Merge pull request #811 from fbomj/kaspersky_detection

MALW-3280: Kaspersky detection

include/tests_malware

@@ -33,6 +33,7 @@
     CLAMSCAN_INSTALLED=0
     ESET_DAEMON_RUNNING=0
     FRESHCLAM_DAEMON_RUNNING=0
+    KASPERSKY_SCANNER_RUNNING=0
     MCAFEE_SCANNER_RUNNING=0
     MALWARE_SCANNER_INSTALLED=0
     SOPHOS_SCANNER_RUNNING=0
@@ -155,6 +156,22 @@
             Report "malware_scanner[]=cylance-protect"
         fi
 
+        # Kaspersky products
+        LogText "Test: checking process wdserver or klnagent (Kaspersky)"
+        # wdserver is too generic to match on, so we want to ensure that it is related to Kaspersky first
+        if [ -x /opt/kaspersky/kesl/libexec/kesl_launcher.sh ]; then
+            if IsRunning "wdserver"; then KASPERSKY_SCANNER_RUNNING=1; fi
+        else
+            if IsRunning "klnagent"; then KASPERSKY_SCANNER_RUNNING=1; fi
+        fi
+        if [ ${KASPERSKY_SCANNER_RUNNING} -eq 1 ]; then
+            FOUND=1
+            if IsVerbose; then Display --indent 2 --text "- ${GEN_CHECKING} Kaspersky" --result "${STATUS_FOUND}" --color GREEN; fi
+            LogText "Result: Found Kaspersky"
+            MALWARE_SCANNER_INSTALLED=1
+            Report "malware_scanner[]=kaspersky"
+        fi
+
         # McAfee products
         LogText "Test: checking process cma or cmdagent (McAfee)"
         # cma is too generic to match on, so we want to ensure that it is related to McAfee first