mvmf: clamdif man page
mvmf: clamdif man page
CLAMDIF(1) General Commands Manual CLAMDIF(1)
NAME
clamdif - cusp or command-line interface to clamd
SYNOPSIS
clamdif [-h hostname] [-p port] [-v] [-x]
DESCRIPTION
clamdif sends its stdin to a clamd daemon process via TCP/IP and reports
the result.
clamdif is primarily intended to be a commonly used service program
(cusp) used by an MFL application such as mvmda or mvmtr. It is also
suitable as a command-line tool.
Options which may be given are as follows:
-h hostname
The host (or IP address) on which the clamd server is running.
If not given, the IP address 127.0.0.1 is used.
-p port
The TCP port on which the clamd server is running. If not given,
a default port (probably 3310) is used.
-v Report version only, and exit.
-x Increment debugging level. Mainly so you can see the response
from clamd, but may have other effects.
OPERATION
clamdif sends its stdin to a clamd server and reports the result on std-
out. This result will either be the name (according to clamav) of the
first bad content found, or it will be nothing (empty output). clamdif
may also produce error output of its own on stderr. The status code
from clamdif will be 0 on success (with or without anything found), 1 if
there was a problem (such as an I/O error), 2 if there was a timeout
getting the result from the clamd daemon, or 101 if there was some other
problem.
MFL OPERATION
clamdif is primarily intended to be used as a "cusp" from an MFL script.
For example, you might define an MFL function like this:
/* Function to use the 'clamdif' cusp to check message with clamav.
Returns -1 if error, status code from clamdif otherwise.
Also sets scratch string pointer sP to the clamav/clamdif output.
Note you could also use a "unified" function such as
$cuspu_message() for more compact code albiet with less control.
*/
$CUSP$ *cP;
string *sP;
int i;
int clamcheck() {
if ( ( cP = $cusp_open( "clamdif" ) ) == NULL )
return -1;
$cusp_write_message( cP );
$cusp_write_end( cP );
sP = $cusp_read_line( cP );
i = $cusp_close( cP );
return ( i );
};
which can later be used, e.g.:
/* Check clamd and add a header with the exit code */
i = clamcheck();
sieve { addheader "X-CLAMAV-Exitcode" [(string)i]; }
/* If there was a result, add another header and file it away. */
if ( (i == 0 ) && ( sP != NULL ) && ( *sP != "" ) ) {
sieve {
addheader "X-CLAMAV" [*sP];
fileinto "Spam/clam";
stop;
}
}
The exit code may be more easily accessible if $cuspu_message() is used
(per comment above).
This assumes that somewhere (in system-level initialization or else-
where) clamdif has been defined and enabled for use as a cusp, e.g.:
$cusp_define( "clamdif", "/usr/local/share/mvmf/cusp/clamdif" );
COMMAND LINE OPERATION
clamdif can also be used from the command line by feeding it a message
on its stdin. Say you have some candidate mail messages in files in
subdirectory V:
% ls -l V
total 808
-rw------- 1 mem staff 5944 Feb 27 18:47 p1.msg
-rw------- 1 mem staff 796503 Mar 14 15:05 p2.msg
-rw------- 1 mem staff 751 Mar 14 15:05 p3.msg
% find V -type f -exec sh -c 'echo {} `clamdif < {} `' \;
V/p1.msg HTML.Phishing.Pay-38
V/p2.msg
V/p3.msg
SEE ALSO
clamav -- The clamav anti-virus software
mvmf and MFL, at http://www.mvmf.org/
CREDITS TO
M. Mallett (mem@mvmf.org) 2006,2007
BUGS
The clamd daemon can be finicky about and respond badly to (including
locking up) some kinds of bad input. clamdif could probably be smarter
about preventing this.
CLAMDIF(1)