NAME

Mail::ClamAV - Perl extension for the clamav virus scanner

SYNOPSIS

use Mail::ClamAV qw/:all/;


# $Mail::ClamAV::Error in numeric context return clamav's
# error status code which corresponds to the constants which
# can be exported
my $c = new Mail::ClamAV("/path/to/directory/or/file")
    or die "Failed to load db: $Mail::ClamAV::Error (", 0+$Mail::;

# You can get retdbdir() to get the database dir in
# clamav's conf
my $c = new Mail::ClamAV(retdbdir())
    or die "Failed to load db: $Mail::ClamAV::Error";

# When database is loaded, you must create the proper trie with:
$c->buildtrie;

# check to see if we need to reload
if ($c->statchkdir) {
    $c = new Mail::ClamAV(retdbdir());
    $c->buildtrie;
}

# Set some limits (only applies to scan())
# Only relevant for archives
$c->maxreclevel(4);
$c->maxfiles(20);
$c->maxfilesize(1024 * 1024 * 20); # 20 megs
$c->archivememlim(0); # limit memory usage for bzip2 (0/1)
$c->maxratio(0);

# Scan a filehandle (scandesc in clamav)
# scan(FileHandle or path, Bitfield of options)
my $status = $c->scan(FH, CL_SCAN_ARCHIVE|CL_SCAN_MAIL);

# Scan a file (scanfile in clamav)
my $status = $c->scan("/path/to/file.eml", CL_SCAN_MAIL);

# $status is an overloaded object
die "Failed to scan: $status" unless $status;
if ($status->virus) {
    print "Message is a virus: $status\n";
}
else {
    print "No virus found!\n";
}

DESCRIPTION

Clam AntiVirus is an anti-virus toolkit for UNIX http://www.clamav.com/. This module provide a simple interface to its C API.

EXPORT

None by default.

Exportable constants

Options for scanning.

CL_SCAN_STDOPT

This is an alias for a recommended set of scan options. You should use it to make your software ready for new features in future versions of libclamav.

CL_SCAN_RAW

It does nothing. Please use it (alone) if you don't want to scan any special files.

CL_SCAN_ARCHIVE

This flag enables transparent scanning of various archive formats.

CL_SCAN_BLOCKENCRYPTED

With this flag the library marks encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).

CL_SCAN_BLOCKMAX

Mark archives as viruses if maxfiles, maxfilesize, or maxreclevel limit is reached.

CL_SCAN_MAIL

It enables support for mail files.

CL_SCAN_MAILURL

The mail scanner will download and scan URLs listed in a mail body. This flag should not be used on loaded servers. Due to potential problems please do not enable it by default but make it optional.

CL_SCAN_OLE2

Enables support for Microsoft Office document files.

CL_SCAN_PE

This flag enables scanning withing Portable Executable files and allows libclamav to unpack UPX, Petite, and FSG compressed executables.

CL_SCAN_BLOCKBROKEN

libclamav will try to detect broken executables and mark them as Broken.Executable.

CL_SCAN_HTML

This flag enables HTML normalisation (including JScript decryption).

Status returns. You can get the status code by putting the status object returned into into numeric context.

my $status = $c->scan("foo.txt");
print "Status: ", ($status + 0), "\n";

The following are returned statuses if no error occured.

CL_CLEAN

no viruses found

CL_VIRUS

virus found, put the status in scalar context to see the type

Error statuses

CL_EMAXREC

recursion level limit exceeded

CL_EMAXSIZE

size limit exceeded

CL_EMAXFILES

files limit exceeded

CL_ERAR

rar handler error

CL_EZIP

zip handler error

CL_EMALFZIP

malformed zip

CL_EGZIP

gzip handler error

CL_EBZIP

bzip2 handler error

CL_EOLE2

OLE2 handler error

CL_EMSCOMP

compress.exe handler error

CL_EMSCAB

MS CAB module error

CL_EACCES

access denied

CL_ENULLARG

null argument error

Exportable functions

These function can be exported either individually or using the :all export flags

retdbdir

This function returns the path to the database directory specified when clamav was compiled.

METHODS

Settings

NOTE These settings only apply to scan() and archives (CL_SCAN_ARCHIVE).

maxreclevel

Sets the maximum recursion level [default 5].

maxfiles

Maximum number of files that will be scanned [default 1000]. A value of zero disables the check.

maxfilesize

Maximum file size that will be scanned in bytes [default 10M]. A value of zero disables the check.

maxratio

Maximum compression ratio. So if this is set to 200, libclamav will give up decompressing a file if it reaches 200x its compressed size [default 200]. A value of zero disables the check.

archivememlim

Turns on/off memory usage limits for bzip2. [default 1]

Scanning

All of these methods return a status object. This object is overloaded to make things cleaner. In boolean context this will return false if there was an error. For example: my $status = $c->scan("foo.txt"); die "Error scanning: $status" unless $status;

As you probably just noticed, $status in scalar context returns the error message. In addition to the overloading you just saw, $status has the following methods:

errno

The numeric value (if any) clamav returned.

clean

This will be true if the message was not a virus and an error did not occur.

virus

Returns true if the message is a virus.

error

Return the error message (if any). This is the same thing as quoting $status.

count

Returns the number of messages scanned. Only works with archives.

scan(FileHandle or Path, Bitfield of options)

scan() takes a FileHanle or path and passed the file descriptor for that off to clamav. The second argument is a bitfield of options, CL_SCAN_MAIL, CL_SCAN_ARCHIVE or CL_SCAN_RAW "Exportable constants".

This function returns the status object discussed earlier.

Note that if you are running in taint mode (-T) and a tainted path is passed to scan(), it will croak().

scanbuff($buff)

scanbuff takes a raw buffer and scans it. No options are available for this function (it is assumed you already unarchived or de-MIMEed the buffer and that it is raw).

NOTE: This method will go away in libclamav 0.90. Quote from the mailing list:

Please do not use cl_scanbuff at all, it's to be removed in 0.90. This
function only supports old type signature scanning and will miss many
viruses (just try to scan test/clam.exe). You should definitely use
cl_scanfile/cl_scandesc instead.

Data Directory stats

If the path passed into new() is a directory Mail::ClamAV will set things up to check for updated database files. Calling the statchkdir() will check the database directory to the stats we have in memory. If anything has changed true is returned, otherwise false.

NOTE: trying to use statchkdir() when you passed in a database file instead of directory will produce a fatal error.

statchkdir() is useful for long running daemons that need to check to see if it is time to reload the database. Reloading is simply getting a new Mail::ClamAV object and initializing it.

SEE ALSO

The ClamAV API documentation http://www.clamav.net/doc/html-0.65/node44.html

AUTHOR

Scott Beck <sbeck@gossamer-threads.com>

COPYRIGHT AND LICENSE

Copyright (C) 2003 by Gossamer Threads Inc. http://www.gossamer-threads.com

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.