Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Perl Misc (http://www.velocityreviews.com/forums/f67-perl-misc.html)
-   -   little antivirus network filter (http://www.velocityreviews.com/forums/t887694-little-antivirus-network-filter.html)

Joseph 08-19-2004 02:50 PM

little antivirus network filter
 
Hello I wrote a little script that scans packets for virus, so far it
has detected a few virus in my network. i would like to rewrite it to
append packets that belong to the same connection but so far it has
detected a few virus. here is the code i am sure it would be more
usefull if i write it so it blocks trafic with iptables but maybe
someone else would like to play with it, here is the code
#!/usr/local/bin/perl5.6.1
use CGI;
use Socket;
use Time::gmtime;
my $traffic="traffic";
use strict;
use Mail::ClamAV;


my $tcpdump = "";
my $cou = 0;
my $firstchar ="";
my $destring;
my $buffer="";
my $status;

my $c = new Mail::ClamAV("/usr/local/share/clamav")
or die "Failed to load db: $Mail::ClamAV::Error";

$c->buildtrie;



open(NET, "ngrep |") || die "can't fun netstat: $!";

while (<NET>) {

$tcpdump = $_;

$firstchar = substr($tcpdump,0,1);

if ( $firstchar eq "T"){
$destring = $tcpdump;
#print "$tcpdump here \n" ;
#print "$firstchar here \n" ;
}else {

if ( $firstchar eq "#"){
$status = $c->scanbuff($buffer);
if ($status->virus) {
print "virus -> $destring";
}
$buffer = "";

}else {
$tcpdump = substr($tcpdump,2,length($tcpdump)-3);
$buffer = $buffer.$tcpdump;




}

}



}
close(NET) || die "can't close netstat: $!";


All times are GMT. The time now is 12:36 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.