I wonder if this wouldn't be best handled by making the config file YAML aware, so I could have something like this:
-1
I'm really not a fan of YAML as a configuration format. It strikes me as too fragile.
Would you be open to a plugin using YAML then, for it's own config file? Would you rather include one of the Ini modules on CPAN (quickly looking I see a bunch and I don't know which I prefer yet)? Actually making the config/plugins file be a .ini style file has some advantages, now that I think about it (since you'd have explicit [section]'s for each hook). Hmmm...
I much prefer the stricter, more limited, .ini style format. Yes, it isn't as flexible, but it's a lot harder to break.
It's just a whole lot faster to do
@scanners = LoadFile('config/generic_av);with a data file like this:
--- #YAML:1.0 - name: 'BitDefender' bin: '/opt/bdc/bdc' options: '--mail --all --arc' regex: 'infected: (.+)$' freq: '0.50' - name: 'ClamAV' bin: '/usr/local/bin/clamdscan' options: '--stdout --no-summary' regex: '^.* (.*) FOUND$' freq: '0.50' - name: 'McAfee uvscan' bin: '/usr/local/bin/uvscan' options: '--mime --unzip --secure --noboot' regex: '^.*\W+Found (.*)$' freq: '0.50'
to get an array of hashes. I would want to run a validate function on the incoming array (among other things so I could compile the regexes to save having to do it later), and kick out any array elements that had missing/malformed hash keys. I'll see if any of the existing INI modules on CPAN have that much flexibility.
It occurred to me that all of the commandline scanners share a vast amount of code (basically everything apart from custom return codes). So last night I started writing a generic av scanner, which would use the data file above to define each scanner and use the 'freq' key to determine how often a given scanner would fire.
I was even thinking about how we might be able to use a primitive "train on error" scheme to change the weighting (so a scanner that misses a virus that the other scanners find would have it's "freq" decremented). Unlike spam, with viruses I'm strangely unconcerned about false positives and very worried about false negatives.
John
