forked from pompelmi/pompelmi
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathquarantine-on-malicious.js
More file actions
38 lines (30 loc) · 1.11 KB
/
quarantine-on-malicious.js
File metadata and controls
38 lines (30 loc) · 1.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
// quarantine-on-malicious.js
// Move infected files to a quarantine/ folder instead of deleting them.
// Useful when you need to preserve evidence for review.
// Run: node examples/quarantine-on-malicious.js
'use strict';
const path = require('path');
const fs = require('fs');
const { scan, Verdict } = require('pompelmi');
const QUARANTINE_DIR = path.resolve('./quarantine');
fs.mkdirSync(QUARANTINE_DIR, { recursive: true });
async function quarantineIfMalicious(filePath) {
const resolved = path.resolve(filePath);
const result = await scan(resolved);
if (result === Verdict.Malicious) {
const dest = path.join(QUARANTINE_DIR, path.basename(resolved));
fs.renameSync(resolved, dest);
console.log(`Quarantined: ${resolved} → ${dest}`);
return 'quarantined';
}
if (result === Verdict.ScanError) {
console.warn(`Scan incomplete — leaving file in place: ${resolved}`);
return 'scan-error';
}
console.log(`Clean: ${resolved}`);
return 'clean';
}
(async () => {
const status = await quarantineIfMalicious('./uploads/suspicious.docx');
console.log('Status:', status);
})();