[pmg-devel] Avast Support

Davide Bozzelli davide.bozzelli at gmail.com
Tue Feb 20 18:34:06 CET 2018 

Ok .

Put simpy: to scan a file i ran: scan path_of_the file.
Of course a service in backgroud (like clamd) should be up ad running
(/bin/avast)


I've modified sub analyze_virus :

  my ($queue, $filename, $pmg_cfg, $testmode) = @_;

    my $virus = undef ;
    my $enable_avast  = 1 ;
    my $enable_clamav = 1 ;

    # first analyze with avast
    if ( $enable_avast ) {
         syslog('info', "Starting Avast Scanning...");
         $virus = analyze_virus_avast($queue, $filename, $pmg_cfg) ;
    }

    if ( ! defined $virus && $enable_clamav ) {
        syslog('info', "Starting Clamav Scanning...");
        $virus = analyze_virus_clam($queue, $filename, $pmg_cfg) ;
    }

    return $virus ;

DESC: I've privileged the use of avast vs clamd , so if avast does not find
nothing (so $virus is undef) i'm calling the second scan.

Now the sub analyze_virus_avast:

 my ($queue, $dname, $pmg_cfg) = @_;

    my $timeout = 60*5;
    my $vinfo;

    my $clamdscan_opts = "";

    my ($csec, $usec) = gettimeofday();

    my $previous_alarm;

    eval {

        $previous_alarm = alarm($timeout);

     $SIG{ALRM} = sub {
            die "$queue->{logid}: Maximum time ($timeout sec) exceeded. " .
                "virus analyze (avast) failed: ERROR";
        };

        open(CMD, "/bin/scan '$dname'|") ||
            die "$queue->{logid}: can't exec avast: $! : ERROR";

        my $ifiles;

        my $response = '';
        #syslog('info', "file is" . $dname);
        #sleep(300);
        while ( defined(my $line = <CMD>) ) {
            if ($line =~ m/^$dname\s+(.*)\s+$/) {
                # output is: /tmp/pippo.txt EICAR Test-NOT virus!!!
#syslog('info', "grepped virus line is" . $1);
                # we just use the first detected virus name
                $vinfo = $1 if !$vinfo;
$ifiles = 1 ;
            }

            $response .= $line;
        }

close(CMD);

        alarm(0); # avoid race conditions

$ifiles = 0 if ( !$vinfo ) ;

        if (!defined($ifiles)) {
            die "$queue->{logid}: got undefined output from " .
                "virus detector: $response : ERROR";
        }

        if ($vinfo) {
            syslog('info', "$queue->{logid}: virus detected: $vinfo
(avast)");
        }
    };
    my $err = $@;

  alarm($previous_alarm);

    my ($csec_end, $usec_end) = gettimeofday();
    $queue->{ptime_clam} =
        int (($csec_end-$csec)*1000 + ($usec_end - $usec)/1000);

    if ($err) {
        syslog ('err', $err);
        $vinfo = undef;
        $queue->{errors} = 1;
    }

    $queue->{vinfo_clam} = $vinfo;

    return $vinfo ? "$vinfo (avast)" : undef;
}

DESC: as you can see is mostly equal to clamav one, i've just modified the
regexp.
1 question: is the sub expected to be called on every single part/file of
the undecoded mail ?
2 question: would I expect from the while ONLY one line of output (this is
just a natural follow up of question1)

Thx













On Tue, Feb 20, 2018 at 6:22 PM, Dietmar Maurer <dietmar at proxmox.com> wrote:

> > I'm just add support for avast (daemonized).
> > I've modified the analyze_clamav code to use avast (cmd line scan).
> >
> > Is in your interest to post my code here for a quick review ?
>
> yes :-)
>
> _______________________________________________
> pmg-devel mailing list
> pmg-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel
>



-- 
Got problems with Windows? - ReBooT
Got problems with Linux? - Be RooT
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pve.proxmox.com/pipermail/pmg-devel/attachments/20180220/5698edf0/attachment-0001.html>

More information about the pmg-devel mailing list