tsu has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to find a way to perform a virus check on all files in a directory. I am on a Windows NT server. Since it is part of a perl process, I need to do this via command line. I've looked into file::scan, but am not sure how to use the module. When I run the following code, I get File::Scan-HASH(0x1a7f06c) for $fs->scan, but nothing for $e and $c. What am I doing wrong? Thanks. 
use File::Scan;

$fs = File::Scan->new(extension => 'bad', move => 'infected');
$fs->scan("e:\\filescan\\test.html");
print "$fs\n";

my $e = $fs->error; print "$e\n";
if(my $e = $fs->error) { print "$e\n"; }

if(my $c = $fs->skipped) { print "file skipped ($c)\n"; }
print "$c\n";


exit;

[download]

Replies are listed 'Best First'.
Re: how to use file::scan
by LTjake (Prior) on Nov 19, 2002 at 20:59 UTC
    It looks fine to me.

    $e will only return anything if there was some sort of error. $c means that the file was skipped, and since a 0 was returned, it wasn't skipped. what you'll want to add is: 
    if($fs->suspicious) {
      # do something.
}

    [download]
    What i'm guessing is that the file you're scanning has no viruses, thus nothing will really "show up" (and the previous bit of code will be skipped as well). You'll only have to worry when $fs->suspicious returns true (meaning a virus was found).

    Update: Quick test:

    use File::Scan;

$fs = File::Scan->new(extension => 'bad', move => 'infected');
$fs->scan('a.pl'); #scan this file, it has no viruses =)

print 'er: ', $fs->error, "\n";
print 'sk: ', $fs->skipped, "\n";
print 'su: ', $fs->suspicious, "\n";

__output__
er:
sk: 0
su: 0

    [download]
    As you can see: no errors, it was scanned, and it wasn't suspicious. all is well.

    --
    Rock is dead. Long live paper and scissors!
[reply]
[d/l]
[select]
Re: how to use file::scan
by insensate (Hermit) on Nov 19, 2002 at 21:01 UTC
    $fs represents your object...It is not a scalar value. After you call scan on the object you can test it with ->error or ->skipped to make sure you didn't encounter any exceptions. You want to use the following method to test for a suspicious file... 
    if($fs->suspicious) { print "suspicious file\n"; }

    [download]
    If you see nothing, File::Scan has determined the file is fine.
[reply]
[d/l]
[select]
Re: how to use file::scan
by jkahn (Friar) on Nov 19, 2002 at 20:53 UTC
    It's not really clear what you expect. I haven't run it myself, but the documentation for File::Scan says that the skipped() method: 
      skipped()

    This method return a code number if the file was skipped and 0 if 
+not.
    The following skipped codes are available:

    0     file not skipped

    1     file is not vulnerable

    2     file has zero size

    3     the size of file is small

    4     the text file size is greater that the 'max_txt_size' argume
+nt

    5     the binary file size is greater that the 'max_bin_size' argu
+ment

    [download]

    So if there are no errors, and no skipped files, then you should get zero for all these. What are you getting instead?

    Seems to me that for useful testing you might actually want to put a single suspicious file on your disk! (But be careful! if you want to try this!)

[reply]
[d/l]
[select]
      I get nothing (" ") for $e, and 0 for $c. So I guess that and empty field for $e means that there is no virus, as the 0 for $c means it was not skipped. I just wasn't sure if an empty $e field means nothing was found.

      Yes, I thought about using a suspicious file for testing, but our sys admin nixed that idea right off!.

      Thanks.
[reply]

Back to Seekers of Perl Wisdom