little antivirus network filter

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Hello I wrote a little script that scans packets for virus, so far it
has detected a few virus in my network. i would like to rewrite it to
append packets that belong to the same connection but so far it has
detected a few virus. here is the code i am sure it would be more
usefull if i write it so it blocks trafic with iptables but maybe
someone else would like to play with it, here is the code
use CGI;
use Socket;
use Time::gmtime;
my $traffic="traffic";
use strict;
use Mail::ClamAV;

my $tcpdump = "";
my $cou = 0;
my $firstchar ="";
my $destring;
my $buffer="";
my $status;

my $c = new Mail::ClamAV("/usr/local/share/clamav")
            or die "Failed to load db: $Mail::ClamAV::Error";


 open(NET, "ngrep |")    || die "can't fun netstat: $!";

 while (<NET>) {

$tcpdump = $_;

$firstchar  = substr($tcpdump,0,1);

if ( $firstchar eq "T"){
$destring = $tcpdump;
#print "$tcpdump here \n" ;
#print "$firstchar here \n" ;
}else {

if ( $firstchar eq "#"){
$status = $c->scanbuff($buffer);
if ($status->virus) {
print "virus -> $destring";
$buffer = "";

}else {
$tcpdump = substr($tcpdump,2,length($tcpdump)-3);
$buffer = $buffer.$tcpdump;



 close(NET)                      || die "can't close netstat: $!";

Site Timeline