Free sweep software for linux

DWH_File module contains data and object persistence in deep and wide hashes.

SYNOPSIS

use DWH_File qw/ GDBM_File /;
# the use argument set the DBM module used

tie( %h, DWH_File, myFile, O_RDWR|O_CREAT, 0644 );

untie( %h ); # essential!

Note: the files produced by DWH_File 0.22 are in a different format and are incompatible with the files produced by previous versions.

DWH_File is used in a manner resembling NDBM_File, DB_File etc. These DBM modules are limited to storing flat scalar values. References to data such as arrays or hashes are stored as useless strings and the data in the referenced structures will be lost.

DWH_File uses one of the DBM modules (configurable through the parameters to use()), but extends the functionality to not only save referenced data structures but even object systems.

This is why I made it. It makes it extremely simple to achieve persistence in object oriented Perl programs and you can skip the cumbersome interaction with a conventional database.

DWH_File tries to make the tied hash behave as much like a standard Perl hash as possible. Besides the capability to store nested data structures DWH_File also implements exists(), delete() and undef() functionality like that of a standard hash (as opposed to all the DBM modules).

MULTIPLE DBM FILES

It is possible to distribute for instance an object system over several files if wanted. This might be practical to avoid huge single files and may also make it easier make a reasonable structure in the data. If this feature is used the same set of files should be tied each time if any of the contents that may refer across files is altered. See MODELS.

GARBAGE COLLECTION

DWH_File uses a garbage collection scheme similar to that of Perl itself. This means that you actually dont have to worry about freeing anything (see the cyclic reference caveat though). Just like Perl DWH_File will remove entries that nothing is pointing to (and therefore noone can ever get at). If youve got a key whose value refers to an array for instance, that array will be swept away if you assign something else to the key. Unless theres a reference to the array somewhere else in the structure. This works even across different dbm files when using multiple files.

The garbage collection housekeeping is performed at untie time - so it is mandatory to call untie (and if you keep any references to the tied object to undef those in advance). Otherwise youll leave the object at the mercy of global destruction and garbage wont be properly collected.

MUTUAL EXCLUSION

Ealier versions had some specialized locking schemes to deal with concurrency in eg. web-applications. I havnt put any into this version, and I think Ill leave them out to avoid scope creep.

The reason for having those features were that locking dbm-files isnt as straightforward as locking ordinary files. I find now, that the best solution is to use some of the generalized mechanisms for handling concurrency. There are some fine perl modules for facilitating the use of semaphores for instance.

LOGGING

Earlier versions had a logging feature. I havent put it into this new generation of DWH_File yet. If you need it, send me a mail. That might tempt me.

Sophie is a daemon which uses libsavi library from Sophos anti-virus vendor.
On startup, Sophie initializes SAVI (Sophos Anti-Virus Interface), loads virus patterns into memory, opens local UNIX domain socket, and waits for someone to connect and instructs it which path to scan. Since it is loaded in RAM, scanning is very fast. Of course, speed of scanning also depends on SAVI settings and size of the file.
Sophie was initially created for use with Virge, a mail virus/attachment scanning tool. Because of that, not all SAVI features are implemented in Sophie. My intention was not to create a tool that does the same job as sweep (Sophos tools), but to make fast and efficient tool that can detect virus - but not remove it or make XLS report on it (heh - this was a stupid joke, I presume ;).
At this point, some of the features (that have been requested) are implemented. Some are not, and might never be. So, please, when asking me to add things in Sophie, keep in mind that Sophie was created for Virge, not to be used as a virus scanning tool for a workstation.
This is how Sophie works:
Initializes SAVI inteface, and loads virus patterns
Creates a local UNIX socket (/var/run/sophie, by default)
Waits for someone to connect to the socket, and send path(s) on the local filesystem which need to be scanned
Sophie then forks a process, scans the path(s), and if virus is found, it stops scanning and returns result (1:virusname)
If no viruses were found, it just returns 0
Sophie then goes back to sleep...
Since virus patterns are always in memory, scanning is fast (fast in startup, not fast in execution :) and takes much less resources. For one run, it probably doesnt make a difference if you will use Sophie of Sweep. However, if you have a program (local mail delivery agent, for example) that needs to scan every few seconds/minutes - things are way different.
The difference I am talking about is not in scanning itself - when scanning is in progress, Sophie is little involved in it. Scanning speed depends on the SAVI setup, and on the size of the file being scanned (and if it is an archive, there might be hundreds, even thousands of files inside). However, the initialization of the engine is what count in this case.
Enhancements:
- etc/sophie.savi is now set with SAVI default. Names/values are set as to default SAVI settings from SetConfigDefaults(pSAVI) call.
- 28 new SAVI options added to etc/sophie.savi file. Options were taken with SAVI 3.77.
- Check for nanosleep before including rt library
- "Grp" options fix in sophie_init.c. Thanks to Markus Stumpf for spotting it.

Sophosticated consists of two BASH scripts. One script installs Sophos virus scanner updates from CD, while the other downloads, unpacks, and installs the latest IDEs.
These scripts needs BASH or a compatible shell. They were originally made and tested on a Mandrake Linux 8.0 installation (and still work fine up to Mandrake 9.1), so you may need to alter the paths to the utility programs (ls gawk grep mail logger eject) to suit your system. I also installed Sweep in /home/sweep rather than the default directory, which you may not have done. The site I made this for doesnt use InterCheck.
I run auto_update_ides thrice daily and auto_update_sweep daily, the clients staff leave any new Sophos CD in the drive over the weekend so that the update script can see and use it. The example crontab reflects this. To use it as-is (and this presumes that you have nothing else in roots crontab, do "crontab -l" to check), do "crontab crontab" in this directory.
The scripts work for me, they will probably work on any reasonably well-equipped Unix system, and maybe many others such as BeOS, OS/2 and OS/X, but as I said above there is no guarantee or warranty of any kind. If you break it, you get to keep both pieces (under the terms of the GPL, of course).
Yes, this even includes Dohl MacBride and his cronies, to whose level of pettiness and selfishness I refuse to stoop.
Enhancements:
- The "top directory" is now explicitly defined at the top of each script. If you install Sophos in /home/sweep as I do, you will need to edit this. The current settings match Sophos default (/usr/local).
- Since /usr/local/tmp normally doesnt exist, the scripts will use $TMPDIR for scribbling if $TOPDIR/tmp doesnt exist.

onesixtyone is an efficient SNMP scanner which utilizes a sweep technique to achieve extreme performance. The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a reply. Unfortunately SNMP servers dont respond to requests with invalid community strings and the underlying UDP protocol does not reliably report closed UDP ports. This means that no response from the probed IP address can mean either of the following:
machine unreachable
SNMP server not running
invalid community string
the response datagram has not yet arrived
The approach taken by most SNMP scanners is to send the request, wait for n seconds and assume that the community string is invalid. If only 1 of every hundred scanned IP addresses responds to the SNMP request, the scanner will spend 99*n seconds waiting for replies that will never come.
Thats why traditional SNMP scanners are very inefficient.
onesixtyone takes a different approach to SNMP scanning. It takes advantage of the fact that SNMP is a connectionless protocol and sends all SNMP requests as fast as it can. Then the scanner waits for responses to come back and logs them, in a fashion similar to Nmap ping sweeps. By default onesixtyone waits for 10 milliseconds between sending packets, which is adequate for 100Mbs switched networks. The user can adjust this value via the -w command line option. If set to 0, the scanner will send packets as fast as the kernel would accept them, which may lead to packet drop.
Running onesixtyone on a class B network (switched 100Mbs with 1Gbs backbone) with -w 10 gives us a performance of 3 seconds per class C, with no dropped packets. All 65536 IP addresses were scanned in less than 13 minutes.
onesixtyone sends a request for the system.sysDescr.0 value, which is present on almost all SNMP enabled devices. This returned value gives us a description of the system software running on the device. Here is an excert of a log file:
192.168.120.92 [1234] HP ETHERNET MULTI-ENVIRONMENT,ROM A.05.03,JETDIRECT,JD24,EEPROM A.05.05
130.160.108.146 [public] Hardware: x86 Family 15 Model 0 Stepping 10 AT/AT
COMPATIBLE - Software: Windows 2000 Version 5.0 (Build 2195 Uniprocessor Free)
192.168.112.64 [public] Power Macintosh, hardware type 406; MacOS 9.0; OpenTransport 2.5.2
192.168.104.254 [public] Novell NetWare 4.11 August 22, 1996
192.168.112.83 [public] Macintosh Quadra 650, System Software 7.1
192.168.244.210 [public] RICOH Aficio 850 / RICOH Network Printer D model
192.168.240.39 [public] Cisco Systems WS-C5000
192.168.244.103 [public] HPJ3210A AdvanceStack 10BT Switching Hub Management Module, ROM A.01.02, EEPROM A.01.01, HW A.01.00
Enhancements:
- fixed version number and added a Makefile

Nasal is a language that I wrote for use in a personal project. Ostensibly it was because I was frustrated with the dearth of small-but-complete embeddable scripting languages, but of course I really wrote it because it was fun.
It is still young and incomplete in a few places, but is under active development and has been integrated as the extension language for the FlightGear simulator.
Documentation is still sparse. There is a design document available, which talks at length about the "whys" behind the design of Nasal and includes documentation for the built-in library functions.
More useful to the experienced programmer is the tutorial-style sample code, which explains and demonstrates all the syntax features of the language.
Like perl, python and javascript, nasal uses vectors (expandable arrays) and hash tables as its native data format. This is a well-understood idiom, and it works very well. I felt no need to rock the boat here.
Like perl, and unlike everything else, nasal combines numbers and strings into a single "scalar" datatype. No conversion needs to happen in user code, which simplifies common string handling tasks.
Like perl, but unlike python, hash keys must by scalars in nasal. Python supports a "tuple" constant type that can be used as well, but there is no equivalent in nasal (you cant use vectors as keys because they might change after the insertion).
Like perl and python, nasal uses a # character to indicate and end-of-line comment. There is no multiline begin/end comment syntax as in Javascript.
Like perl, nasal functions do not have named parameters. They get their arguments in a vector named "arg", and can extract them however they like. Unlike perl, Nasal takes advantage of this feature to do away with function "declaration" entirly; see below.
Like python, there is no hidden local object scope in a function call. The object on which a method was called is available to a function as a local variable named "me" (python calls this "self" by convention, but because nasal has no declared function arguments, there is no opportunity to change it).
Like perl, "objects" in nasal are simply hash tables. Looking an item up by name in a hash table and extracting a symbol for an object are just different syntax for the same operation (but read on for an important exception):
a["b"] = 1 means the same thing as: a.b = 1
The above paragraph is a minor lie. The "dot" syntax is also the clue to the interpreter to "save" the left hand side as the "me" reference if the expression is used as a function/method call. That is, these expressions are not equivalent (one is a plain function call, the other a method invocation on the object "a"):
a["b"](arg1, arg2) isnt the same as: a.b(arg1, arg2)
Like javascript, nasal lacks a specific "class" syntax for OOP programming. Instead, classes are simply objects. Each object supports a "parents" member array; symbol lookup on the object at runtime bounces to the parents (and the parents parents) if the symbol is not found in the hash. The parents field is just like any other object field, you can set it however you like and even change it at runtime if you are feeling especially perverse.
Like lisp, javascript and perl, nasal supports lexical closures. This means that the local symbol namespace available to your function when it is assigned remain constant over time. If you dont know what this means, you dont need to care. It is this feature that allows functions to use variables declared in the outer scope when it is defined (e.g. seeing "module" variables).
Like all other scripting languages, functions are just symbols in a namespace, but unlike all other scripting languages, there is no function "declaration" syntax. A function is always an anonymous object (a "lambda," in the parlance), which you assign to a variable in order to use. Like so:
myfunction = func { arg[0] + 1 }
myfunction(1); # returns 2
One annoyance of this feature is that Nasal functions dont have unique internal "names". So a debugging or exception stack trace can only give you a source line number, and not a function name as reference.
Nasal has a straightforward, readable syntax which is closest to javascript among other scripting languages. Like later versions of javascript, it includes has a hash lookup syntax as well as an object field accessor syntax (that is, you can do both a.b and a["b"]).
Unlike python, nasal has a grammar which is not whitespace-sensitive. This doesnt make python hard to write, and it arguably makes it easier to read. But it is different from the way the rest of the world works, and makes python distinctly unsuitable for "inline" environments (consider PHP, Javascript, ASP or in-configuration-file scripts) where it needs to live as a plain old string inside of another programs code or data file.
Nasal garbage collects runtime storage, so the programmer need not worry about manual allocation, or even circular references. The current implementation is a simple mark/sweep collector, which should be acceptable for most applications. Future enhancements will include a "return early" capability for latency-critical applications. The collector can be instructred to return after a certain maximum delay, and be restarted later. Fancy items like generational collectors fail the "small and simple" criteria and are not likely to be included.
Like python, nasal supports exception handling as a first-class language feature, with built-in runtime-inspectable stack trace. Rather like perl, however, there is no special "try" syntax for exception handling, nor inheritance-based catching semantics. Instead, you call a "try" function on another function, and inspect the return value on your own. Code simply calls die with an argument list, which is returned from the closest enclosing try() invocation. Elaborate exception handling isnt really appropriate for embedded scripting languages. [NOTE: this isnt finished yet]
Nasal tries to be stricter than perl. Operations like converting a non-numeric string value to a number, reading or writing past the end of an array or operating on a nil reference, which are generally legal in perl, throw exceptions in nasal. Perl sometimes bends over backwards to do something "reasonable" with your instructions (e.g. whats the boolean truth value of a hash reference?); nasal doesnt try ("error: non-scalar used in boolean context at line 92")
Nasal is very small, very simple, written in ANSI C, and generally an excellent choice for embedded applications. It uses a simple and transparent syntax interpretable by a simple "bracket matching and operator precedence" parser. It does not depend on any third party libraries other than the standard C library. It does not depend on third party tools like (f)lex and yacc/bison. It builds simply and easily, supports a reasonably simple extension API and cohabitates well with other code.
Nasal makes no use of the processor stack when running recursive code. This is important for embedded languages as it provides the ability to "exit early" from a Nasal context. An outside application may have realtime constraints, and Nasal can be instructed to run for only a certain number of "cycles" before returning. Later calls will automatically pick up the interpreter state where it left off.
Nasal provides "minimal threadsafety". Multithreaded operations on Nasal objects are safe in the sense that they cannot crash or corrupt the interpreter. They are not guaranteed to be atomic. In particular, poorly synchronized insertions into containers can "drop" objects into oblivion (which is OK from an interpreter stability standpoint, since the GC will clean them up normally). Race conditions have to be the programmers problem anyway, this is just another symptom. Garbage collection will block all threads before running. [NOTE: this part is still unimplemented.]
Enhancements:
- This release contains the updates that have been available in SimGear for some time now.
- Important new functionality includes bugfixes, many performance enhancements, a declared function argument syntax, a ternary (?:) operator, indexable and mutable string objects, interpreter thread safety features, and much work to the "standard" library (including stdio, bitfields, Unix system calls, and PCRE regular expressions).

The Boehm-Demers-Weiser conservative garbage collector can be used as a garbage collecting replacement for C malloc or C++ new.
Boehm-Demers-Weiser Conservative Garbage Collector allows you to allocate memory basically as you normally would, without explicitly deallocating memory that is no longer useful. The collector automatically recycles memory when it determines that it can no longer be otherwise accessed.
The collector is also used by a number of programming language implementations that either use C as intermediate code, want to facilitate easier interoperation with C libraries, or just prefer the simple collector interface.
Alternatively, the garbage collector may be used as a leak detector for C or C++ programs, though that is not its primary goal.
Typically several versions will be available. Usually you should first try to use gc_source/gc.tar.gz, which is normally an older, more stable version.
If that fails, try the latest explicitly numbered version in gc_source/. Later versions may contain additional features, platform support, or bug fixes, but are likely to be less well tested. Note that versions containing the letters alpha are even less well tested than others, especially on non-HP platforms.
A slightly older version of the garbage collector is now also included as part of the GNU compiler distribution.
The collector uses a mark-sweep algorithm. It provides incremental and generational collection under operating systems which provide the right kind of virtual memory support. (Currently this includes SunOS[45], IRIX, OSF/1, Linux, and Windows, with varying restrictions.)
It allows finalization code to be invoked when an object is collected. It can take advantage of type information to locate pointers if such information is provided, but it is usually used without such information. ee the README and gc.h files in the distribution for more details.
The garbage collector distribution includes a C string (cord) package that provides for fast concatenation and substring operations on long strings. A simple curses- and win32-based editor that represents the entire file as a cord is included as a sample application.
Performance of the nonincremental collector is typically competitive with malloc/free implementations. Both space and time overhead are likely to be only slightly higher for programs written for malloc/free (see Detlefs, Dosser and Zorns Memory Allocation Costs in Large C and C++ Programs.)
For programs allocating primarily very small objects, the collector may be faster; for programs allocating primarily large objects it will be slower. If the collector is used in a multithreaded environment and configured for thread-local allocation, it may in some cases significantly outperform malloc/free allocation in time.
We also expect that in many cases any additional overhead will be more than compensated for by decreased copying etc. if programs are written and tuned for garbage collection.
Enhancements:
- The C code now requires at least C89.
- The live data in the heap is now counted, helping to make the heap expansion heuristic more robust.
- Thread local allocation support was enhanced.
- Some obsolete platform support such as old-style Solaris threads was removed.
- Some new platform support was added.
- Various bugs were fixed.

Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, extensible, and portable.
Main features:
- Ruby has simple syntax, partially inspired by Eiffel and Ada.
- Ruby has exception handling features, like Java or Python, to make it easy to handle errors.
- Rubys operators are syntax sugar for the methods. You can redefine them easily.
- Ruby is a complete, full, pure object oriented language: OOL. This means all data in Ruby is an object, in the sense of Smalltalk: no exceptions. Example: In Ruby, the number 1 is an instance of class Fixnum.
- Rubys OO is carefully designed to be both complete and open for improvements. Example: Ruby has the ability to add methods to a class, or even to an instance during runtime. So, if needed, an instance of one class *can* behave differently from other instances of the same class.
- Ruby features single inheritance only, *on purpose*. But Ruby knows the concept of modules (called Categories in Objective-C). Modules are collections of methods. Every class can import a module and so gets all its methods for free. Some of us think that this is a much clearer way than multiple inheritance, which is complex, and not used very often compared with single inheritance (dont count C++ here, as it has often no other choice due to strong type checking!).
- Ruby features true closures. Not just unnamed function, but with present variable bindings.
- Ruby features blocks in its syntax (code surrounded by { ... } or do ... end). These blocks can be passed to methods, or converted into closures.
- Ruby features a true mark-and-sweep garbage collector. It works with all Ruby objects. You dont have to care about maintaining reference counts in extension libraries. This is better for your health.
- Writing C extensions in Ruby is easier than in Perl or Python, due partly to the garbage collector, and partly to the fine extension API. SWIG interface is also available.
- Integers in Ruby can (and should) be used without counting their internal representation. There *are* small integers (instances of class Fixnum) and large integers (Bignum), but you need not worry over which one is used currently. If a value is small enough, an integer is a Fixnum, otherwise it is a Bignum. Conversion occurs automatically.
- Ruby needs no variable declarations. It uses simple naming conventions to denote the scope of variables. Examples: simple var = local variable, @var = instance variable, $var = global variable. So it is also not necessary to use a tiresome self. prepended to every instance member.
- Ruby can load extension libraries dynamically if an OS allows.
- Ruby features OS independent threading. Thus, for all platforms on which Ruby runs, you also have multithreading, regardless of if the OS supports it or not, even on MS-DOS! ;-)
- Ruby is highly portable: it is developed mostly on Linux, but works on many types of UNIX, DOS, Windows 95/98/Me/NT/2000/XP, MacOS, BeOS, OS/2, etc.