[Mimedefang] Cascading virus scanners

Enrico Scholz enrico.scholz at sigma-chemnitz.de
Mon Sep 23 04:50:01 EDT 2002 

mimedefang at lists.roaringpenguin.com (Aaron Paetznick) writes:

> What if I wanted paranoid-level virus scanning?  Could I run several 
> different virus scanners in series?

Yes; I am using

---
my @SCANNERS = (
  ['Virus:FileScan', \&message_contains_virus_filescan, \&entity_contains_virus_filescan],
  ['Virus:AVP',      \&message_contains_virus_avp,      \&entity_contains_virus_avp     ],
  ['Virus:FPROT',    \&message_contains_virus_fprot,    \&entity_contains_virus_fprot   ],
  ['Virus:FSAV',     \&message_contains_virus_fsav,     \&entity_contains_virus_fsav    ],
  ['Virus:HBEDV',    \&message_contains_virus_hbedv,    \&entity_contains_virus_hbedv   ],
  ['Virus:NAI',      \&message_contains_virus_nai,      \&entity_contains_virus_nai     ],
  ['Virus:NVCC',     \&message_contains_virus_nvcc,     \&entity_contains_virus_nvcc    ],
  ['Virus:RAV',      \&message_contains_virus_rav,      \&entity_contains_virus_rav     ],
  ['Virus:SOPHIE',   \&message_contains_virus_sophie,   \&entity_contains_virus_sophie  ],
  ['Virus:SOPHOS',   \&message_contains_virus_sophos,   \&entity_contains_virus_sophos  ],
  ['Virus:TREND',    \&message_contains_virus_trend,    \&entity_contains_virus_trend   ],
  ['Virus:CLAMAV',   \&message_contains_virus_clamav,   \&entity_contains_virus_clamav  ],
);

## ...

sub contains_virus($$) {
  my ($idx,$e) = @_;

  foreach my $val ( @SCANNERS ) {
    my ($feature, at funcs) = @{$val};

    next        if !($Features{$feature});

    if (wantarray) {
      my @res = $funcs[$idx]($e);
      return (@res,$feature)    if $res[0]!=0;
    }
    else {
      my $res = $funcs[$idx]($e);
      return $res       if $res!=0;
    }
  }

  return (wantarray ? (0, 'ok', 'ok','') : 0);
}

# Scan for a virus using the first supported virus scanner we find.
sub message_contains_virus () {
        return contains_virus(0, '');
}

# Scan for a virus using the first supported virus scanner we find.
sub entity_contains_virus ($) {
        my($e) = @_;
        return contains_virus(1, $e);
}
-----

(I am not a perl-programmer so the statements above may be
expressed more effective probably)



Enrico

-- 
q: If you were young again, would you start writing TeX again or would
   you use Microsoft Word, or another word processor?
a: I hope to die before I have to use Microsoft Word.
  -- Harald Koenig <koenig at tat.physik.uni-tuebingen.de> asking D.E.Knuth

More information about the MIMEDefang mailing list