Here, you go, as promised.... There are two subs below;
avpdclient_scanner is the Q-S interface, but avpdclient is where the magic
happens. It opens a control file at /var/run/AvpCtl (AVPdaemon's default)
and uses that to talk with AVPdaemon. Note that it never actually shells
out to do anything.
As for actually starting the daemon (people seem to have the most problems
with that), I used the "avpdaemon.rh7" rc script that came with KAV, but
change this line:
daemon "$DAEMON" -I0 -Y
to:
daemon "$DAEMON" /
(Replace / with whatever part of the file system you want to BE ABLE to
scan. / works just fine for me.) One thing to note, be sure to run
"AvpDaemon /" manually the first time and then manually kill the process;
for some reason it will NOT start up the first time after installation
using the rc script.
I have just included the subs. I did not modify the configure file or
anything so this is a manual process. But if you do add this code to the
distribution, I recommend telling the user to start up AVPdaemon before
running configure, then have the configure script check for "AvpDaemon" in
the process list to detect it.
Ryan
---
sub avpdclient_scanner {
#Kaspersky AVPdaemon client scanner
&debug("kasp: starting scan of directory \"$scandir/$file_id\"...");
my ($avp_verbose)="-O" if ($DEBUG);
my ($start_avp_time)=[gettimeofday];
my ($DD,$avp_status,$stop_avp_time,$avp_time);
($avp_status, $DD) = avpdclient("$scandir/$file_id");
&debug("--output of avp was:\n$DD--");
if ( $avp_status > 0 ) {
if ($avp_status == 8) {
&debug("kasp: Corrupted file only, no viruses found");
} elsif ($avp_status =~ /^(2|3|4)$/) {
#This covers the potential viruses
$quarantine_description="suspicious";
if ($DD =~ /\n\s*(.*)\s+(infected): (.*)\n/) {
$quarantine_description=$3;
} elsif ($DD =~ /\n\s*(.*)\s+(suspicion): (.*)\n/) {
#This covers the specific
$destring='Suspicious file:';
$quarantine_description=$3;
}
&debug("There be a $destring! ($quarantine_description)");
($quarantine_event=$quarantine_description)=~s/\s/_/g;
$quarantine_event="kasp:".substr($quarantine_event,0,$QE_LEN);
$description = $DD;
} else {
&debug("kasp: unknown problem - exit status $avp_status");
}
}
$stop_avp_time=[gettimeofday];
$avp_time = tv_interval ($start_avp_time, $stop_avp_time);
&debug("kasp: finished scan of \"$scandir/$file_id\" in $avp_time secs");
}
sub avpdclient {
my($file) = $_[0];
my($uintbufs, $uintbuf);
my($repsizes, $repsize, $repbuf, $rep);
my($exitcode);
my($ctlfile) = "/var/run/AvpCtl";
# Open the ctl file
socket(SOCK, Socket::AF_UNIX, Socket::SOCK_STREAM,0) ||
return(9, "socket: $!\n");
connect(SOCK, Socket::pack_sockaddr_un($ctlfile)) ||
return(9, "connect: $!\n");
# Send the command
send(SOCK,"<0>Jan 15 21:58:15:" . chr(254) . "Y|P|B|MP|MD|*|O|o{$file}"
. chr(254), 0);
# The first 2 bytes tell us what's coming up.
recv(SOCK, $uintbufs, 2, 0);
$uintbuf = hex(unpack('H*', reverse $uintbufs));
# Deep voodoo...
$exitcode = ($uintbuf & 0xff - 0x30) & 0x0f;
# Is there a result string following (usually)
if($uintbuf & 0x100) {
# The next 4 bytes tell us how long the result string is
recv(SOCK, $repsizes, 4, 0);
$repsize = hex(unpack('H*', reverse $repsizes));
if($repsize > 0) {
# Keep reading till we're done.
while(length($rep) < $repsize) {
recv(SOCK, $repbuf, 512, 0);
$rep .= $repbuf;
}
}
}
close(SOCK);
return($exitcode, $rep);
}
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
