From 4251d77ef317c6ccb8f008d0c3b3d8b122ab3968 Mon Sep 17 00:00:00 2001
From: kulukami <kulukami@gmail.com>
Date: Thu, 26 Dec 2024 11:39:05 +0800
Subject: [PATCH] func: disable proc_scan, fanotify, arf, and fullscan with
 proc

---
 plugins/scanner/clamav-mussels-cookbook       |  2 +-
 plugins/scanner/settings.toml                 |  2 +-
 plugins/scanner/src/detector.rs               | 26 ++++++++++---------
 .../scanner/src/model/functional/cronjob.rs   |  3 ++-
 .../src/model/functional/fulldiskscan.rs      |  5 ++--
 5 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/plugins/scanner/clamav-mussels-cookbook b/plugins/scanner/clamav-mussels-cookbook
index 6f3ec7549..0414f0a48 160000
--- a/plugins/scanner/clamav-mussels-cookbook
+++ b/plugins/scanner/clamav-mussels-cookbook
@@ -1 +1 @@
-Subproject commit 6f3ec75499be38d140a650a4f67f2bf19c9b1f75
+Subproject commit 0414f0a48c70993b0a1b75a9e9c9fe050a702fb8
diff --git a/plugins/scanner/settings.toml b/plugins/scanner/settings.toml
index 4d3d846c9..a59867334 100644
--- a/plugins/scanner/settings.toml
+++ b/plugins/scanner/settings.toml
@@ -5,7 +5,7 @@ flock_path = "/var/run/elkeid_scanners_plugin.pid"
 ### cgroup max mem limit, defult 256Mb
 cgroup_name = "clamav_"
 ### mega byte
-cgroup_mem_limit = 256
+cgroup_mem_limit = 300
 ### %
 cgroup_cpu_limit = 39
 
diff --git a/plugins/scanner/src/detector.rs b/plugins/scanner/src/detector.rs
index 2b34cc6f5..544c085d5 100644
--- a/plugins/scanner/src/detector.rs
+++ b/plugins/scanner/src/detector.rs
@@ -328,6 +328,7 @@ impl Detector {
         clamav::clamav_init().unwrap();
         let recv_worker = thread::spawn(move || {
             let mut _arf_t: Option<HoneyPot> = None;
+            /*
             let s_arf_worker = task_sender.clone();
             let s_arf_lock = recv_worker_s_locker.clone();
 
@@ -342,6 +343,7 @@ impl Detector {
                     None
                 }
             };
+            */
 
             loop {
                 match r_client.receive() {
@@ -365,10 +367,10 @@ impl Detector {
                                         ),
                                     };
                                     if let Err(e) = r_client
-                                            .send_record(&end_flag.to_record_token(&t.get_token()))
-                                        {
-                                            warn!("send err, should exit : {:?}", e);
-                                        };
+                                        .send_record(&end_flag.to_record_token(&t.get_token()))
+                                    {
+                                        warn!("send err, should exit : {:?}", e);
+                                    };
                                     continue;
                                 }
                                 let task_map: HashMap<String, String> =
@@ -380,9 +382,9 @@ impl Detector {
                                                 data: "failed".to_string(),
                                                 error: format!("recv serde_json err {:?}", t.data),
                                             };
-                                            if let Err(e) = r_client
-                                                .send_record(&end_flag.to_record_token(&t.get_token()))
-                                            {
+                                            if let Err(e) = r_client.send_record(
+                                                &end_flag.to_record_token(&t.get_token()),
+                                            ) {
                                                 warn!("send err, should exit : {:?}", e);
                                             };
                                             continue;
@@ -458,7 +460,7 @@ impl Detector {
                                                 break;
                                             }
                                             Some(Err(_err)) => {
-                                                /* 
+                                                /*
                                                 let end_flag = ScanFinished {
                                                     data: "failed".to_string(),
                                                     error: _err.to_string(),
@@ -468,10 +470,10 @@ impl Detector {
                                                 ) {
                                                     warn!("send err, should exit : {:?}", e);
                                                 };
-                                                break; 
+                                                break;
                                                 */
                                                 warn!("walkdir continue with: {:?}", _err);
-                                                continue
+                                                continue;
                                             }
                                             Some(Ok(entry)) => entry,
                                         };
@@ -484,8 +486,8 @@ impl Detector {
                                             if fsize <= 4 || fsize > 1024 * 1024 * 100 {
                                                 continue;
                                             }
-                                        }else{
-                                            continue
+                                        } else {
+                                            continue;
                                         }
 
                                         let task = ScanTaskUserTask::with_path(
diff --git a/plugins/scanner/src/model/functional/cronjob.rs b/plugins/scanner/src/model/functional/cronjob.rs
index a7d30eb08..e84c1bda7 100644
--- a/plugins/scanner/src/model/functional/cronjob.rs
+++ b/plugins/scanner/src/model/functional/cronjob.rs
@@ -144,6 +144,8 @@ impl Cronjob {
         let mut proc_crobjob_is_first_run = true;
         let mut scaned_cache = LruCache::new(20480);
         let job_proc = thread::spawn(move || loop {
+            std::thread::sleep(Duration::from_secs(30));
+            continue;
             let start_timestamp = Clock::now_since_epoch().as_secs();
             info!("[CronjobProc] Scan started at : {}", start_timestamp);
 
@@ -230,7 +232,6 @@ impl Cronjob {
                 };
             }
             last_scaned_timestamp = Clock::now_since_epoch().as_secs();
-            std::thread::sleep(Duration::from_secs(30));
             proc_crobjob_is_first_run = false;
         });
         return Self { job_dir, job_proc };
diff --git a/plugins/scanner/src/model/functional/fulldiskscan.rs b/plugins/scanner/src/model/functional/fulldiskscan.rs
index 43c8d5c23..ec9a956ef 100644
--- a/plugins/scanner/src/model/functional/fulldiskscan.rs
+++ b/plugins/scanner/src/model/functional/fulldiskscan.rs
@@ -219,7 +219,8 @@ pub fn FullScan(
     let job = thread::spawn(move || {
         // step-1
         // proc scan
-        info!("[FullScan] step-1: /proc/pid/exe");
+        info!("[FullScan] step-1: /proc/pid/exe skiped");
+        /*
         let dir_p = fs::read_dir("/proc").unwrap();
 
         for each in dir_p {
@@ -273,7 +274,7 @@ pub fn FullScan(
                 }
             };
         }
-
+        */
         // step-2
         info!("[FullScan] step-2: fulldisk");
         match fullscan_mode {