1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
//! [`EventXpMalwareDetected`]
use std::ffi::OsStr;
use endpoint_sec_sys::es_event_xp_malware_detected_t;
/// XProtect detected malware.
#[doc(alias = "es_event_xp_malware_detected_t")]
pub struct EventXpMalwareDetected<'a> {
/// Raw event
pub(crate) raw: &'a es_event_xp_malware_detected_t,
}
impl<'a> EventXpMalwareDetected<'a> {
/// Version of the signatures used for detection. Currently corresponds to XProtect version.
#[inline(always)]
pub fn signature_version(&self) -> &'a OsStr {
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.signature_version.as_os_str() }
}
/// String identifying the malware that was detected.
#[inline(always)]
pub fn malware_identifier(&self) -> &'a OsStr {
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.malware_identifier.as_os_str() }
}
/// String identifying the incident, intended for linking multiple malware detected and
/// remediated events.
#[inline(always)]
pub fn incident_identifier(&self) -> &'a OsStr {
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.incident_identifier.as_os_str() }
}
/// Path where malware was detected. This path is not necessarily a malicious binary, it can
/// also be a legitimate file containing a malicious portion.
#[inline(always)]
pub fn detected_path(&self) -> &'a OsStr {
// Safety: 'a tied to self, object obtained through ES
unsafe { self.raw.detected_path.as_os_str() }
}
}
// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
unsafe impl Send for EventXpMalwareDetected<'_> {}
impl_debug_eq_hash_with_functions!(
EventXpMalwareDetected<'a>;
signature_version, malware_identifier, incident_identifier, detected_path,
);