View previous topic :: View next topic |
Author |
Message |
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Tue Feb 01, 2005 6:38 pm Post subject: Virus scanner in VDS |
|
|
If anyone needs to virus scan things in their VDS scripts, a guy named Boguslaw Brandys has developed a Windows port of the free open-source virus scanner ClamAV at http://www.bransoft.com/clamav.html. There's one DLL to get the signature updates and another to scan files. It's easy to call the DLLs using the VDS @lib function. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Tue Feb 01, 2005 11:10 pm Post subject: |
|
|
Hi Jules,
Any idea which download package has the dlls? They all seem to require
compilers.
-Garrett _________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Wed Feb 02, 2005 9:34 am Post subject: |
|
|
Hi Garrett.
The clamav-windows.zip you can download from the page I referred to does have a compiled libclamav.dll but it is buried deep in the folder hierarchy somewhere below "contribs" where there is a Delphi example, and Delphi .pas declarations of the DLL interfaces and constants. I thought there was also a freshclam.dll in there, which is the updater, but just now I couldn't find it. I suggest that you download and install the clammail package from the same website, and nick the DLLs out of that. Since it's GPL software, there's no reason why you shouldn't do that. Alternatively, you could download the free command line MSVC++ compiler and build your own versions from the source code. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Wed Feb 02, 2005 9:52 am Post subject: |
|
|
Here is the unit I wrote to interface with these DLLs. Note that I haven't figured out the exit codes for the updater function yet. Also the last binary DWORD on the line %L = ... specifies options for the scanner. You might want to change some of these, so you could write a function to build the value of that DWORD according to supplied parameters.
Code: |
# VDS commands / functions to use ClamAV DLLs
#define command,CLAMAV
#define function,CLAMAV,CLAMSCAN
:clamav
if @equal(%1,scan)
# CLAMAV SCAN, <filename> // OK = true if clean; false if virus or some other problem
# %%clamav_retcode = actual return code
# %%clamav_scan = virus name or explanation of problem
%V = @fill(128,,Z)
%S = @binary(DWORD,0)
%L = @binary(DWORD,@binary(DWORD,1000)@binary(DWORD,1000)@binary(DWORD,0)@binary(DWORD,20971520)
%%clamav_retcode = @lib(libclamav,clam_scanfile,INT:,@addr("%2"),@addr("%V"),@addr("%S"),%%clamav_root,@addr("%L"),INT:1019)
if @zero(%%clamav_retcode)
%%clamav_scan =
else
if @equal(%%clamav_retcode,1)
%V = @adjust(%V)
%%clamav_scan = Infected: %V
elsif @equal(%%clamav_retcode,10)
%%clamav_scan = Not scanned: recursion level limit exceeded
elsif @equal(%%clamav_retcode,11)
%%clamav_scan = Not scanned: size limit exceeded
elsif @equal(%%clamav_retcode,12)
%%clamav_scan = Not scanned: files limit exceeded
elsif @equal(%%clamav_retcode,100)
%%clamav_scan = Not scanned: rar handler error
elsif @equal(%%clamav_retcode,101)
%%clamav_scan = Not scanned: zip handler error
elsif @equal(%%clamav_retcode,102)
%%clamav_scan = Not scanned: corrupt archive
elsif @equal(%%clamav_retcode,103)
%%clamav_scan = Not scanned: gzip handler error
elsif @equal(%%clamav_retcode,104)
%%clamav_scan = Not scanned: bzip2 handler error
elsif @equal(%%clamav_retcode,105)
%%clamav_scan = Not scanned: OLE2 handler error
elsif @equal(%%clamav_retcode,106)
%%clamav_scan = Not scanned: compress.exe handler error
elsif @equal(%%clamav_retcode,107)
%%clamav_scan = Not scanned: MS CAB module error
elsif @equal(%%clamav_retcode,200)@equal(%%clamav_retcode,-4)
%%clamav_scan = Not scanned: access denied
else
%%clamav_scan = Not scanned: error code %%clamav_retcode
end
ERROR -1
end
elsif @equal(%1,load)
# CLAMAV LOAD, <path to .cvd files> // MUST EXECUTE THIS BEFORE SCANNING
if @null(%2)
%2 = @substr(@path(%0),1,-1)
end
if @not(%%clamav_loaded)
LOADLIB %2\libclamav.dll
if @not(@ok())
ERROR 28
exit
end
%%clamav_loaded = 1
%%clamav_root =
end
%%clamav_error =
%N = @binary(DWORD,0)
%E = @binary(DWORD,0)
%%clamav_root = @lib(libclamav,clam_loaddbdir,INT:,STR:%2,@addr("%N"),@addr("%E"))
if @zero(@val(%E))
%I = @lib(libclamav,clam_build,INT:,%%clamav_root)
if @not(@zero(%I))
%%clamav_error = %I
end
else
%%clamav_error = %E
end
if %%clamav_error
ERROR -1
end
elsif @equal(%1,unload)
# CLAMAV UNLOAD // EXECUTE BEFORE CLOSING
FREELIB libclamav.dll
%%clamav_loaded =
%%clamav_root =
elsif @equal(%1,version)
# %%ver = @CLAMAV(VERSION) // not very useful
%R = @fill(260,,Z)
%I = @lib(libclamav,clam_retver,NUL:,@addr("%R"))
elsif @equal(%1,update)
# CLAMAV UPDATE, <path to .cvd files>, <mirror> // mirror is db.xx.clamav.net where xx is ICANN country code
LOADLIB freshclam.dll
if @not(@ok())
ERROR 28
exit
end
if @null(%2)
%2 = @substr(@path(%0),1,-1)
end
if @null(%3)
%3 = db.us.clamav.net
end
%I = @lib(freshclam,clam_update,INT:,INT:1,STR:%2,STR:%2\update.log,STR:current.cvd.clamav.net,STR:%3,STR:database.clamav.net,NIL:)
# I haven't figured out what the return codes mean yat...
info "%I = "%I
FREELIB freshclam.dll
# need to CLAMAV UNLOAD and reLOAD if sigs are updated
end
exit %R
# simple function to scan one file, returning true if file OK (uninfected)
# virus name in %%clamav_scan if infected
:clamscan
%V = 1
option errortrap,noclamav
CLAMAV LOAD,%%clamavpath
option errortrap
if @ok()
CLAMAV SCAN,%1
%V = @unequal(%%clamav_retcode,1)
CLAMAV UNLOAD
end
:noclamav
option errortrap
exit %V |
_________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
Skit3000 Admin Team
Joined: 11 May 2002 Posts: 2166 Location: The Netherlands
|
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Wed Feb 02, 2005 4:51 pm Post subject: |
|
|
I can't technically do that without including a copy of the GPL and documentation on how to get the source code, which I don't currently have, because I had to do system restore back a week after my computer suddently started asking to be activated with Microsoft and then complaining about an invalid registration code (even though its an OEM system and isn't supposed to need activating) and having done that, I lost everything except the DLLs which I'd copied to another place. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
PGWARE Web Host
Joined: 29 Dec 2001 Posts: 1562
|
Posted: Wed Feb 02, 2005 8:52 pm Post subject: |
|
|
I think I may use this on the new windows 2003 server I have. I'm currently scanning incoming emails with Panda CommandLine antivirus which does a fairly good job but I'd like to add in a secondary AV solution as well, this looks like it may do the trick. |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Thu Feb 03, 2005 4:09 am Post subject: |
|
|
I keep getting the same return error code of -5 which is "malformed database"
Any clue what I did wrong. _________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Thu Feb 03, 2005 9:02 am Post subject: |
|
|
Did you run the update first to get the database files? The database is two files, main.cvd and daily.cvd, and they need to be in the same directory as the program itself (if you use the default option) or else you must specify it in the LOAD command. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Thu Feb 03, 2005 3:35 pm Post subject: |
|
|
I did update. But I'll toy some more today with this. This is interesting
and I'm having fun with this. _________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Thu Feb 03, 2005 4:23 pm Post subject: |
|
|
Yep, it's way too much fun. I converted my Tech-Protect anti-virus to use this, and now I'm making a new interface for it using Skit's HTML menu. _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
Garrett Moderator Team
Joined: 04 Oct 2001 Posts: 2149 Location: A House
|
Posted: Thu Feb 03, 2005 10:11 pm Post subject: |
|
|
LOL!!!! That's what I was going to do! _________________ 'What you do not want done to yourself, do not do to others.' - Confucius (550 b.c. to 479 b.c.) |
|
Back to top |
|
|
vdsalchemist Admin Team
Joined: 23 Oct 2001 Posts: 1448 Location: Florida, USA
|
Posted: Fri Feb 04, 2005 2:13 am Post subject: |
|
|
What will you guys think of next _________________ Home of
Give VDS a new purpose!
|
|
Back to top |
|
|
Skit3000 Admin Team
Joined: 11 May 2002 Posts: 2166 Location: The Netherlands
|
|
Back to top |
|
|
jules Professional Member
Joined: 14 Sep 2001 Posts: 1043 Location: Cumbria, UK
|
Posted: Fri Feb 04, 2005 9:02 am Post subject: |
|
|
Garrett wrote: | LOL!!!! That's what I was going to do! |
Well, go for it, man! There's room for more than one solution, and there is no decent Windows GUI for ClamAV at the moment so it could be very popular. And a great promotion of the abilities of VDS! _________________ The Tech Pro
www.tech-pro.net |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum
|
|