FProt::Client - Client interface to the fpscand(1) virus scanning daemon
use FProt::Client; # Spawn an object configured to use the default 127.0.0.1:10200 host/port my $fpc = FProt::Client->new; # A host and/or port can optionally be supplied to override the default my $fpc = FProt::Client->new( host => '10.0.0.1', # Scanning box port => 10200, # Default port ); # Check if we could connect to the daemon warn "Connected" if $fpc->ping; # Scan a single file my ($status, $msg) = $fpc->scan_file('/etc/crontab'); if ($status & 0x03) { print "/etc/crontab is clean\n"; } # Scan with options (see SCANNING OPTIONS in fpscand(8)) my %opt = (scanlevel => 3, archive => 99); my ($status, $msg) = $fpc->scan_file(\%opt, '/etc/crontab'); if ($status & 0x03) { print "/etc/crontab is clean\n"; } my ($status, $msg, $file, $archive_item) = $fpc->scan_file('/etc/crontab'); # Scan a stream (also accepts an optional hashref as the first argument) use File::stat; my $file = 'README'; open $fh, '<', $file or die $!; my ($status, $msg, $file, $archive_item) = $fpc->scan_stream($file, $fh, stat($file_txt)->size); # Close the connection with the daemon, called automatically by # DESTROY $fpc->quit;
Provides an interface to the fpscand(1) virus scanning daemon. The daemon is capable of scanning both files on its local machine and files that are sent to it over the socket (currently limited by the daemon to 10MB).
Constructor, only configures the object with the host and port it should connect and does not initiate a connection (see "ping" for testing the connection). A connection is lazily initiated when one of the methods that require it below are called.
Optional arguments:
The host or IP address to connect to, defaults to 127.0.0.1 which is the interface fpscand binds to by default.
The TCP port to connect to, defaults to 10200 which is the default fpscpand port.
Checks if a connection can be established with the daemon.
Scan a given absolute path to a file. A hashref of scanning option key-values can be optionally given as the first argument to pass options to fpscand (see SCANNING OPTIONS in fpscand(8)).
A list of values is returned:
An integer indicating the clean status of the file, see return codes for an explanation of the return values.
A human-readable message indicating the status of the file.
The file name as fpscand returns it, this will be the full path to the file.
When scanning archives (.zip, .tar etc.) this will be the name of a suspicious file in the archive. There is no fourth field for normal files.
Like "scan_file" but scans a stream. Takes three additional arguments instead of a filename, example:
use File::stat; open $fh, '<', $file or die $!; my @ret = $fpc->scan_stream($file, $fh, stat($file)->size);
TODO: implement
Return various information that's given by the HELP command. Returns a key-value list with the following keys and their values after being lower-cased:
The version of fpscand.
The version of the F-Prot engine fpscand is using.
The protocol this libary is speaking to fpscand.
The ID of the antivirus signature loaded into fpscand. This is in the format:
YYYYMMDDHHMM[MD5]
Where MD5 is a 32-bit MD5 sum of the signature file (the square brackets are not present in the string).
The uptime of the fpscand.
Inform the daemon that we are going away and close the connection to it, this will be automatically called (via DESTROY) when the object goes out of scope.
DESTROY
These methods should not be used by normal users of this class but they might be overridden if the module was sub-classed,
Send a command on the current socket and return a chomp-ed response.
chomp
Get a IO::Socket::INET TCP socket to host/port given to "new". Takes care of opening one if there isn't one already or if the previous socket has been closed for some reason.
These are the return codes the scanning fuctions return, the code is a bitfield.
At least one virus-infected object was found (and remains)
At least one suspicious (heuristic match) object was found (and remains)
Both 1 and 2.
Testing for infections could thus be done with <$exitcode & 0x03>.
<$exitcode & 0x03
These may be combined with infection codes.
Interrupted by user. (SIGINT, SIGBREAK)
Scan restriction caused scan to skip files (maxdepth directories, maxdepth archives, exclusion list, etc)
Platform error (out of memory, real I/O errors, insufficient file permission etc.)
Internal engine error (whatever the engine fails at).
Initilization error, i.e. every failure that occurs before any scanning starts.
Crashed (handle_gpf).
Clean as far as we know, although at least one object was not scanned (encrypted file, unsupported/unknown compression method, corrupted or invalid file).
At least one object was disinfected (clean now).
same as 64 + 128, i.e. something skipped, something disinfected. Overall: Clean
Ævar Arnfjörð Bjarmason <avar@f-prot.com>
Copyright 2007-2008 Ævar Arnfjörð Bjarmason.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
6 POD Errors
The following errors were encountered while parsing the POD:
Expected text after =item, not a number
You forgot a '=back' before '=head1'
To install FProt::Client, copy and paste the appropriate command in to your terminal.
cpanm
cpanm FProt::Client
CPAN shell
perl -MCPAN -e shell install FProt::Client
For more information on module installation, please visit the detailed CPAN module installation guide.