Crate amsi

Source
Expand description

§Antimalware Scan Interface

The “Antimalware Scan Interface” is an API by Microsoft, this crate is a safe wrapper for the native API.

§Example

extern crate amsi;

fn main() {
    let malicious_file = r"X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
    let ctx = amsi::AmsiContext::new("emailscanner-1.0.0").unwrap();
    let session = ctx.create_session().unwrap();
    let result = session.scan_string(r"C:\eicar-test.txt", malicious_file).unwrap();
    println!("malicious = {}", result.is_malware());
}

§Note

This crate only works with Windows 10, or Windows Server 2016 and above due to the API it wraps.

Structs§

AmsiContext
A Context that can be used for scanning payloads.
AmsiResult
Allows you to tell if a scan result is malicious or not.
AmsiSession
Represents a scan session.
WinError
Represents a Windows Error