Hi List, Thought I'd post this in the chance that it may be useful for someone. Currently it has a known bug that it adds a \r\n to the end of the mbox. I also assume that the files are written in DOS format, as I'm running this on a samba file server. Share and Enjoy!
#!/usr/bin/perl -w # # Scans Thunderbird INBOXs (or other mbox files) # # Assumes DOS format # # License Perl (Artistic and GPL) # ClamAV-Client code taken from: http://search.cpan.org/~jmehnle/ClamAV-Client-0.11/ # # usage: ./scan-mbox FILE [FILE2 FILE3 ...] use strict; use ClamAV::Client; use File::Temp qw/ tempfile /; use File::Copy; use File::Slurp qw( slurp ) ; # Use a local Unix domain socket: my $scanner = ClamAV::Client->new( socket_name => '/var/run/clamav/clamd.ctl' ); die("ClamAV daemon not alive") if not defined($scanner) or not $scanner->ping(); for my $infile (@ARGV) { my $slurpee = slurp($infile); my @mail=split(/(?<=\r\n)\r\n(?=From )/,$slurpee); #split on the second \n, with a \n right before it, and 'From ' right after my ($tempfile,$filename) = tempfile(); for my $msg (@mail) { my $result; $result = $scanner->scan_scalar(\$msg); if (defined($result)) { print "VIRUS FOUND: $result\n"; } else { print $tempfile $msg."\r\n"; ## another dos assumption } } close $infile; close $tempfile; copy $filename, $infile; unlink $tempfile; } -- Jason Castonguay
_______________________________________________ http://lurker.clamav.net/list/clamav-users.html
