0

首先让我声明,clamd 已被证明可以正确响应:

$ echo PING | nc -U /var/run/clamav/clamd.sock
PONG

扫描仪设置如下:

#set up a Clamav scanner
use File::VirusScan;
use File::VirusScan::ResultSet;
my $scanner = File::VirusScan->new({
    engines => {
            '-Daemon::ClamAV::Clamd' => {
                    socket_name => '/var/run/clamav/clamd.sock',
            },
    },
});

整个脚本在 Solaris 11 机器上运行良好。我在 Linux CentOS 5.3 (Final) 上运行它 我确实在从 CPAN 安装 File::VirusScan 时遇到了问题,最新版本 0.102 无法编译,CPAN 测试人员似乎确认了这一点,因为 435 在 437 中失败。所以我从 CPAN 下载 prev 0.101 版本,我也在 Solaris 中运行并手动安装的版本显然没问题

perl -v
This is perl, v5.8.8 built for x86_64-linux-thread-multi


sub scanner {
        $|++; # buffer disabled
        (my $path, my $logClean) = @_;



    my $recurse = 5;
    print color "yellow";
    print "[i] Building file scan queue - recurse deepth $recurse \n";
    print color "green";
    print "SCAN QUEUE:0";

    #Get list of files

    if( $rootPath){
     use File::Find::Rule;
    my $finder = File::Find::Rule->maxdepth($recurse)->file->relative->start("$$path");
        while( my $file = $finder->match()  ){
           $|++;
           #$file = substr($file,length($rootPath)); #remove path bloat
           push(@scanList,"/$file");
           print "\rSCAN QUEUE:" .scalar(@scanList);  #update screen
        }
    }else{
     push(@scanList,"$$path");
    }


    print "\rSCANING:0";
    #set up a Clamav scanner
    use File::VirusScan;
    use File::VirusScan::ResultSet;
    my $scanner = File::VirusScan->new({
        engines => {
                '-Daemon::ClamAV::Clamd' => {
                        socket_name => '/var/run/clamav/clamd.sock',
                },
        },
    });



    #scan each file
    my $scanning  = 0;
    my $complete = -1;

    foreach $scanFile (@scanList){
             $scanning++;
             ##################################################
             #scan this file
             $results = $scanner->scan($rootPath.$scanFile);
             ##################################################
                  #array of hashes
             my $centDone = int(($scanning/scalar(@scanList))*100);

             if($centDone > $complete){
                 $complete = $centDone;
             }
             if($centDone < 100){
                  #\r to clear/update line
                  $format = "%-9s %-60s %-15s %-5s";
                  printf $format, ("\rSCANING:", substr($scanFile,-50), "$scanning/".scalar(@scanList), "$centDone%");
             }else{
                  print "\rSCAN COMPLETE                                                                            ";
             }

             # array ref
             foreach $result (@$results) {
                        #array of pointers to hashes
                      #print 'data:'
                      #print 'state:'
                       if($$result{state} ne "clean"){
                           if($$result{data} =~ /^Clamd returned error: 2/){
                               $$result{data} = "File too big to scan";
                           }
                           push(@scanResults,[$scanFile,$$result{state},$$result{data}]); # results
                      }elsif($$logClean){
                           push(@scanResults,[$scanFile,$$result{state},$$result{data}]);
                      }
                      unless($$result{state} eq "clean"){
                                    print color "red";
                                    print "\r$scanFile,$$result{state},$$result{data}\n";
                                    print color "green";
                                    print "\rSCANING: $scanning/".scalar(@scanList)." : $centDone%";
                               if($$result{state} eq "virus"){
                                    push(@scanVirus,scalar(@scanResults)-1);  #scanResuts index of virus

                               }elsif($$result{state} eq "error"){
                                    push(@scanError,scalar(@scanResults)-1);  #scanResuts index of Error
                               }
                      }
             }

    } print "\n";

}
4

2 回答 2

1

查看Clamd 包的源代码,以下脚本应该近似于它正在尝试的调用,并有望让您更好地了解它是如何失败的。尝试将其保存到单独的文件(如 test.pl)并使用“perl test.pl”运行它:

use IO::Socket::UNIX;
use IO::Select;

my $socket_name = '/var/run/clamav/clamd.sock';
my $sock = IO::Socket::UNIX->new(Peer => $socket_name);

if(!defined($sock)) {
    die("Couldn't create socket for path $socket_name");
}

my $s = IO::Select->new($sock);

if(!$s->can_write(5)) {
    $sock->close;
    die("Timeout waiting to write PING to clamd daemon at $socket_name");
}

if(!$sock->print("SESSION\nPING\n")) {
    $sock->close;
    die('Could not ping clamd');
}

if(!$sock->flush) {
    $sock->close;
    die('Could not flush clamd socket');
}

if(!$s->can_read($self->{5})) {
    $sock->close;
    die("Timeout reading from clamd daemon at $socket_name");
}

my $ping_response;
if(!$sock->sysread($ping_response, 256)) {
    $sock->close;
    die('Did not get ping response from clamd');
}

if(!defined $ping_response || $ping_response ne "PONG\n") {
    $sock->close;
    die("Unexpected response from clamd: $ping_response");
}
于 2012-10-24T18:49:13.580 回答
0

看起来各种防病毒引擎需要与 File::VirusScan 基础库分开安装。以下是否返回错误?

perl -mFile::VirusScan::Engine::Daemon::ClamAV::Clamd -e ''

如果显示找不到 Clamd.pm 的错误,则需要安装该引擎模块。

如果它没有显示错误,您需要发布更多详细信息,例如您实际用于执行扫描的代码和/或错误输出(如果有)。

于 2012-10-24T17:27:59.483 回答