NAME
File::Scan::ClamAV - Connect to a local Clam Anti-Virus clamd service and send commands
SYNOPSIS
my $av = new File::Scan::ClamAV;
if($av->ping){
my %found = $av->scan('/tmp');
for my $file (keys %found){
print "Found virus: $found{$file} in $file\n";
}
}
DESCRIPTION
This module provides a simplified perl interface onto a local clam anti-virus scanner, allowing you to do fast virus scans on files on your local hard drive, or streamed data.
METHODS
new()
Create a new File::Scan::ClamAV object. By default tries to connect to a local unix domain socket at /tmp/clamd. Options are passed in as key/value pairs.
Available Options:
port
A port or socket to connect to if you do not wish to use the unix domain socket at /tmp/clamd. If the socket has been setup as a TCP/IP socket (see the
TCPSocket
option in the clamav.conf file), then specifying in a number will cause File::Scan::ClamAV to use a TCP socket.Examples:
my $av = new File::Scan::ClamAV; # Default - uses /tmp/clamd socket # Use the unix domain socket at /var/sock/clam my $av = new File::Scan::ClamAV(port => '/var/sock/clam'); # Use tcp/ip at port 3310 my $av = new File::Scan::ClamAV(port => 3310);
Note: there is no way to connect to a clamd on another machine. The reason for this is that clamd can only scan local files, so there would not be much point in doing this (unless you had NFS shares). Plus if you are using TCP/IP clamd appears to bind to all adaptors, so it is probably insecure. -ms
find_all
By default the ClamAV clamd service will stop scanning at the first virus it detects. This is useful for performance, but sometimes you want to find all possible viruses in all of the files. To do that, specify a true value for find_all.
Examples:
# Stop at first virus use File::Scan::ClamAV; my $av = new File::Scan::ClamAV; my ($file, $virus) = $av->scan('/home/bob'); # Return all viruses use File::Scan::ClamAV; my $av = new File::Scan::ClamAV(find_all => 1); my %caught = $av->scan('/home/bob'); # Scan a file from command line: perl -MFile::Scan::ClamAV -e 'printf("%s: %s\n", File::Scan::ClamAV->new->scan($ARGV[0]))' /home/bob/file.zip # Preform a stream-scan on a scalar use File::Scan::ClamAV; if($ARGV[0] =~ /(.+)/){ my $file = $1; if(-f $file){ my $data; if(open(my $fh, $file)){ local $/; $data = <$fh>; close($fh); } else { die "Unable to read file: $file $!\n"; } my $av = new File::Scan::ClamAV; my ($code, $virus) = $av->streamscan($data); if($code eq 'OK'){ print "The file: $file did not contain any virus known to ClamAV\n"; } elsif($code eq 'FOUND'){ print "The file: $file contained the virus: $virus\n"; } else { print $av->errstr . "\n"; } } else { print "Unknown file: $file\n"; } }
ping()
Pings the clamd to check it is alive. Returns true if it is alive, false if it is dead. Note that it is still possible for a race condition to occur between your test for ping() and any call to scan(). See below for more details.
On error nothing is returned and the errstr() error handler is set.
scan($dir_or_file)
Scan a directory or a file. Note that the resource must be readable by the user the ClamdAV clamd service is running as.
Returns a hash of filename => virusname
mappings.
On error nothing is returned and the errstr() error handler is set. If no virus is found nothing will be returned and the errstr() error handle won't be set.
rawscan($dir_or_file)
This method has been deprecated - use scan() instead
streamscan($data);
Preform a scan on a stream of data for viruses with the ClamAV clamd module.
Returns a list of two arguments: the first being the response which will be 'OK' or 'FOUND' the second being the virus found - if a virus is found.
On failure it sets the errstr() error handler.
quit()
Sends the QUIT message to clamd, causing it to cleanly exit.
This may or may not work, I think due to bugs in clamd's C code (it does not waitpid after a child exit, so you get zombies). However it seems to be fine on BSD derived operating systems (i.e. it's just broken under Linux). -ms
The test file t/03quit.t will currently wait 5 seconds before trying a kill -9 to get rid of the process. You may have to do something similar on Linux, or just don't use this method to kill Clamd - use kill `cat /path/to/clamd.pid`
instead which seems to work fine. -ms
reload()
Cause ClamAV clamd service to reload its virus database.
errstr()
Return the last error message.
AUTHOR
Colin Faber <cfaber@fpsn.net> All Rights Reserved.
Originally based on the Clamd module authored by Matt Sergeant.
LICENSE
This is free software and may be used and distribute under terms of perl itself.