glances icon indicating copy to clipboard operation
glances copied to clipboard

Published 20 hours ago verified publisher icon nicolargo

Virus scanning service plugin project

Open Airick73 opened this issue 1 year ago • 4 comments

Our team of 5 is looking to develop a plugin that will integrate virus scanning services, for example, virustotal, metadefender cloud, etc... into glances. The two main features of the plugin will be

  1. The ability to scan a process for viruses via a virus scanning service
  2. Add an additional column to glances to show how many anti virus engines have detected a threat on a given process

In the future our team may update this post with mock ups of the described features of the plugin. Any insight and support from the community would be greatly appreciated.

Kindest Regards, Eric Kemmer

Airick73 avatar Sep 17 '22 20:09 Airick73

Hi Eric !

Did you have a look on the Glances AMP feature (https://glances.readthedocs.io/en/latest/aoa/amps.html) ? Perhaps it is not necessary to write a dedicated plugin...

For example, to monitor my Dropbox synchronization process, i use the following AMP configuration:

[amp_dropbox]
# Use the default AMP (no dedicated AMP Python script)
# Check if the Dropbox daemon is running
# Every 3 seconds, display the 'dropbox status' command line
enable=true
regex=.*dropbox.*
refresh=3
one_line=false
command=dropbox status
countmin=1

It displays:

image

Nicolas

nicolargo avatar Sep 18 '22 06:09 nicolargo

Hi Nicolas,

I'm also on the team Eric mentioned. Thank you for the information on the AMP feature. It looks like it could be useful for returning a summery of results, but I'm not sure it can provide the per-process information and interactivity we're looking for.

Ideally, we want to add the ability for a user to upload and scan one or more processes in the process list and display the results as a new column in the list. Similar to how VirusTotal integrates into projects like Process Explorer and Process Hacker. We'd also like to add the ability to select and open detailed results in a web browser.

It seems like the process list is itself a plugin, is this correct? Does the app architecture support plugins altering the behavior of other plugins? Or would we have to modify the process list plugin to implement these features?

We appreciate your feedback!

Chris

cgreenland avatar Sep 19 '22 23:09 cgreenland

To add to Christopher's comment this is a mockup of what we were hoping to develop. image

Airick73 avatar Sep 20 '22 17:09 Airick73

Hi @cgreenland

for the moment, Glances architecture implement all the processes features in two plugins (processcount and processlist). For your needs, you should modify the processlist plugin.

Some points to discuss:

  • the feature should be configurable from the glances configuration file (in the processlist section)
  • the feature should be disable by default (could be enable from the glances configuration file)

Additional notes:

  • for cyber security reason, the process selection/action is not available in the Web UI
  • the feature should be implemented with both Python 2 and Python 3 support if you want to integrate it in the 3.x version (develop branch). If only Python 3 is targeted, your PR should be done on the glancesv4 branch.

Nicolas

nicolargo avatar Sep 21 '22 19:09 nicolargo

@Airick73 @cgreenland

Any interest on continuing this?

RazCrimson avatar May 09 '23 21:05 RazCrimson

This issue is stale because it has been open for 3 months with no activity.

github-actions[bot] avatar Jun 20 '24 01:06 github-actions[bot]