J
Joseph
Hello I wrote a little script that scans packets for virus, so far it
has detected a few virus in my network. i would like to rewrite it to
append packets that belong to the same connection but so far it has
detected a few virus. here is the code i am sure it would be more
usefull if i write it so it blocks trafic with iptables but maybe
someone else would like to play with it, here is the code
#!/usr/local/bin/perl5.6.1
use CGI;
use Socket;
use Time::gmtime;
my $traffic="traffic";
use strict;
use Mail::ClamAV;
my $tcpdump = "";
my $cou = 0;
my $firstchar ="";
my $destring;
my $buffer="";
my $status;
my $c = new Mail::ClamAV("/usr/local/share/clamav")
or die "Failed to load db: $Mail::ClamAV::Error";
$c->buildtrie;
open(NET, "ngrep |") || die "can't fun netstat: $!";
while (<NET>) {
$tcpdump = $_;
$firstchar = substr($tcpdump,0,1);
if ( $firstchar eq "T"){
$destring = $tcpdump;
#print "$tcpdump here \n" ;
#print "$firstchar here \n" ;
}else {
if ( $firstchar eq "#"){
$status = $c->scanbuff($buffer);
if ($status->virus) {
print "virus -> $destring";
}
$buffer = "";
}else {
$tcpdump = substr($tcpdump,2,length($tcpdump)-3);
$buffer = $buffer.$tcpdump;
}
}
}
close(NET) || die "can't close netstat: $!";
has detected a few virus in my network. i would like to rewrite it to
append packets that belong to the same connection but so far it has
detected a few virus. here is the code i am sure it would be more
usefull if i write it so it blocks trafic with iptables but maybe
someone else would like to play with it, here is the code
#!/usr/local/bin/perl5.6.1
use CGI;
use Socket;
use Time::gmtime;
my $traffic="traffic";
use strict;
use Mail::ClamAV;
my $tcpdump = "";
my $cou = 0;
my $firstchar ="";
my $destring;
my $buffer="";
my $status;
my $c = new Mail::ClamAV("/usr/local/share/clamav")
or die "Failed to load db: $Mail::ClamAV::Error";
$c->buildtrie;
open(NET, "ngrep |") || die "can't fun netstat: $!";
while (<NET>) {
$tcpdump = $_;
$firstchar = substr($tcpdump,0,1);
if ( $firstchar eq "T"){
$destring = $tcpdump;
#print "$tcpdump here \n" ;
#print "$firstchar here \n" ;
}else {
if ( $firstchar eq "#"){
$status = $c->scanbuff($buffer);
if ($status->virus) {
print "virus -> $destring";
}
$buffer = "";
}else {
$tcpdump = substr($tcpdump,2,length($tcpdump)-3);
$buffer = $buffer.$tcpdump;
}
}
}
close(NET) || die "can't close netstat: $!";