#!/usr/local/bin/perl -w # # clamdwatch v0.02, Copyright (C) Mike Cathey # # ChangeLog # # v0.02 - 01/07/2004 - added the Eicar signature and the code to have # clamd scan the script itself # v0.01 - 01/07/2004 - initial hack # # Use this at your own risk! # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # EICAR Test "file" # X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* use IO::Socket::UNIX; use File::Spec::Functions qw(rel2abs); use File::Basename; # "CONFIG" section my $LocalSocket = "/var/run/clamd.ctl"; # get the script's full path/name # is there a cleaner way to do this? # my $scriptTemp = $0; $scriptTemp =~ s/\.\//\//; my $script = dirname(rel2abs($0)) . $scriptTemp; my $sock = new IO::Socket::UNIX(Type => SOCK_STREAM, Timeout => 10, Peer => $LocalSocket ); if (!$sock) { print "Clamd Not Running\n"; exit; } if ( $sock->connected ) { my $err = ""; # $sock->send("PING"); $sock->send("RAWSCAN $script"); $sock->recv($err, 200); if ( $err =~ /.*Eicar.*FOUND/i ) { print "Clamd Running\n"; } else { # clamd busy? # would the client just wait until a clamd thread was available? print "Something's wrong. Clamd didn't find the virus test pattern\n"; } } else { # you should never get here... print "Unknown State (Clamd Useless)\n"; }