From d3f81e137d27ffdce8c1c515e4e23c0bb24e9548 Mon Sep 17 00:00:00 2001
From: Mike Long <michaellong1231@yahoo.com>
Date: Tue, 13 Mar 2018 13:34:28 -0400
Subject: [PATCH 1/5] AV module which uses Cylance Score

---
 modules/Antivirus/CylanceScore.py | 66 +++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 modules/Antivirus/CylanceScore.py

diff --git a/modules/Antivirus/CylanceScore.py b/modules/Antivirus/CylanceScore.py
new file mode 100644
index 00000000..6f8cc52e
--- /dev/null
+++ b/modules/Antivirus/CylanceScore.py
@@ -0,0 +1,66 @@
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+from __future__ import division, absolute_import, with_statement, print_function, unicode_literals
+import subprocess
+import re
+
+__author__ = "Mike Long"
+__license__ = "MPL 2.0"
+
+TYPE = "Antivirus"
+NAME = "Cylance"
+
+SCORE = "/opt/infinity/bin/mono /opt/infinity/bin/InfinityDaemonClient localhost:9002 p ScoreFile "
+
+DEFAULTCONF = {
+    "ENABLED": True,
+    "score": SCORE
+}
+
+
+def ping():
+    try:
+        # If Cylance service runs locally on port 9002 by default, change if configured differently
+        status = "(echo >/dev/tcp/127.0.0.1/9002) &>/dev/null && echo '0' || echo '1'"
+        return bool(subprocess.check_output([status], shell=True))
+    except:
+        raise
+
+
+def scan(filelist, conf=DEFAULTCONF):
+    results = []
+
+    if ping():
+        try:
+            for f in filelist:
+                scoreFile = conf["score"] + f
+                output = subprocess.check_output([scoreFile], shell=True)
+
+                ## Cleaning up the output ##
+                ## Let's Remove the first two lines, not needed
+                output = output.split("\n", 2)[2]
+                ## Splitting output at funky characaters
+                output = re.split('---- | ----|{|}|,|\n', output)
+                ## There are emptying strings in the list, removing....
+                output = [i for i in output if i != '']
+                ## Cleaning up leading whitespaces
+                output = [x.strip(' ') for x in output]
+                ## End of cleaning ##
+
+                # Add list to result
+                # results.append(f,output)
+                # Add score only to result
+                results.append(f, output[9])
+
+        except:
+            raise
+    else:
+        print("Cylance Service on port 9002 is not running...")
+
+    metadata = {
+        'Name': "Cylance",
+        'Type': "Antivirus"
+    }
+
+    return (results, metadata)

From 24971fca248ebd5bd9690cb053e1fe54ef0d3d80 Mon Sep 17 00:00:00 2001
From: Mike Long <michaellong1231@yahoo.com>
Date: Tue, 13 Mar 2018 13:36:17 -0400
Subject: [PATCH 2/5] Update CylanceScore.py

---
 modules/Antivirus/CylanceScore.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Antivirus/CylanceScore.py b/modules/Antivirus/CylanceScore.py
index 6f8cc52e..23445473 100644
--- a/modules/Antivirus/CylanceScore.py
+++ b/modules/Antivirus/CylanceScore.py
@@ -42,7 +42,7 @@ def scan(filelist, conf=DEFAULTCONF):
                 output = output.split("\n", 2)[2]
                 ## Splitting output at funky characaters
                 output = re.split('---- | ----|{|}|,|\n', output)
-                ## There are emptying strings in the list, removing....
+                ## There are empty strings in the list, removing....
                 output = [i for i in output if i != '']
                 ## Cleaning up leading whitespaces
                 output = [x.strip(' ') for x in output]

From f0527b2cc0d0782d760505cfd9d4de70ecef2f3e Mon Sep 17 00:00:00 2001
From: Mike Long <michaellong1231@yahoo.com>
Date: Tue, 13 Mar 2018 13:37:39 -0400
Subject: [PATCH 3/5] Update CylanceScore.py

---
 modules/Antivirus/CylanceScore.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/Antivirus/CylanceScore.py b/modules/Antivirus/CylanceScore.py
index 23445473..cfccb0a7 100644
--- a/modules/Antivirus/CylanceScore.py
+++ b/modules/Antivirus/CylanceScore.py
@@ -21,7 +21,7 @@
 
 def ping():
     try:
-        # If Cylance service runs locally on port 9002 by default, change if configured differently
+        # Cylance service runs locally on port 9002 by default, change if configured differently
         status = "(echo >/dev/tcp/127.0.0.1/9002) &>/dev/null && echo '0' || echo '1'"
         return bool(subprocess.check_output([status], shell=True))
     except:

From a9b9e4b5e5f9f92796b08de6f4860d0868464d6c Mon Sep 17 00:00:00 2001
From: Mike Long <michaellong1231@yahoo.com>
Date: Fri, 23 Mar 2018 13:36:45 -0400
Subject: [PATCH 4/5] Added check function

Updated to include a check function, also turned Enabled to false by default
---
 modules/Antivirus/CylanceScore.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/Antivirus/CylanceScore.py b/modules/Antivirus/CylanceScore.py
index cfccb0a7..4bd5f4de 100644
--- a/modules/Antivirus/CylanceScore.py
+++ b/modules/Antivirus/CylanceScore.py
@@ -14,10 +14,16 @@
 SCORE = "/opt/infinity/bin/mono /opt/infinity/bin/InfinityDaemonClient localhost:9002 p ScoreFile "
 
 DEFAULTCONF = {
-    "ENABLED": True,
+    "ENABLED": False,
     "score": SCORE
 }
 
+def check(conf=DEFAULTCONF):
+    if not conf['ENABLED']:
+        return False
+    if not ping():
+        return False
+    return True
 
 def ping():
     try:

From bf508315fcffc9da9518a47fb837f3c75b9cbce8 Mon Sep 17 00:00:00 2001
From: Mike Long <michaellong1231@yahoo.com>
Date: Thu, 29 Mar 2018 17:48:54 -0400
Subject: [PATCH 5/5] Update scoreFile command

Formatting for score file was off, needed to be updated.
---
 modules/Antivirus/CylanceScore.py | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/Antivirus/CylanceScore.py b/modules/Antivirus/CylanceScore.py
index 4bd5f4de..567f6e40 100644
--- a/modules/Antivirus/CylanceScore.py
+++ b/modules/Antivirus/CylanceScore.py
@@ -11,7 +11,7 @@
 TYPE = "Antivirus"
 NAME = "Cylance"
 
-SCORE = "/opt/infinity/bin/mono /opt/infinity/bin/InfinityDaemonClient localhost:9002 p ScoreFile "
+SCORE = "/opt/infinity/bin/mono /opt/infinity/bin/InfinityDaemonClient localhost:9002 p ScoreFile"
 
 DEFAULTCONF = {
     "ENABLED": False,
@@ -29,7 +29,7 @@ def ping():
     try:
         # Cylance service runs locally on port 9002 by default, change if configured differently
         status = "(echo >/dev/tcp/127.0.0.1/9002) &>/dev/null && echo '0' || echo '1'"
-        return bool(subprocess.check_output([status], shell=True))
+        return bool(subprocess.check_output([status], shell=True, executable='/bin/bash'))
     except:
         raise
 
@@ -40,7 +40,7 @@ def scan(filelist, conf=DEFAULTCONF):
     if ping():
         try:
             for f in filelist:
-                scoreFile = conf["score"] + f
+                scoreFile = conf["score"] + " "+ f
                 output = subprocess.check_output([scoreFile], shell=True)
 
                 ## Cleaning up the output ##
@@ -55,9 +55,9 @@ def scan(filelist, conf=DEFAULTCONF):
                 ## End of cleaning ##
 
                 # Add list to result
-                # results.append(f,output)
+                # results.append((f,output))
                 # Add score only to result
-                results.append(f, output[9])
+                results.append((f, output[9]))
 
         except:
             raise