NAME
    Mail::ClamAV - Perl extension for the clamav virus scanner

SYNOPSIS
        use Mail::ClamAV qw/:all/;

        # $Mail::ClamAV::Error in numeric context return clamav's
        # error status code which corresponds to the constants which
        # can be exported
        my $c = new Mail::ClamAV("/path/to/directory/or/file")
            or die "Failed to load db: $Mail::ClamAV::Error (", 0+$Mail::;

        # You can get retdbdir() to get the database dir in
        # clamav's conf
        my $c = new Mail::ClamAV(retdbdir())
            or die "Failed to load db: $Mail::ClamAV::Error";

        # When database is loaded, you must create the proper trie with:
        $c->buildtrie;

        # check to see if we need to reload
        if ($c->statchkdir) {
            $c = new Mail::ClamAV(retdbdir());
            $c->buildtrie;
        }

        # Set some limits (only applies to scan())
        # Only relevant for archives
        $c->maxreclevel(4);
        $c->maxfiles(20);
        $c->maxfilesize(1024 * 1024 * 20); # 20 megs
        $c->archivememlim(0); # limit memory usage for bzip2 (0/1)
        $c->maxratio(0);

        # Scan a filehandle (scandesc in clamav)
        # scan(FileHandle or path, Bitfield of options)
        my $status = $c->scan(FH, CL_SCAN_ARCHIVE|CL_SCAN_MAIL);

        # Scan a file (scanfile in clamav)
        my $status = $c->scan("/path/to/file.eml", CL_SCAN_MAIL);

        # $status is an overloaded object
        die "Failed to scan: $status" unless $status;
        if ($status->virus) {
            print "Message is a virus: $status\n";
        }
        else {
            print "No virus found!\n";
        }

DESCRIPTION
    Clam AntiVirus is an anti-virus toolkit for UNIX
    <http://www.clamav.com/>. This module provide a simple interface to its
    C API.

  EXPORT
    None by default.

  Exportable constants
    Options for scanning.

    CL_SCAN_STDOPT
     This is an alias for a recommended set of scan options. You should use
     it to make your software ready for new features in future versions of
     libclamav.

    CL_SCAN_RAW
     It does nothing. Please use it (alone) if you don't want to scan any
     special files.

    CL_SCAN_ARCHIVE
     This flag enables transparent scanning of various archive formats.

    CL_SCAN_BLOCKENCRYPTED
     With this flag the library marks encrypted archives as viruses
     (Encrypted.Zip, Encrypted.RAR).

    CL_SCAN_BLOCKMAX
     Mark archives as viruses if maxfiles, maxfilesize, or maxreclevel limit
     is reached.

    CL_SCAN_MAIL
     It enables support for mail files.

    CL_SCAN_MAILURL
     The mail scanner will download and scan URLs listed in a mail body.
     This flag should not be used on loaded servers. Due to potential
     problems please do not enable it by default but make it optional.

    CL_SCAN_OLE2
     Enables support for Microsoft Office document files.

    CL_SCAN_PE
     This flag enables scanning withing Portable Executable files and allows
     libclamav to unpack UPX, Petite, and FSG compressed executables.

    CL_SCAN_BLOCKBROKEN
     libclamav will try to detect broken executables and mark them as
     Broken.Executable.

    CL_SCAN_HTML
     This flag enables HTML normalisation (including JScript decryption).

    Status returns. You can get the status code by putting the status object
    returned into into numeric context.

        my $status = $c->scan("foo.txt");
        print "Status: ", ($status + 0), "\n";

    The following are returned statuses if no error occured.

    CL_CLEAN
     no viruses found

    CL_VIRUS
     virus found, put the status in scalar context to see the type

    Error statuses

    CL_EMAXREC
     recursion level limit exceeded

    CL_EMAXSIZE
     size limit exceeded

    CL_EMAXFILES
     files limit exceeded

    CL_ERAR
     rar handler error

    CL_EZIP
     zip handler error

    CL_EMALFZIP
     malformed zip

    CL_EGZIP
     gzip handler error

    CL_EBZIP
     bzip2 handler error

    CL_EOLE2
     OLE2 handler error

    CL_EMSCOMP
     compress.exe handler error

    CL_EMSCAB
     MS CAB module error

    CL_EACCES
     access denied

    CL_ENULLARG
     null argument error

  Exportable functions
    These function can be exported either individually or using the :all
    export flags

    retdbdir
     This function returns the path to the database directory specified when
     clamav was compiled.

METHODS
  Settings
    NOTE These settings only apply to "scan()" and archives
    (CL_SCAN_ARCHIVE).

    maxreclevel
     Sets the maximum recursion level [default 5].

    maxfiles
     Maximum number of files that will be scanned [default 1000]. A value of
     zero disables the check.

    maxfilesize
     Maximum file size that will be scanned in bytes [default 10M]. A value
     of zero disables the check.

    maxratio
     Maximum compression ratio. So if this is set to 200, libclamav will
     give up decompressing a file if it reaches 200x its compressed size
     [default 200]. A value of zero disables the check.

    archivememlim
     Turns on/off memory usage limits for bzip2. [default 1]

  Scanning
    All of these methods return a status object. This object is overloaded
    to make things cleaner. In boolean context this will return false if
    there was an error. For example: my $status = $c->scan("foo.txt"); die
    "Error scanning: $status" unless $status;

    As you probably just noticed, $status in scalar context returns the
    error message. In addition to the overloading you just saw, $status has
    the following methods:

    errno
     The numeric value (if any) clamav returned.

    clean
     This will be true if the message was not a virus and an error did not
     occur.

    virus
     Returns true if the message is a virus.

    error
     Return the error message (if any). This is the same thing as quoting
     $status.

    count
     Returns the number of messages scanned. Only works with archives.

    scan(FileHandle or Path, Bitfield of options)
     "scan()" takes a FileHanle or path and passed the file descriptor for
     that off to clamav. The second argument is a bitfield of options,
     CL_SCAN_MAIL, CL_SCAN_ARCHIVE or CL_SCAN_RAW "Exportable constants".

     This function returns the status object discussed earlier.

     Note that if you are running in taint mode (-T) and a tainted path is
     passed to "scan()", it will "croak()".

    scanbuff($buff)
     scanbuff takes a raw buffer and scans it. No options are available for
     this function (it is assumed you already unarchived or de-MIMEed the
     buffer and that it is raw).

     NOTE: This method will go away in libclamav 0.90. Quote from the
     mailing list:

         Please do not use cl_scanbuff at all, it's to be removed in 0.90. This
         function only supports old type signature scanning and will miss many
         viruses (just try to scan test/clam.exe). You should definitely use
         cl_scanfile/cl_scandesc instead.

  Data Directory stats
    If the path passed into "new()" is a directory Mail::ClamAV will set
    things up to check for updated database files. Calling the
    "statchkdir()" will check the database directory to the stats we have in
    memory. If anything has changed true is returned, otherwise false.

    NOTE: trying to use "statchkdir()" when you passed in a database file
    instead of directory will produce a fatal error.

    "statchkdir()" is useful for long running daemons that need to check to
    see if it is time to reload the database. Reloading is simply getting a
    new Mail::ClamAV object and initializing it.

SEE ALSO
    The ClamAV API documentation
    <http://www.clamav.net/doc/html-0.65/node44.html>

AUTHOR
    Scott Beck <sbeck@gossamer-threads.com>

COPYRIGHT AND LICENSE
    Copyright (C) 2003 by Gossamer Threads Inc.
    <http://www.gossamer-threads.com>

    This library is free software; you can redistribute it and/or modify it
    under the same terms as Perl itself, either Perl version 5.8.1 or, at
    your option, any later version of Perl 5 you may have available.