mvmf: clamdif man page

mvmf: clamdif man page

CLAMDIF(1)                                             CLAMDIF(1)

       clamdif - cusp or command-line interface to clamd

       clamdif [-h hostname] [-p port] [-v]

       clamdif  sends  its  stdin  to  a clamd daemon process via
       TCP/IP and reports the result.

       clamdif is primarily intended to be a commonly  used  ser-
       vice  program  (cusp)  used  by an MFL application such as
       mvmda or mvmtr.  It is also  suitable  as  a  command-line

       Options which may be given are as follows:

       -h hostname
              The  host (or IP address) on which the clamd server
              is running.  If not given, the IP address
              is used.

       -p port
              The  TCP port on which the clamd server is running.
              If not given, a default  port  (probably  3310)  is

       -v     Report version only, and exit.

       clamdif  sends its stdin to a clamd server and reports the
       result on stdout.  This result will  either  be  the  name
       (according  to  clamav) of the first bad content found, or
       it will be nothing (empty output).  clamdif may also  pro-
       duce  error  output of its own on stderr.  The status code
       from clamdif will be 0 on success (with  or  without  any-
       thing  found),  1  if  there was a problem (such as an I/O
       error), 2 if there was a timeout getting the  result  from
       the  clamd daemon, or 101 if there was some other problem.

       clamdif is primarily intended to be used as a "cusp"  from
       an MFL script.  For example, you might define an MFL func-
       tion like this:

         /* Function to use the 'clamdif' cusp to check message with clamav.
            Returns -1 if error, status code from clamdif otherwise.
            Also sets scratch string pointer sP to the clamav/clamdif output.
            Note you could also use a "unified" function such as
            $cuspu_message() for more compact code albiet with less control.
         $CUSP$ *cP;
         string *sP;
         int i;
         int clamcheck() {
            if ( ( cP = $cusp_open( "clamdif" ) ) == NULL )
                return -1;
            $cusp_write_message( cP );
            $cusp_write_end( cP );
            sP = $cusp_read_line( cP );
            i = $cusp_close( cP );

            return ( i );

       which can later be used, e.g.:

         /* Check clamd and add a header with the exit code */
         i = clamcheck();
         sieve { addheader "X-CLAMAV-Exitcode" [(string)i]; }

         /* If there was a result, add another header and file it away. */
         if ( ( sP != NULL ) && ( *sP != "" ) ) {
             sieve {
                 addheader "X-CLAMAV" [*sP];
                 fileinto "Spam/clam";

       This assumes that somewhere (in  system-level  initializa-
       tion  or  elsewhere)  clamdif has been defined and enabled
       for use as a cusp, e.g.:

         $cusp_define( "clamdif", "/usr/local/lib/mvmf/cusp/clamdif" );

       clamdif can also be used from the command line by  feeding
       it  a  message  on its stdin.  Say you have some candidate
       mail messages in files in subdirectory V:

         % ls -l V
         total 808
         -rw-------  1 mem  staff    5944 Feb 27 18:47 p1.msg
         -rw-------  1 mem  staff  796503 Mar 14 15:05 p2.msg
         -rw-------  1 mem  staff     751 Mar 14 15:05 p3.msg

         % find V -type f -exec sh -c 'echo {} `clamdif < {} `' \;
         V/p1.msg HTML.Phishing.Pay-38

       clamav -- The clamav anti-virus software
       mvmf and MFL, at

       M. Mallett  (   2006,2007

       The clamd daemon can be finicky about and respond badly to
       (including  locking  up) some kinds of bad input.  clamdif
       could probably be smarter about preventing this.