This is a .NET Standard library project providing functionality to integrate the Microsoft Windows Antimalware Scan Interface (AMSI) into any .NET application. Please find the AMSI documentation at: https://msdn.microsoft.com/en-us/library/windows/desktop/dn889587(v=vs.85).aspx
Scan a string for malware in C#.
const string appName = "myapp";
using (AmsiContext context = AmsiContext.Create(appName))
{
const string input = "Pure air";
AmsiScanResult result = context.Scan(input, "");
if (result == AmsiScanResult.Clean)
{
// seems to be okay
}
}
Scanning a buffer-full of content for malware is as easy as scanning a string
; just use the overload that accepts a byte
array.
MemoryStream stream = ...
byte[] buffer = stream.ToArray();
AmsiScanResult result = context.Scan(buffer, "");
Performing correlated scan requests are also possible. In the following example the ScanFile
method is used to scan file contents for malware.
using (AmsiSession scanSession = AmsiSession.Create(context))
{
string[] files = Directory.GetFiles(...);
foreach (string file in files)
{
AmsiScanResult fileResult = scanSession.ScanFile(file)
if (fileResult == AmsiScanResult.Block)
{
// this file should be blocked...
}
}
}