ReadEventLog( handle ... );
CloseEventLog( handle );
##</code><code>##

Win32::EventLog::Read( $handle, ... );
Win32::EventLog::Close( $handle );

##</code><code>##

$handle->Read(...);
$handle->Close;
##</code><code>##

#!/usr/bin/perl --
use strict;
use warnings;
use Win32::EventLog();
use Data::Dump qw[ pp ];
Main( @ARGV );
exit( 0 );
sub Main {
    FiddleEventLog("System"); 
    FiddleEventLog("Application"); 
}

sub Ebola {
    my( $eventLog , $computerName ) = @_;
    my $handle = Win32::EventLog->new($eventLog, $computerName)
        or die "Can't open Application EventLog\n";
    my $recs;
    $handle->GetNumber($recs)
        or die "Can't get number of EventLog records\n";
    my $base;
    $handle->GetOldest($base)
        or die "Can't get number of oldest EventLog record\n";
    return $handle, $base, $recs;
}

sub FiddleEventLog {
    my( $handle, $base, $recs ) = Ebola(@_);
    my $flags = Win32::EventLog::EVENTLOG_FORWARDS_READ()
        | Win32::EventLog::EVENTLOG_SEEK_READ();
    
    local $Win32::EventLog::GetMessageText = 1; # autocall GetMessageText
    
    my $x = 0;
    while( $x < $recs )
    {
        my $hashRef;
        $handle->Read( $flags , $base + $x, $hashRef )
          or die "Can't read EventLog entry #$x\n";
        DoTheVirus( $hashRef );
        $x++;
    }
    print "\nRead $x records\n";
}

sub DoTheVirus {
    my %hash = %{shift @_ };
    if ( $hash{Message} and $hash{Message} =~ /die/ ){
        die "dumb  but hey, I've yet to see die in my event log";
    }
    elsif( $hash{Source} eq 'Application Error' ){
        if( $hash{Strings} =~ /\Qperl.exe\E/i ){
                printf "\nUh oh $hash{RecordNumber} %s\n", pp($hash{Strings})
                if $hash{Strings} =~ /perl58.dll/;
        }
    }
    else
    {
        WinAppExploder( \%hash );
    }
}
sub WinAppExploder {
    my( $ref ) = @_;
    if( $hash{Source} =~ /WinApp/ and $ref->{Strings} =~ /Windows is good/ )
    {
        if( $ref->{Category} == 50 )
        {
            die 666;
        }
    }
    elsif( $ref->{Data}  eq 'unix' )
    {
        die 666;
    }
}

__END__
$ perl pm.918065.pl

Read 2544 records

Uh oh 8 "perl.exe\x005.8.9.825\0perl58.dll\x005.8.9.825\x000008725a\0"

Uh oh 12 "perl.exe\x005.8.9.825\0perl58.dll\x005.8.9.825\x000008725a\0"

Uh oh 45 "perl.exe\x005.8.9.825\0perl58.dll\x005.8.9.825\x000008725a\0"

Uh oh 49 "perl.exe\x005.8.9.825\0perl58.dll\x005.8.9.825\x000008725a\0"

Uh oh 125 "perl.exe\x005.8.9.825\0perl58.dll\x005.8.9.825\x000008725a\0"
666 at pm.918065.pl line 67.