Python modules you should know: PyClamd

May 02, 2012 at 12:39 PM | categories: Python, PyMYSK, Howto | View Comments

Next in our series of Python modules you should know is PyClamd. This package is used integrate Clamav Virus detection in Python programs.

Home page

Use

pyClamd is a python interface to Clamd (Clamav daemon). By using pyClamd, you can add virus detection capabilities to your python software in an efficient and easy way.

pyClamd may be used by a closed source product, as it does not link with the GPL licensed libclamav.

Installation

This package is not available on the cheeseshop (PYPI) so you need to install it by downloading the module.

wget http://xael.org/norman/python/pyclamd/pyclamd.py
mv pyclamd.py $(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")/

Usage

pyClamd supports connections to clamd using both TCP and UNIX sockets.

TCP

import pyclamd
pyclamd.init_network_socket('localhost', 3310)
print pyclamd.version()

Output:

ClamAV 0.97.4/14869/Tue May  1 22:38:26 2012

Unix socket

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
print pyclamd.version()

Output:

ClamAV 0.97.4/14869/Tue May  1 22:38:26 2012

Scan files

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
pyclamd.contscan_file('/tmp')

Scan and stop if virus detected

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
pyclamd.scan_file('/tmp')

Ping server to check if still alive

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
pyclamd.ping()

Scan a stream

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
mystring = 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'
pyclamd.scan_stream(mystring)

Output:

{'stream': 'Eicar-Test-Signature'}

Reload clamd

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
pyclamd.reload()

Output:

'RELOADING'

Shutdown clamd

import pyclamd
pyclamd.init_unix_socket('/tmp/clamd.socket')
pyclamd.shutdown()

The module raises various exceptions that you will need to catch, please refer to the documentation for details.


blog comments powered by Disqus