There is actually a module which is currently under development to perform virus scanning, that being File::Scan - I last had a look at this module about a month ago when I first saw it on CPAN. At that stage, it was still quite embryonic in terms of the number of computer virii recognised and the lack of any 'clean-up' ability for identified infected files. As a positive however, this module can also identify files as "suspicious", requiring further examination.
However, when I last looked at this module, while it included a virus 'definition' file, at appeared that all virus identification was hard-coded into the module code - The migration of this identification code to make use of the definition would however appear to an intended direction for the development of this module.
Also too, depending upon your requirements, there are a number of Perl applications which integrate with mail transport agents and third-party anti-virus tools for the scanning of incoming mail - Examples of such applications include the Anomy mail sanitizer and AMaViS.
| [reply] |
A virus checker is much much more than a simple file scanner looking for signature code. That sort of scanning has closing the gate after horse has bolted logic. Boot sector, memory resident, email attachments are just some of the things you are going to miss. Virus scanners are invasive and onmipresent. They examine most system calls and disk read/writes to do their job properly - that is why things like NAV consume about 50% of system resources (try running perl code with and without NAV running if you don't believe me). Tripwire works along the lines you are thinking of.
When speed is a real issue C or ASM piss all over Perl or any other high level language. Compare Norton Scandisk to M$ Scandisk for speed to get some idea of how fast tight code can be (or how slow crap code can be)
cheers
tachyon
s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print
| [reply] |
Thanks for the replies, fellow monks!
I think I underestimated in my original message the work a virus checker does. I'd still be very interested in the development of File::Scan, though, and I'm off to look at how this module work.
It would be really neat to hook up File::Scan to an SQL database of virus identities instead of hardcoding them into the code. Maybe make the database public and centralized to keep everyone's copy up to date without having to download updates, patches or additional software.
Hm.. If only I had the time :-)
- wil
| [reply] |
There are some applications where perl rocks, and other applications where I don't think it will do so well.
Unfortunately, workstation virus checking may just land in the 2nd category.
A virus checker has to blast through a LOT of data, very quickly, and apply complex checks to it.
Obviously, perl does "a LOT of data" and "complex checks" very well, and would probably be a great language for expressing detection rules in, but the speed would be a major issue.
Doing checks on an email stream might be more to perl's liking, though. Less data, and perl tools already exist to handle the stream...
--
Mike | [reply] |