Wednesday, June 24, 2009

Virus scanning with File::Scan::ClamAV

This is almost ridiculously easy.

Problem: a bunch of user directories need virus scanning and per-user reports

Solution: A Perl script using File::Scan::ClamAV

Prerequisites:
  • A unixy OS
  • Perl 5.8 or 5.10
  • A functional and running clamd, preferably listening to a socket
  • The module File::Scan::ClamAV (and its dependencies)

The following code could (after some sensible adjustments) run in a loop through all usernames on your system.

use File::Scan::ClamAV;
# (...)
# $dir contains the full path of the user's directory
my $av = new File::Scan::ClamAV (find_all => 1,
port => '/tmp/clamd.socket');
# find_all means that we wish to recurse directories.
# /tmp/clamd.socket is where my clamd has its socket.
# Other clamd configurations may differ.

unless ($av->ping) {
plogdie "clamd isn't running, aborting virus scan";
} else {
plog "Performing virus scan for $uname";

# Save virus information per username ($uname).
# Note! scan() returns a hash.
$a_viruses{$uname} = $av->scan($dir);

if ($a_viruses{$uname}) {
my @vfiles = sort keys %{$a_viruses{$uname}};
plog "$uname has ".@vfiles." viruses.";

# Home assignment: print contents of $a_viruses{$uname}
# to a file, using the sorted list @vfiles.
}
}

No comments: