Is there any way this could be added to the main distribution? I've just started using kav, and noticed it's high overhead. This would be a perfect solution.
Thanks Ryan for your work. Regards, Tren -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ryan Finnie Sent: Thursday, February 06, 2003 11:25 AM To: [EMAIL PROTECTED] Subject: [Qmail-scanner-general]Working AVPdaemon code Here, you go, as promised.... There are two subs below; avpdclient_scanner is the Q-S interface, but avpdclient is where the magic happens. It opens a control file at /var/run/AvpCtl (AVPdaemon's default) and uses that to talk with AVPdaemon. Note that it never actually shells out to do anything. As for actually starting the daemon (people seem to have the most problems with that), I used the "avpdaemon.rh7" rc script that came with KAV, but change this line: daemon "$DAEMON" -I0 -Y to: daemon "$DAEMON" / (Replace / with whatever part of the file system you want to BE ABLE to scan. / works just fine for me.) One thing to note, be sure to run "AvpDaemon /" manually the first time and then manually kill the process; for some reason it will NOT start up the first time after installation using the rc script. I have just included the subs. I did not modify the configure file or anything so this is a manual process. But if you do add this code to the distribution, I recommend telling the user to start up AVPdaemon before running configure, then have the configure script check for "AvpDaemon" in the process list to detect it. Ryan --- sub avpdclient_scanner { #Kaspersky AVPdaemon client scanner &debug("kasp: starting scan of directory \"$scandir/$file_id\"..."); my ($avp_verbose)="-O" if ($DEBUG); my ($start_avp_time)=[gettimeofday]; my ($DD,$avp_status,$stop_avp_time,$avp_time); ($avp_status, $DD) = avpdclient("$scandir/$file_id"); &debug("--output of avp was:\n$DD--"); if ( $avp_status > 0 ) { if ($avp_status == 8) { &debug("kasp: Corrupted file only, no viruses found"); } elsif ($avp_status =~ /^(2|3|4)$/) { #This covers the potential viruses $quarantine_description="suspicious"; if ($DD =~ /\n\s*(.*)\s+(infected): (.*)\n/) { $quarantine_description=$3; } elsif ($DD =~ /\n\s*(.*)\s+(suspicion): (.*)\n/) { #This covers the specific $destring='Suspicious file:'; $quarantine_description=$3; } &debug("There be a $destring! ($quarantine_description)"); ($quarantine_event=$quarantine_description)=~s/\s/_/g; $quarantine_event="kasp:".substr($quarantine_event,0,$QE_LEN); $description = $DD; } else { &debug("kasp: unknown problem - exit status $avp_status"); } } $stop_avp_time=[gettimeofday]; $avp_time = tv_interval ($start_avp_time, $stop_avp_time); &debug("kasp: finished scan of \"$scandir/$file_id\" in $avp_time secs"); } sub avpdclient { my($file) = $_[0]; my($uintbufs, $uintbuf); my($repsizes, $repsize, $repbuf, $rep); my($exitcode); my($ctlfile) = "/var/run/AvpCtl"; # Open the ctl file socket(SOCK, Socket::AF_UNIX, Socket::SOCK_STREAM,0) || return(9, "socket: $!\n"); connect(SOCK, Socket::pack_sockaddr_un($ctlfile)) || return(9, "connect: $!\n"); # Send the command send(SOCK,"<0>Jan 15 21:58:15:" . chr(254) . "Y|P|B|MP|MD|*|O|o{$file}" . chr(254), 0); # The first 2 bytes tell us what's coming up. recv(SOCK, $uintbufs, 2, 0); $uintbuf = hex(unpack('H*', reverse $uintbufs)); # Deep voodoo... $exitcode = ($uintbuf & 0xff - 0x30) & 0x0f; # Is there a result string following (usually) if($uintbuf & 0x100) { # The next 4 bytes tell us how long the result string is recv(SOCK, $repsizes, 4, 0); $repsize = hex(unpack('H*', reverse $repsizes)); if($repsize > 0) { # Keep reading till we're done. while(length($rep) < $repsize) { recv(SOCK, $repbuf, 512, 0); $rep .= $repbuf; } } } close(SOCK); return($exitcode, $rep); } ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
