28e73e95 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2K.1beta (1.48)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD> |
5def21ff |
<H2><A NAME="SECTION00071000000000000000">
General API</A>
</H2>
Every program based on libclamav must include the <I>clamav.h</I> header
file:
<PRE>
#include <clamav.h>
</PRE>
A first step is to initialize the scanning engine. There are three
functions available:
<PRE>
int cl_loaddb(const char *filename, struct cl_node **root,
int *virnum);
int cl_loaddbdir(const char *dirname, struct cl_node **root,
int *virnum);
char *cl_retdbdir(void);
</PRE>
<I>cl_loaddb()</I> loads a particular database, <I>cl_loaddbdir()</I>
loads all <I>.cvd</I> (and older <I>.db</I>, .db2) databases from a
directory <I>dirname</I>. <I>cl_retdbdir()</I> returns a hardcoded
database directory path. Initial internal database (Aho-Corasick tree,
trie; see <A HREF="node47.html#engine">6.3</A>) will be saved under <I>root</I> and a number of
signatures loaded will be <B>added</B> <A NAME="tex2html45"
HREF="footnode.html#foot510"><SUP>7</SUP></A> to <I>virnum</I>. Pointer to the trie
must initially point to NULL. If you don't care about number of signatures
pass NULL as a third argument. <I>cl_loaddb</I> functions return 0 on
success and other value on failure.
<PRE>
struct cl_node *root = NULL;
int ret;
ret = cl_loaddbdir(cl_retdbdir(), &root, NULL);
</PRE>
There's an elegant way to print libclamav's error codes:
<PRE>
char *cl_strerror(int clerror);
</PRE>
<I>cl_strerror()</I> returns a (statically allocated) string describing
a <I>clerror</I> code:
<PRE>
if(ret) {
printf("cl_loaddbdir() error: %s\n", cl_strerror(ret));
exit(1);
}
</PRE>
When database is loaded you must build the final trie with:
<PRE>
void cl_buildtrie(struct cl_node *root);
</PRE>
In our example:
<PRE>
cl_buildtrie(root);
</PRE>
OK, now you can scan a buffer, a descriptor or a file with:
<PRE>
int cl_scanbuff(const char *buffer, unsigned int length,
char **virname, const struct cl_node *root);
int cl_scandesc(int desc, char **virname, unsigned long int
*scanned, const struct cl_node *root, const struct cl_limits
*limits, int options);
int cl_scanfile(const char *filename, char **virname,
unsigned long int *scanned, const struct cl_node *root,
const struct cl_limits *limits, int options);
</PRE>
All the functions save a virus name address under <I>virname</I> pointer.
<I>virname</I> points to a name in the trie structure thus it can't be
released directly. <I>cl_scandesc()</I> and <I>cl_scanfile()</I> can
increase the <I>scanned</I> value in CL_COUNT_PRECISION units, they also
support archive limits:
<PRE>
struct cl_limits {
int maxreclevel;
int maxfiles;
long int maxfilesize;
};
</PRE>
The last argument configures scan engine. Currently it supports
<B>CL_ARCHIVE</B> (enables archive scanning), <B>CL_RAW</B>
(disables archive scanning) and <B>CL_MAIL</B> (enables mbox
and Maildir scanning) and <B>CL_DISABLERAR</B> (disables the built-in
RAR unpacker which leaks like hell). These functions return 0
(<B>CL_CLEAN</B>) when no virus is found, <B>CL_VIRUS</B> when virus
is found and other value on failure.
<PRE>
struct cl_limits limits;
char *virname;
/* maximal number of files in archive */;
limits.maxfiles = 1000
/* maximal archived file size == 10 MB */
limits.maxfilesize = 10 * 1048576;
/* maximal recursion level */
limits.maxreclevel = 5;
if((ret = cl_scanfile("/home/zolw/test", &virname, NULL, root,
&limits, CL_ARCHIVE)) == CL_VIRUS) {
printf("Detected %s virus.\n", virname);
} else {
printf("No virus detected.\n");
if(ret != CL_CLEAN)
printf("Error: %s\n", cl_strerror(ret));
}
</PRE>
Release the trie if you no longer need it:
<PRE>
void cl_freetrie(struct cl_node *root);
</PRE>
You will find an example scanner in clamav sources (/example). Program
based on libclamav must be linked against it:
<PRE>
gcc -Wall ex1.c -o ex1 -lclamav
</PRE>
Enjoy !
|