[Mimedefang] Cleaning up antivirus integration

Dave O'Neill dmo at roaringpenguin.com
Wed May 2 15:42:09 EDT 2007 

I'm about to begin some cleanup work on the antivirus integration within
MIMEDefang.  The goals are:
    - cleaner code with less duplication
    - separate from mimedefang.pl as individually testable modules
    - MIMEDefang only loads desired AV integration code, not all
      possible code
    - AV integration code usable outside of MIMEDefang and released to
      CPAN (eventually).

With that in mind, I've got a few questions for the list:

1) what AV engines do you actually use with MD?  Some of the AV
   integration code in mimedefang.pl looks fairly stale, so if a
   backend is truly obsolete (for example, openantivirus.org) I'd like
   to remove it.

2) what sort of API would you like to see for the restructured code?
   I'm currently thinking of something like:

        # In your filter
        use vars qw( $VS );

        # In filter_initialize()
        $VS = Email::VirusScan->new({
           
            # the engines to use, and their configurations
            engines => {
                'ClamAV::Daemon' => {
                    socket_name => '/var/spool/MIMEDefang/clamd.sock'
                },
                'FProtD' => {
                    host => '127.0.0.1',
                    port => 10200,
                },
            },

            # the order to use the engines in
            order => [ 'FProtD', 'ClamAV::Daemon' ],
        });

        # And, later, in filter_end()
        my $result = $VS->scan_path( "$CWD/Work" )
        if( $result->is_virus ) {
            my @viruses = $result->get_virus_names();
            # ... 
        }

   Email::VirusScan would use pluggable backends, such as
   Email::VirusScan::ClamAV::Daemon that conform to a standard API:
    ->new( $some_config_hashref ) for creating a scanner object with
      configuration data
    ->scan( $email_object ) for scanning a MIME::Entity, Email::Simple,
      etc, probably via Email::Abstract.  This is mostly equvalent to
      entity_contains_virus() in the current MD code.
    ->scan_path( $path_to_file_or_directory ) for scanning a single file
      or directory.  This is mostly equivalent to
      message_contains_virus() in the current MD code
   
   Email::VirusScan->scan() or ->scan_path() would iterate over all the
   configured backend engines and invoke the equivalent method.  The
   results of all scans would be returned as a container object that can
   be queried for overall status (->is_virus, etc), or for the
   information about individual scan results ( so that you can see which
   scanner got a hit, the name of the infected file, etc).


Please reply to the list with comments and suggestions so that we can
get the discussion rolling.

Cheers,
Dave
-- 
Dave O'Neill <dmo at roaringpenguin.com>    Roaring Penguin Software Inc.
+1 (613) 231-6599                        http://www.roaringpenguin.com/
For CanIt technical support, please mail: support at roaringpenguin.com

More information about the MIMEDefang mailing list