources.Downloaded,
+ LeftButtonAction = () => notificationWaiter.TrySetResult(true),
+ RightButtonContent = Properties.Resources.DontScan,
+ RightButtonAction = () => notificationWaiter.TrySetResult(false)
+ }, expirationTime: Timeout.InfiniteTimeSpan, onClose: () => notificationWaiter.TrySetResult(true));
+ });
+ await notificationWaiter.Task;
+ if (notificationWaiter.Task.Result) await ScanTask();
+ return;
+ }
+
+ if (confirm_extensions.Contains(Path.GetExtension(e.FullPath), StringComparer.OrdinalIgnoreCase)) {
+ System.Windows.Application.Current.Dispatcher.Invoke(() => {
+ Data.notificationManager.Show(new NotificationContent {
+ Title = $"{Properties.Resources.Scan} {Path.GetFileName(e.Name)}?",
+ Message = Properties.Resources.UploadedOnlyUponConfirmation,
+ Type = NotificationType.None,
+ TrimType = NotificationTextTrimType.NoTrim,
+ Icon = Icon.ExtractAssociatedIcon(e.FullPath)?.ToBitmap().ToBitmapImage(),
+ LeftButtonAction = async () => await ScanTask(),
+ LeftButtonContent = Properties.Resources.Scan,
+ RightButtonContent = Properties.Resources.No,
+ RightButtonAction = () => {},
+ }, expirationTime: TimeSpan.FromSeconds(300));
+ });
+ return;
+ }
+ await ScanTask();
}
}
}
@@ -95,7 +139,7 @@ public static async Task ScanFile(string path, bool ContinueRun = true) {
string md5 = BitConverter.ToString(MD5.Create().ComputeHash(File.OpenRead(path))).Replace("-", "").ToLower();
using HttpClient httpClient = new();
httpClient.DefaultRequestHeaders.Add("x-apikey", Properties.Settings.Default.VTKey);
-
+
HttpResponseMessage response;
try {
response = await httpClient.GetAsync("https://www.virustotal.com/api/v3/files/" + md5);
@@ -239,7 +283,7 @@ public static async Task ScanFile(string path, bool ContinueRun = true) {
Message = detects + Properties.Resources.AVsDetected
};
if (detects == 0) {
- content.Type = NotificationType.Notification;
+ content.Type = NotificationType.Information;
content.Title = Path.GetFileName(path) + Properties.Resources.Clean;
content.Message = Properties.Resources._0detects;
content.Icon = new BitmapImage(new Uri("pack://application:,,,/res/like.png"));
@@ -249,16 +293,16 @@ public static async Task ScanFile(string path, bool ContinueRun = true) {
content.Title = Path.GetFileName(path) + Properties.Resources.Suspicious;
content.LeftButtonAction = () => Process.Start("explorer", "https://virustotal.com/gui/file/" + md5);
content.LeftButtonContent = Properties.Resources.ShowReport;
- content.RightButtonContent = Properties.Resources.Delete;
content.RightButtonAction = () => { File.Delete(path); };
+ content.RightButtonContent = Properties.Resources.Delete;
}
else {
content.Type = NotificationType.Error;
content.Title = Path.GetFileName(path) + Properties.Resources.Dangerous;
content.LeftButtonAction = () => Process.Start("explorer", "https://virustotal.com/gui/file/" + md5);
content.LeftButtonContent = Properties.Resources.ShowReport;
- content.RightButtonContent = Properties.Resources.Delete;
content.RightButtonAction = () => { File.Delete(path); };
+ content.RightButtonContent = Properties.Resources.Delete;
}
Data.notificationManager.Show(content, expirationTime: TimeSpan.FromSeconds(10), onClose: () => notificationWaiter.TrySetResult(true));
});
diff --git a/Properties/Resources.Designer.cs b/Properties/Resources.Designer.cs
index 9db1585..fb8eb6c 100644
--- a/Properties/Resources.Designer.cs
+++ b/Properties/Resources.Designer.cs
@@ -132,6 +132,15 @@ public static string BlockFiles {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на I cannot track when the download from Telegram Desktop will finish, so you will need to confirm it manually.
+ ///
+ public static string CantTrackTelegram {
+ get {
+ return ResourceManager.GetString("CantTrackTelegram", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на Change VirusTotal API key.
///
@@ -204,6 +213,15 @@ public static string Delete {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на Is %name% already download?.
+ ///
+ public static string DidFileDownload {
+ get {
+ return ResourceManager.GetString("DidFileDownload", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на Non-existing folder was deleted from the list.
///
@@ -213,6 +231,24 @@ public static string DisappearedFolder {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на Do not scan.
+ ///
+ public static string DontScan {
+ get {
+ return ResourceManager.GetString("DontScan", resourceCulture);
+ }
+ }
+
+ ///
+ /// Ищет локализованную строку, похожую на Downloaded!.
+ ///
+ public static string Downloaded {
+ get {
+ return ResourceManager.GetString("Downloaded", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на Exit.
///
@@ -303,6 +339,15 @@ public static string MinusFolder {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на No.
+ ///
+ public static string No {
+ get {
+ return ResourceManager.GetString("No", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на + folder.
///
@@ -357,6 +402,15 @@ public static string Save {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на Scan.
+ ///
+ public static string Scan {
+ get {
+ return ResourceManager.GetString("Scan", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на AutoTotal — Scan error.
///
@@ -429,6 +483,15 @@ public static string TitleLimit {
}
}
+ ///
+ /// Ищет локализованную строку, похожую на Scripts and PDFs are uploaded to VT only upon confirmation.
+ ///
+ public static string UploadedOnlyUponConfirmation {
+ get {
+ return ResourceManager.GetString("UploadedOnlyUponConfirmation", resourceCulture);
+ }
+ }
+
///
/// Ищет локализованную строку, похожую на Uploading %name% to VirusTotal.
///
diff --git a/Properties/Resources.resx b/Properties/Resources.resx
index 6710e65..ac797f0 100644
--- a/Properties/Resources.resx
+++ b/Properties/Resources.resx
@@ -141,6 +141,9 @@
Block files until scanned
+
+ I cannot track when the download from Telegram Desktop will finish, so you will need to confirm it manually
+
Change VirusTotal API key
@@ -165,9 +168,18 @@
Delete file
+
+ Is %name% already download?
+
Non-existing folder was deleted from the list
+
+ Do not scan
+
+
+ Downloaded!
+
Exit
@@ -198,6 +210,9 @@
- folder
+
+ No
+
+ folder
@@ -216,6 +231,9 @@
Save
+
+ Scan
+
AutoTotal — Scan error
@@ -240,6 +258,9 @@
AutoTotal — VirusTotal API limit
+
+ Scripts and PDFs are uploaded to VT only upon confirmation
+
Uploading %name% to VirusTotal
diff --git a/Properties/Resources.ru-RU.resx b/Properties/Resources.ru-RU.resx
index e70c0b2..52e24b5 100644
--- a/Properties/Resources.ru-RU.resx
+++ b/Properties/Resources.ru-RU.resx
@@ -141,12 +141,18 @@
Блокировать файлы на время сканирования
+
+ Я не могу отследить, когда загрузка из Telegram Desktop завершится, поэтому придётся подтвердить скачивание вручную
+
Изменить ключ API VirusTotal
Изменение ключа API VirusTotal
+
+ Проверка ключа
+
Файл %name% не просканирован! Проверьте подключение к интернету!
@@ -162,9 +168,18 @@
Удалить файл
+
+ %name% уже скачался?
+
Несуществующая папка была удалена из списка
+
+ Не сканировать
+
+
+ Скачался!
+
Выход
@@ -195,6 +210,9 @@
- папка
+
+ Нет
+
+ папка
@@ -213,6 +231,9 @@
Сохранить
+
+ Сканировать
+
AutoTotal - ошибка сканирования
@@ -234,6 +255,12 @@
подозрителен!
+
+ AutoTotal — лимит API VirusTotal
+
+
+ Скрипты и PDF загружаются на VT только по подтверждению
+
Отправка %name% на VirusTotal
diff --git a/README.md b/README.md
index aacff15..d14d615 100644
--- a/README.md
+++ b/README.md
@@ -7,15 +7,18 @@
## Больше не нужно паранойить о том, что скачанный файл небезопасен
 \
 \
-
+
## Используйте свой ключ API VirusTotal
## Вы не сможете случайно запустить вредоносный файл до завершения сканирование
-### Программа заблокирует файлы на время сканирования
+### Блокировка файлов на время сканирования (выключается в настройках)
-### Удобно просканировать файлы можно вручную
+## Удобно просканировать файлы можно вручную
 \
-
\ No newline at end of file
+
+
+## Подтверждение при автосканировании скриптов и PDF (чтобы личные файлы случайно не отправились)
+
\ No newline at end of file
diff --git a/README_EN.md b/README_EN.md
index 2a08823..2ff3545 100644
--- a/README_EN.md
+++ b/README_EN.md
@@ -1,21 +1,24 @@
# AutoTotal - Automatic scanning of files from Downloads (not only) on VirusTotal
-
+[README на русском](https://github.com/ImMALWARE/AutoTotal/blob/master/README.md)
## Add all folders where you download files
- \
+ \
By default, the Downloads folder is added
## No need to worry about the safety of downloaded files anymore
- \
- \
-
+ \
+ \
+
## Use your VirusTotal API key
-
+
## You cannot accidentally run a malicious file until the scan is complete
### Program will block files during the scanning process
-### Conveniently scan files manually
+## Conveniently scan files manually
 \
-
\ No newline at end of file
+
+
+## Confirmation during automatic scanning of scripts and PDFs (to prevent personal files from being accidentally sent)
+
\ No newline at end of file
diff --git a/SettingsWindow.xaml b/SettingsWindow.xaml
index 4671462..d2cf848 100644
--- a/SettingsWindow.xaml
+++ b/SettingsWindow.xaml
@@ -79,8 +79,8 @@
-
-
+
+
diff --git a/setup.iss b/setup.iss
index 285d13a..a58178d 100644
--- a/setup.iss
+++ b/setup.iss
@@ -1,5 +1,5 @@
#define MyAppName "AutoTotal"
-#define MyAppVersion "1.0"
+#define MyAppVersion "1.1"
#define MyAppPublisher "malw.ru"
#define MyAppURL "https://malw.ru/autototal"
#define MyAppExeName "AutoTotal.exe"
@@ -16,9 +16,9 @@ AppUpdatesURL={#MyAppURL}
DefaultDirName={autopf}\{#MyAppName}
DisableProgramGroupPage=yes
PrivilegesRequired=admin
-OutputDir=C:\Users\malw\Desktop
+OutputDir=C:\Users\MALWARE\Desktop
OutputBaseFilename=AutoTotalSetup
-SetupIconFile=C:\Users\malw\Documents\AutoTotal\atsetup.ico
+SetupIconFile=C:\Users\MALWARE\Documents\AutoTotal\atsetup.ico
Compression=lzma
SolidCompression=yes
WizardStyle=modern
@@ -49,7 +49,7 @@ Root: HKCR; Subkey: "*\shell\AutoTotal"; ValueType: string; ValueName: "Icon"; V
Root: HKCR; Subkey: "*\shell\AutoTotal\command"; ValueType: string; ValueName: ""; ValueData: """{app}\{#MyAppExeName}"" /scan ""%1"""; Tasks: addcontextmenu; Flags: uninsdeletekey
[Files]
-Source: "C:\Users\malw\Documents\AutoTotal\bin\Release\net7.0-windows10.0.19041.0\win-x64\publish\*"; Excludes: "AutoTotal.dll.config AutoTotal.pdb"; DestDir: "{app}"; Flags: ignoreversion recursesubdirs createallsubdirs
+Source: "C:\Users\MALWARE\Documents\AutoTotal\bin\Release\net7.0-windows10.0.19041.0\win-x64\publish\*"; Excludes: "AutoTotal.pdb, AutoTotal.runtimeconfig.json, createdump.exe"; DestDir: "{app}"; Flags: ignoreversion recursesubdirs createallsubdirs
[Icons]
Name: "{autoprograms}\{#MyAppName}"; Filename: "{app}\{#MyAppExeName}"; Tasks: startmenuicon