CGI Antivirus Scanner

TedYoung has asked for the wisdom of the Perl Monks concerning the following question:

Good monks,

I have a custom-built content management system (in Perl of course ;-> ), through which users can upload files to share with others. Most of these files are Word and PDF files. maybe some Excel. I would like to virus scan them as they are uploaded. So, I am looking for suggestions on a good virus scanner (especially one that can catch MS macro viriiii) that runs on Linux with a reasonable database update frequency and has a good Perl API. Note that this CMM is CGI, so a scanner with a resident daemon is probably a good idea. Also, we are not against using commercial products.

I found the open-source project Clam AV http://www.clamav.net/. It looks promising, and the Perl module File::Scan::ClamAV seems sufficient. Looks good. They have some references regarding their update speed. It can be run in daemon mode. Anyone have any experience with it?

Ted Young

($$<<$$=>$$<=>$$<=$$>>$$) always returns 1. :-)

Comment on CGI Antivirus Scanner Download Code

Replies are listed 'Best First'.
Re: CGI Antivirus Scanner by tirwhan (Abbot) on Jan 13, 2006 at 19:14 UTC
I've not used File::Scan::ClamAV, but I do use ClamAV for all email virus scanning. The last place I worked replaced Sophos with ClamAV for this purpose, after finding that signature updates for new viruses on ClamAV were usually as fast (and sometimes significantly faster) than Sophos. The biggest annoyance with ClamAV is that the scanning engine is frequently updated and the latest signatures will not always work with older engines, so you have to keep both the scanner and the signatures up-to-date. That being said, the signatures can be refreshed automatically (take a look at the freshclam daemon) so you really just have to worry about updating the software, and given that this is rather an exposed service you want to keep that as current as you can anyway. So this could be construed as a feature :-) You may also want to look at using a Squid reverse proxy setup with SquidClamAV There are ten types of people: those that understand binary and those that don't.	[reply] [d/l]
Re: CGI Antivirus Scanner by glasswalk3r (Friar) on Jan 13, 2006 at 19:29 UTC
Maybe you want to take a look at the Viralator project: http://viralator.sourceforge.net . Although it works using a redirector (and should not be suitable for your needs) it does works with Clamav, but uses a different approach to it (it uses the IPC:Open3 module and the clamscan or clamdscan Clamav clients). For better performance I suggest you to use the clamdscan client. Alceu Rodrigues de Freitas Junior --------------------------------- "You have enemies? Good. That means you've stood up for something, sometime in your life." - Sir Winston Churchill	[reply]