smith153 / file-scan-clamav Goto Github PK
View Code? Open in Web Editor NEWA simplified perl interface onto a local clam anti-virus scanner
License: Other
A simplified perl interface onto a local clam anti-virus scanner
License: Other
We have been using File::Scan::ClamAV for years in a spamassassin module to stream emails through clamav-daemon.
However no viruses have been detected since we upgraded ClamAV from 0.103.7 to 1.0.0.
We believe there is a problem using ClamAV 1.0.0 because:
----- start cat | scan ------------------------------------------------
adorman@andywork1$ cat /home/adorman/programming/pristine_email2.txt | clamdscan -
stream: Eicar-Signature FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.002 sec (0 m 0 s)
Start Date: 2023:01:14 07:30:31
End Date: 2023:01:14 07:30:31
adorman@andywork1$
----- end cat | scan --------------------------------------------------
However, when we stream the same file as the var $msgString in the following
code in the spamassassin module that was working successfully a week ago,
the EICAR test is not detected.
The var $msgString is shown in the debug log to confirm it is identical to the
file streamed to clamdscan.
Please forgive the excessive debug lines and verbose code below. I have been
adding and expanding things for a week to try and figure out what is going on.
---------- start SA module code snippet ------------
dbg ("ClamAV: About to check if clamd is alive");
if (my $firstpingReturn = $self->{clamd}->ping) {
dbg ("ClamAV: clamd is alive and returned $firstpingReturn");
if (my $errstr = $self->{clamd}->errstr) {
dbg ("ClamAV: ping of clamd returned error: $errstr");
}
}
my $msgString = $message->get_pristine;
dbg ("Pristine msg string is ==$msgString==");
# Scan for viruses
my ($ok, $virus) = $self->{clamd}->streamscan ($msgString);
if ($ok and $ok eq "FOUND") {
if ($virus =~ m/(?:Heuristics|Phishing|UNOFFICIAL)/) {
dbg ("ClamAV: Detected phish: $virus");
$pms->test_log ($virus);
$result = 1;
} else {
dbg ("ClamAV: Detected virus: $virus");
$pms->test_log ($virus);
}
} elsif (my $errstr = $self->{clamd}->errstr) {
Mail::SpamAssassin::Plugin::info("ClamAV: Error scanning: $errstr");
dbg("ClamAV: Got error = $errstr");
} elsif ($ok) {
dbg("ClamAV: Got ok = $ok");
} else {
dbg("ClamAV: Clean");
}
if (my $secondpingReturn = $self->{clamd}->ping) {
dbg ("ClamAV: clamd is still alive and returned $secondpingReturn");
if (my $errstr = $self->{clamd}->errstr) {
dbg ("ClamAV: ping of clamd returned error: $errstr");
}
}
---------- end SA module code snippet ------------
---------- start debug log output ----------------------
ClamAV: About to check if clamd is alive
ClamAV: clamd is alive and returned 1
Pristine msg string is ==Received: from unknown (unknown [113.161.66.75])
by yorick.ironicdesign.com (Postfix) with ESMTP id EF9CD4EC137
for ; Wed, 3 Oct 2007 15:08:02 -0500 (CDT)
Date: Wed, 3 Oct 2007 15:08:02 -0500 (CDT)
From: <>
To: George [email protected]
Subject: Welcome to AnteSpam!
X5O!P%@ap[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
==
ClamAV: Clean
ClamAV: clamd is still alive and returned 1
----------- end debug log output -----------------------
I am NOT a C programmer and have so far been unable to find where the stream
scan code is in their git repository to see if there have been any changes.
Hoping someone with a lot more expertise than me can shed some light on
what's happening and how to fix it.
Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.