mvmf: clamdif man page
mvmf: clamdif man page
CLAMDIF(1) CLAMDIF(1)
NAME
clamdif - cusp or command-line interface to clamd
SYNOPSIS
clamdif [-h hostname] [-p port] [-v]
DESCRIPTION
clamdif sends its stdin to a clamd daemon process via
TCP/IP and reports the result.
clamdif is primarily intended to be a commonly used ser-
vice program (cusp) used by an MFL application such as
mvmda or mvmtr. It is also suitable as a command-line
tool.
Options which may be given are as follows:
-h hostname
The host (or IP address) on which the clamd server
is running. If not given, the IP address 127.0.0.1
is used.
-p port
The TCP port on which the clamd server is running.
If not given, a default port (probably 3310) is
used.
-v Report version only, and exit.
OPERATION
clamdif sends its stdin to a clamd server and reports the
result on stdout. This result will either be the name
(according to clamav) of the first bad content found, or
it will be nothing (empty output). clamdif may also pro-
duce error output of its own on stderr. The status code
from clamdif will be 0 on success (with or without any-
thing found), 1 if there was a problem (such as an I/O
error), 2 if there was a timeout getting the result from
the clamd daemon, or 101 if there was some other problem.
MFL OPERATION
clamdif is primarily intended to be used as a "cusp" from
an MFL script. For example, you might define an MFL func-
tion like this:
/* Function to use the 'clamdif' cusp to check message with clamav.
Returns -1 if error, status code from clamdif otherwise.
Also sets scratch string pointer sP to the clamav/clamdif output.
Note you could also use a "unified" function such as
$cuspu_message() for more compact code albiet with less control.
*/
$CUSP$ *cP;
string *sP;
int i;
int clamcheck() {
if ( ( cP = $cusp_open( "clamdif" ) ) == NULL )
return -1;
$cusp_write_message( cP );
$cusp_write_end( cP );
sP = $cusp_read_line( cP );
i = $cusp_close( cP );
return ( i );
};
which can later be used, e.g.:
/* Check clamd and add a header with the exit code */
i = clamcheck();
sieve { addheader "X-CLAMAV-Exitcode" [(string)i]; }
/* If there was a result, add another header and file it away. */
if ( ( sP != NULL ) && ( *sP != "" ) ) {
sieve {
addheader "X-CLAMAV" [*sP];
fileinto "Spam/clam";
stop;
}
}
This assumes that somewhere (in system-level initializa-
tion or elsewhere) clamdif has been defined and enabled
for use as a cusp, e.g.:
$cusp_define( "clamdif", "/usr/local/lib/mvmf/cusp/clamdif" );
COMMAND LINE OPERATION
clamdif can also be used from the command line by feeding
it a message on its stdin. Say you have some candidate
mail messages in files in subdirectory V:
% ls -l V
total 808
-rw------- 1 mem staff 5944 Feb 27 18:47 p1.msg
-rw------- 1 mem staff 796503 Mar 14 15:05 p2.msg
-rw------- 1 mem staff 751 Mar 14 15:05 p3.msg
% find V -type f -exec sh -c 'echo {} `clamdif < {} `' \;
V/p1.msg HTML.Phishing.Pay-38
V/p2.msg
V/p3.msg
SEE ALSO
clamav -- The clamav anti-virus software
mvmf and MFL, at http://www.mvmf.org/
CREDITS TO
M. Mallett (mem@mv.mv.com) 2006,2007
BUGS
The clamd daemon can be finicky about and respond badly to
(including locking up) some kinds of bad input. clamdif
could probably be smarter about preventing this.