File::Scan isn't the best means of looking for virii but I thought it would be interesting.
And it was mentioned earlier in how to use file::scan.
#!/usr/bin/perl
use strict;
use warnings;
use File::Find;
use File::Scan;
my $scandir = "c:\\"; # couldn't get it to work with 'c:/'
my $results = "c:\\virusscan.txt";
open(VS, ">", $results);
my $filescan = File::Scan->new(extension => 'bad', move => 'infected')
+;
find({ wanted => \&doscan, follow_skip => 2 }, $scandir);
sub doscan {
return if /^[.]+/;
my $file = $File::Find::name;
$file =~ s#\\##;
print "$file\n";
return if (-d $file);
$filescan->scan($file);
if (my $e = $filescan->error()) { print "$file $e\n"; }
if (my $c = $filescan->skipped()) {
my @skip = (
"file not skipped",
"file is not vulnerable",
"file has zero size",
"the size of file is small",
"the text file size is greater that the 'max_txt_size' argument",
"the binary file size is greater that the 'max_bin_size' argument"
+,
);
print VS "$file $skip[$c]\n" if ($c); # only print if the file was
+ skipped
}
if ($filescan->suspicious) { print VS "$file suspicious file\n"; }
}
Update: Thanks to jdporter for pointing out using "c:\\" instead of "c:".
Added readmore tag, fixed some typos and formatting.
2nd Update: LTjake pointed out that I had an error in the return codes of File::Scan's skipped() method. I checked and found out that the HTML documentation built by the ActiveState distribution was saying one thing but the embedded pod was saying something else. I have updated the script to use the correct return codes for that method.
