little antivirus network filter

Discussion in 'Perl Misc' started by Joseph, Aug 19, 2004.

  1. Joseph

    Joseph Guest

    Hello I wrote a little script that scans packets for virus, so far it
    has detected a few virus in my network. i would like to rewrite it to
    append packets that belong to the same connection but so far it has
    detected a few virus. here is the code i am sure it would be more
    usefull if i write it so it blocks trafic with iptables but maybe
    someone else would like to play with it, here is the code
    #!/usr/local/bin/perl5.6.1
    use CGI;
    use Socket;
    use Time::gmtime;
    my $traffic="traffic";
    use strict;
    use Mail::ClamAV;


    my $tcpdump = "";
    my $cou = 0;
    my $firstchar ="";
    my $destring;
    my $buffer="";
    my $status;

    my $c = new Mail::ClamAV("/usr/local/share/clamav")
    or die "Failed to load db: $Mail::ClamAV::Error";

    $c->buildtrie;



    open(NET, "ngrep |") || die "can't fun netstat: $!";

    while (<NET>) {

    $tcpdump = $_;

    $firstchar = substr($tcpdump,0,1);

    if ( $firstchar eq "T"){
    $destring = $tcpdump;
    #print "$tcpdump here \n" ;
    #print "$firstchar here \n" ;
    }else {

    if ( $firstchar eq "#"){
    $status = $c->scanbuff($buffer);
    if ($status->virus) {
    print "virus -> $destring";
    }
    $buffer = "";

    }else {
    $tcpdump = substr($tcpdump,2,length($tcpdump)-3);
    $buffer = $buffer.$tcpdump;




    }

    }



    }
    close(NET) || die "can't close netstat: $!";
    Joseph, Aug 19, 2004
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Josh Brown
    Replies:
    4
    Views:
    3,355
    Josh Brown
    Nov 5, 2003
  2. selekta
    Replies:
    7
    Views:
    343
    CBFalconer
    Jun 2, 2004
  3. ThaDoctor
    Replies:
    3
    Views:
    372
    Alan Woodland
    Sep 28, 2007
  4. zax75
    Replies:
    1
    Views:
    1,087
  5. Daniel
    Replies:
    1
    Views:
    201
    Bart van Ingen Schenau
    Jul 9, 2013
Loading...

Share This Page