-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathvirus-check.pl
executable file
·107 lines (80 loc) · 2.57 KB
/
virus-check.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/perl
#---------------------------------------------------
#
# virus-check.pl
#
# ModSec virus check script used as a wrapper for
# clamAV
#
#---------------------------------------------------
# Author: Christian Folini, netnea.com
# Last Update: 2015-06-23
#---------------------------------------------------
#---------------------------------------------------
# Initialisation
#---------------------------------------------------
use strict;
use warnings;
use POSIX qw(strftime);
my $do_log = $ENV{"CLAMD_DEBUG_LOG"} eq "on" ? 1 : 0;
my $logfile = "/dev/stdout";
my $BIN = "clamdscan";
if ($#ARGV != 0) {
print "Usage: virus-check.pl <filename>\n";
exit;
}
my ($myfile) = shift @ARGV;
my $filesize = -s $myfile;
if ( $do_log ) { writelog("Initialisation for scanning of file $myfile ($filesize bytes)")} ;
my $result = "";
my $status = "";
my $output = "";
#---------------------------------------------------
# Sub-Functions
#---------------------------------------------------
sub writelog {
# We open/close the logfile after every time as there might be
# multiple instances attempting to write.
# If there is a collision we simply ignore the failure and move on
my ($logitem) = @_;
my $date = strftime "%Y-%m-%d %H:%M:%S", localtime;
if ( open(LOG, ">>", $logfile)) {
print LOG "$date : pid $$ : $logitem\n";
close(LOG);
} else {
print "Problem writing logfile $logfile. Ignoring.\n";
}
}
#---------------------------------------------------
# clamAV execution
#---------------------------------------------------
if ( $do_log ) { writelog("Calling clamAV ($BIN) ...")} ;
$result = `$BIN --stdout $myfile`;
my $myresult = $result;
$myresult =~ s/\n/ | /g;
if ( $do_log ) { writelog("ClamAV returned result : $myresult")} ;
$result =~ m/^(.+)/;
$status = $1;
if ( $do_log ) { writelog("Extracted status : $status")} ;
$output = "0 Error parsing clamAV output : $1";
#---------------------------------------------------
# Interpretation of clamAV output
#---------------------------------------------------
if ($status =~ m/: OK$/) {
$output = "1 clamAV OK";
}
elsif ($status =~ m/: Empty file\.?$/) {
$output = "1 empty file";
}
elsif ($status =~ m/: (.+) ERROR$/) {
$output = "0 clamAV: $1";
}
elsif ($status =~ m/: (.+) FOUND$/) {
$output = "0 clamAV: $1";
}
#---------------------------------------------------
# Bailing out
#---------------------------------------------------
if ( $do_log ) { writelog("Return value : $output")} ;
print "$output\n";
if ( $do_log ) { writelog("Bailing out")} ;