[Qmail-scanner-general]File::Scan

[Jorge Valdes]

Hi,
I have File::Scan working with my qmail-scanner-queue.pl (v1.21) working 
and its a lot faster than ClamAV at detecting its _small_ database of viruses.

All that needs to be done is:
1.- Add "use File::Scan;" in the Site-Specific Settings
2.- Add "filescan_scanner" to the @scanner_array
3.- Include the following subroutine definition:
--BEGIN--
sub filescan_scanner {
  &debug("filescan: starting scan of directory \"$ENV{'TMPDIR'}\"...");
  my ($start_filescan_time)=[gettimeofday];
  my $filescanner = File::Scan->new();
  my $has_virus = 0;
  open DIR, "ls $ENV{'TMPDIR'} |";
  while (<DIR>) {
    next if m/^\./; chomp;
    my $file = sprintf "%s/%s",$ENV{'TMPDIR'},$_;
    &debug("filescan: scanning $file...");
    if (my $vv = $filescanner->scan("$file")) {
      &debug("filescan: There be a virus! ($vv)");
      $quarantine_description=$vv; $has_virus++;
      $quarantine_event="FileScan:$vv";
      $description .= "\n--- File::Scan results --\n$vv FOUND";
      last;
    } elsif ( my $ee = $filescanner->error()) {
      &debug("File::Scan [Error] = $ee");
      &error_condition("FileScan: Error: $ee");
      last;
    } elsif ( my $ss = $filescanner->suspicious()) {
      &debug("File::Scan [suspicious]");
      last;
    }
  }
  close DIR;
  my ($filescan_time) = tv_interval ($start_filescan_time, [gettimeofday]);
  &debug("filescan: finished scan of dir \"$ENV{'TMPDIR'}\" in 
$filescan_time secs");
  ## uncomment the following to reject the email iff defined
  #&reject_email("Rejected VIRUS $quarantine_description",33) if ($has_virus);
}
--END--

I have this working in producction systems without problems, and for the 
latest Zafi.b Virus, scanning takes ~0.025 secs per message compared to 
~1.0 secs for ClamAV (Redhat Linux 7.3 i686 @1.5GHz 512MB RAM).

Hope this helps...
--
Jorge Valdes
IT Manager
Intercom El Salvador
[EMAIL PROTECTED]

-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Qmail-scanner-general mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general