Here is my 1 cents worth. If I had time to document it better and clean it
up, it might be worth 2 cents.
Keeping in mind that I am not a programmer, here is my modified clamav
plugin that seems to work for me.
Sorry about not being much more help, but I got this running 6 weeks or so
ago, and intended to document it and put it on this list.
I felt it better to give it here in raw form, in case it helps somebody.
Sam
**********************************************************************
#!/usr/bin/pperl -w
# Clam-AV plugin.
use File::Temp qw(tempfile);
sub register {
my ($self, $qp) = @_;
$self->register_hook("data_post", "clam_scan");
}
sub clam_scan {
my ($self, $transaction) = @_;
my ($temp_fh, $filename) = tempfile();
print $temp_fh $transaction->header->as_string;
print $temp_fh "\n";
$transaction->body_resetpos;
while (my $line = $transaction->body_getline) {
# $self->log(1, "clamscan line: $line");
print $temp_fh $line;
}
seek($temp_fh, 0, 0);
# Now do the actual scanning!
my $cmd =
"/usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary
$filename 2>&1";
# my $cmd =
"/usr/local/bin/clamscan --stdout -i --max-recursion=50 --disable-summary
/home/lafferes/virus-mimail 2>&1";
$self->log(1, "Running: $cmd");
my $output = `$cmd`;
my $result = ($? >> 8);
my $signal = ($? & 127);
unlink($filename);
chomp($output);
$output =~ s/^.* (.*) FOUND$/$1 /mg;
$self->log(1, "clamscan output: $output");
# $self->log(1, "clamscan results: $result");
# $self->log(1, "clamscan signal: $signal");
if ($signal) {
$self->log(1, "clamscan exited with signal: $signal");
return (DECLINED);
}
if ($result == 1) {
$self->log(1, "Virus(es) found");
return (DENY, "Virus Found: $output");
$transaction->header->add('X-Virus-Found', 'Yes');
$transaction->header->add('X-Virus-Details', $output);
}
elsif ($result) {
$self->log(1, "ClamAV error: $result\n");
}
$transaction->header->add('X-Virus-Checked', 'Checked');
return (DECLINED);
}
