Skip to main content

endpoint_sec/event/
event_xp_malware_detected.rs

1//! [`EventXpMalwareDetected`]
2
3use std::ffi::OsStr;
4
5use endpoint_sec_sys::es_event_xp_malware_detected_t;
6
7/// XProtect detected malware.
8#[doc(alias = "es_event_xp_malware_detected_t")]
9pub struct EventXpMalwareDetected<'a> {
10    /// Raw event
11    pub(crate) raw: &'a es_event_xp_malware_detected_t,
12}
13
14impl<'a> EventXpMalwareDetected<'a> {
15    /// Version of the signatures used for detection. Currently corresponds to XProtect version.
16    #[inline(always)]
17    pub fn signature_version(&self) -> &'a OsStr {
18        // Safety: 'a tied to self, object obtained through ES
19        unsafe { self.raw.signature_version.as_os_str() }
20    }
21
22    /// String identifying the malware that was detected.
23    #[inline(always)]
24    pub fn malware_identifier(&self) -> &'a OsStr {
25        // Safety: 'a tied to self, object obtained through ES
26        unsafe { self.raw.malware_identifier.as_os_str() }
27    }
28
29    /// String identifying the incident, intended for linking multiple malware detected and
30    /// remediated events.
31    #[inline(always)]
32    pub fn incident_identifier(&self) -> &'a OsStr {
33        // Safety: 'a tied to self, object obtained through ES
34        unsafe { self.raw.incident_identifier.as_os_str() }
35    }
36
37    /// Path where malware was detected. This path is not necessarily a malicious binary, it can
38    /// also be a legitimate file containing a malicious portion.
39    #[inline(always)]
40    pub fn detected_path(&self) -> &'a OsStr {
41        // Safety: 'a tied to self, object obtained through ES
42        unsafe { self.raw.detected_path.as_os_str() }
43    }
44}
45
46// Safety: safe to send across threads: does not contain any interior mutability nor depend on current thread state
47unsafe impl Send for EventXpMalwareDetected<'_> {}
48// Safety: safe to share across threads: does not contain any interior mutability nor depend on current thread state
49unsafe impl Sync for EventXpMalwareDetected<'_> {}
50
51impl_debug_eq_hash_with_functions!(
52    EventXpMalwareDetected<'a>;
53    signature_version, malware_identifier, incident_identifier, detected_path,
54);