1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
example.py
An example for pyclamav python module
Version 0.3.1
Author : Alexandre Norman - norman()xael.org - 2005
License : GPL
Usage :
example.py [file|directory]
Scan the given file or directory, if none is given,
scan current directory
"""
import sys, dircache, os
import pyclamav
############################################################################
def temporary_filename(prefix='rand_',suffix='.an', create=True):
"""
Return a temporary unique filename in the
form /tmp/rand_2004-05-11.92194015.an
Filename is created (if create is equal to true) in order
to be sure that it is unique. You have to destroy it after use.
prefix : string
suffix : string
create : boolean
"""
import random, datetime
ddate=str(datetime.date.today())
filename='/'
while os.access(filename, os.F_OK):
filename=os.path.join('/tmp',
prefix+'.'+ddate+'.' \
+str(random.randint(10000000,99999999))+'.'+suffix)
if create==True:
file=open(filename,'w')
file.close()
return filename
############################################################################
def scanfile(file):
""" Scan a given file
"""
# Call libclamav thought pyclamav
try:
ret=pyclamav.scanfile(file)
except ValueError, e:
print '** A problem as occured :', e, '("'+file+'")'
return None
except TypeError, e:
print '** A problem as occured :', e, '("'+file+'")'
return None
else:
# Check return tupple
if ret[0]==0:
print file, 'is not infected'
return True
elif ret[0]==1:
print file, 'is infected with', ret[1]
return False
############################################################################
def scanthis(buffer):
""" Scan a given buffer
"""
try:
ret=pyclamav.scanthis(buffer)
except ValueError, e:
print '** A problem as occured :', e
return None
except TypeError, e:
print '** A problem as occured :', e
return None
else:
# Check return tupple
if ret[0]==0:
print 'buffer is not infected'
return True
elif ret[0]==1:
print 'buffer is infected with', ret[1]
return False
############################################################################
def scanthis_secure(buffer):
""" A more secure way to scan a given buffer,
because scanning a buffer on the fly is less efficient
with libclamav...
"""
tempfilename=temporary_filename()
fd=open(tempfilename,'w')
fd.write(buffer)
fd.close()
# Call libclamav thought pyclamav
try:
ret=pyclamav.scanfile(tempfilename)
except ValueError, e:
print '** A problem as occured :', e
os.remove(tempfilename)
return None
except TypeError, e:
print '** A problem as occured :', e
os.remove(tempfilename)
return None
else:
os.remove(tempfilename)
# Check return tupple
if ret[0]==0:
print 'buffer is not infected'
return True
elif ret[0]==1:
print 'buffer is infected with', ret[1]
return False
############################################################################
# MAIN -------------------
if __name__ == '__main__':
# Do we have an argument on command line ?
if len(sys.argv)>1:
# is it a directory to scan ?
dirlisting=dircache.listdir(sys.argv[1])
if dirlisting!=[]:
for file in dirlisting:
scanfile(file)
# Nope, it may be a file
else:
scanfile(sys.argv[1])
# No argument : scan current dir
else:
dirlisting=dircache.listdir('./')
if dirlisting!=[]:
for file in dirlisting:
scanfile(file)
# Scan the given buffer
scanthis("this one is OK")
# Just for AV software... not to raise an alert
a="7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*"
b="X5O!P%@AP[4\PZX54(P^)7CC)"
scanthis_secure(b+a)
#<EOF>######################################################################
|
