Hi,
I'm starting work on my own virus scanner.
I tried File::Scan and was getting some sort of error, so
please don't tell me to use it.
I started looking into the virus signature list at
openvirus.org, it looks something like this.
....
.....
VCS=b90f0489feac32c4aae2
....
....
Just a list of name=hexsignature, 1 per line
So I thought about how I could do my own scanner,
I came up with this. I was wondering if anyone sees
flaws in my simple method, it seems to work for my test files.
Is there something I'm overlooking?
I'm especially looking for ways to convert to hex more
efficiently, and whether grep would be better on big files,
rather than using =~ m/ $hextest /i
P.S. Anyone know where I can get a fully comprehensive
list of signatures? The ones at openvirus.org seems a pretty
short list at around 500k; when the commercial scanners have
DAT files approching 5 megs.
##############################################
#!/usr/bin/perl
#eicar-test.pl
#usage: eicar-test.pl file
use strict;
use warnings;
$/ = undef;
my $hextest;
#hexstring for EICAR-test-file
$hextest='58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a';
my $file = <>;
my $filestring='';
hexdump($file);
exit;
sub hexdump {
my $str = $_[0];
return unless length $str;
my $filestring = unpack "H*", $str;
if ($filestring =~ m/$hextest/i){print "$hextest\n";}
else{print 'no match',"\n"}
return;
}
#####################################################
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
