[Mimedefang] Cleaning up antivirus integration
Dave O'Neill
dmo at roaringpenguin.com
Wed May 2 15:42:09 EDT 2007
I'm about to begin some cleanup work on the antivirus integration within
MIMEDefang. The goals are:
- cleaner code with less duplication
- separate from mimedefang.pl as individually testable modules
- MIMEDefang only loads desired AV integration code, not all
possible code
- AV integration code usable outside of MIMEDefang and released to
CPAN (eventually).
With that in mind, I've got a few questions for the list:
1) what AV engines do you actually use with MD? Some of the AV
integration code in mimedefang.pl looks fairly stale, so if a
backend is truly obsolete (for example, openantivirus.org) I'd like
to remove it.
2) what sort of API would you like to see for the restructured code?
I'm currently thinking of something like:
# In your filter
use vars qw( $VS );
# In filter_initialize()
$VS = Email::VirusScan->new({
# the engines to use, and their configurations
engines => {
'ClamAV::Daemon' => {
socket_name => '/var/spool/MIMEDefang/clamd.sock'
},
'FProtD' => {
host => '127.0.0.1',
port => 10200,
},
},
# the order to use the engines in
order => [ 'FProtD', 'ClamAV::Daemon' ],
});
# And, later, in filter_end()
my $result = $VS->scan_path( "$CWD/Work" )
if( $result->is_virus ) {
my @viruses = $result->get_virus_names();
# ...
}
Email::VirusScan would use pluggable backends, such as
Email::VirusScan::ClamAV::Daemon that conform to a standard API:
->new( $some_config_hashref ) for creating a scanner object with
configuration data
->scan( $email_object ) for scanning a MIME::Entity, Email::Simple,
etc, probably via Email::Abstract. This is mostly equvalent to
entity_contains_virus() in the current MD code.
->scan_path( $path_to_file_or_directory ) for scanning a single file
or directory. This is mostly equivalent to
message_contains_virus() in the current MD code
Email::VirusScan->scan() or ->scan_path() would iterate over all the
configured backend engines and invoke the equivalent method. The
results of all scans would be returned as a container object that can
be queried for overall status (->is_virus, etc), or for the
information about individual scan results ( so that you can see which
scanner got a hit, the name of the infected file, etc).
Please reply to the list with comments and suggestions so that we can
get the discussion rolling.
Cheers,
Dave
--
Dave O'Neill <dmo at roaringpenguin.com> Roaring Penguin Software Inc.
+1 (613) 231-6599 http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com
More information about the MIMEDefang
mailing list