61b40ee3 |
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
73e034df |
|
61b40ee3 |
<!--Converted with LaTeX2HTML 2002-2-1 (1.71) |
73e034df |
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD> |
96e05490 |
<TITLE>Data scan functions</TITLE>
<META NAME="description" CONTENT="Data scan functions"> |
73e034df |
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
|
61b40ee3 |
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1"> |
73e034df |
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="clamdoc.css">
<LINK REL="next" HREF="node46.html">
<LINK REL="previous" HREF="node44.html"> |
96e05490 |
<LINK REL="up" HREF="node44.html"> |
73e034df |
<LINK REL="next" HREF="node46.html">
</HEAD>
<BODY > |
61b40ee3 |
<DIV CLASS="navigation"><!--Navigation Panel--> |
ee93a07e |
<A NAME="tex2html788" |
73e034df |
HREF="node46.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> |
ee93a07e |
<A NAME="tex2html784" |
96e05490 |
HREF="node44.html"> |
73e034df |
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> |
ee93a07e |
<A NAME="tex2html778" |
73e034df |
HREF="node44.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> |
ee93a07e |
<A NAME="tex2html786" |
73e034df |
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR> |
ee93a07e |
<B> Next:</B> <A NAME="tex2html789" |
96e05490 |
HREF="node46.html">Memory</A> |
ee93a07e |
<B> Up:</B> <A NAME="tex2html785" |
96e05490 |
HREF="node44.html">Database reloading</A> |
ee93a07e |
<B> Previous:</B> <A NAME="tex2html779" |
96e05490 |
HREF="node44.html">Database reloading</A> |
ee93a07e |
<B> <A NAME="tex2html787" |
73e034df |
HREF="node1.html">Contents</A></B>
<BR> |
61b40ee3 |
<BR></DIV> |
73e034df |
<!--End of Navigation Panel-->
|
96e05490 |
<H3><A NAME="SECTION00074100000000000000">
Data scan functions</A> |
73e034df |
</H3> |
96e05490 |
It's possible to scan a file or descriptor using:
<PRE>
int cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine,
const struct cl_limits *limits, unsigned int options);
int cl_scandesc(int desc, const char **virname, unsigned
long int *scanned, const struct cl_engine *engine, const
struct cl_limits *limits, unsigned int options);
</PRE>
Both functions will store a virus name under the pointer <code>virname</code>,
the virus name is part of the engine structure and must not be released
directly. If the third argument (<code>scanned</code>) is not NULL, the
functions will increase its value with the size of scanned data (in
<code>CL_COUNT_PRECISION</code> units). Both functions have support for archive
limits in order to protect against Denial of Service attacks.
<PRE>
struct cl_limits {
unsigned long int maxscansize; /* during the scanning of archives this
* size will never be exceeded
*/
unsigned long int maxfilesize; /* compressed files will only be
* decompressed and scanned up to this size
*/
unsigned int maxreclevel; /* maximum recursion level for archives */
unsigned int maxfiles; /* maximum number of files to be scanned
* within a single archive
*/
unsigned short archivememlim; /* limit memory usage for some unpackers */
};
</PRE>
The last argument (<code>options</code>) configures the scan engine and supports
the following flags (that can be combined using bit operators):
<UL>
<LI><SPAN CLASS="textbf">CL_SCAN_STDOPT</SPAN>
<BR>
This is an alias for a recommended set of scan options. You
should use it to make your software ready for new features
in the future versions of libclamav.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_RAW</SPAN>
<BR>
Use it alone if you want to disable support for special files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ARCHIVE</SPAN>
<BR>
This flag enables transparent scanning of various archive formats.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKENCRYPTED</SPAN>
<BR>
With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
<BR>
Enable support for mail files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_MAILURL</SPAN>
<BR>
The mail scanner will download and scan URLs listed in a mail
body. This flag should not be used on loaded servers. Due to
potential problems please do not enable it by default but make
it optional.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_OLE2</SPAN>
<BR>
Enables support for OLE2 containers (used by MS Office and .msi
files).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PDF</SPAN>
<BR>
Enables scanning within PDF files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PE</SPAN>
<BR>
This flag enables deep scanning of Portable Executable files and
allows libclamav to unpack executables compressed with run-time
unpackers.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ELF</SPAN>
<BR>
Enable support for ELF files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKBROKEN</SPAN>
<BR>
libclamav will try to detect broken executables and mark them as
Broken.Executable.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_HTML</SPAN>
<BR>
This flag enables HTML normalisation (including ScrEnc
decryption).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ALGORITHMIC</SPAN>
<BR>
Enable algorithmic detection of viruses.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
<BR>
Phishing module: always block SSL mismatches in URLs.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKCLOAK</SPAN>
<BR>
Phishing module: always block cloaked URLs.
</LI>
</UL>
All functions return 0 (<code>CL_CLEAN</code>) when the file seems clean,
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
<PRE>
...
struct cl_limits limits;
const char *virname;
memset(&limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 10000;
limits.maxscansize = 100 * 1048576; /* 100 MB */
limits.maxfilesize = 10 * 1048576; /* 10 MB */
limits.maxreclevel = 16;
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
&limits, CL_STDOPT)) == CL_VIRUS) {
printf("Virus detected: %s\n", virname);
} else {
printf("No virus detected.\n");
if(ret != CL_CLEAN)
printf("Error: %s\n", cl_strerror(ret));
}
</PRE> |
73e034df |
<P> |
96e05490 |
<DIV CLASS="navigation"><HR>
<!--Navigation Panel--> |
ee93a07e |
<A NAME="tex2html788" |
96e05490 |
HREF="node46.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> |
ee93a07e |
<A NAME="tex2html784" |
96e05490 |
HREF="node44.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> |
ee93a07e |
<A NAME="tex2html778" |
96e05490 |
HREF="node44.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> |
ee93a07e |
<A NAME="tex2html786" |
96e05490 |
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR> |
ee93a07e |
<B> Next:</B> <A NAME="tex2html789" |
96e05490 |
HREF="node46.html">Memory</A> |
ee93a07e |
<B> Up:</B> <A NAME="tex2html785" |
96e05490 |
HREF="node44.html">Database reloading</A> |
ee93a07e |
<B> Previous:</B> <A NAME="tex2html779" |
96e05490 |
HREF="node44.html">Database reloading</A> |
ee93a07e |
<B> <A NAME="tex2html787" |
96e05490 |
HREF="node1.html">Contents</A></B> </DIV>
<!--End of Navigation Panel--> |
73e034df |
<ADDRESS>
Tomasz Kojm |
a6b4b6af |
2008-10-30 |
73e034df |
</ADDRESS>
</BODY>
</HTML> |