@@ -1,3 +1,8 @@

+Tue Mar 18 15:47:47 CET 2008 (tk)

+---------------------------------

+  * docs/clamdoc.*: various documentation updates

+  * examples/ex1.c: update to new limits

+

 Tue Mar 18 13:35:00 EET 2008 (edwin)

 ------------------------------------

   * libclamav/entconv.c: fix memory leak (patch from TK)

Binary files a/docs/clamdoc.pdf and b/docs/clamdoc.pdf differ

@@ -127,7 +127,7 @@

 	\item{POSIX compliant, portable}

 	\item{Fast scanning}

 	\item{Supports on-access scanning (Linux and FreeBSD only)}

-	\item{Detects over 158.000 viruses, worms and trojans, including

+	\item{Detects over 230.000 viruses, worms and trojans, including

 	      Microsoft Office macro viruses, mobile malware, and other threats}

 	\item{Scans within archives and compressed files (also protects

 	      against archive bombs), built-in support includes:

@@ -144,12 +144,15 @@

 		\item MS SZDD compression format

 		\item BinHex

 		\item SIS (SymbianOS packages)

+		\item AutoIt

 	    \end{itemize}}

 	\item{Supports Portable Executable (32/64-bit) files compressed or obfuscated with:}

 	    \begin{itemize}

+		\item AsPack

 		\item UPX

 		\item FSG

 		\item Petite

+		\item PeSpin

 		\item NsPack

 		\item wwpack32

 		\item MEW

@@ -200,7 +203,7 @@

     \section{Base package}

     \subsection{Supported platforms}

-    Most popular UNIX operating systems are supported. Clam AntiVirus 0.90 was

+    Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was

     tested on:

     \begin{itemize}

 	\item{GNU/Linux}

@@ -223,7 +226,13 @@

     The following elements are required to compile ClamAV:

     \begin{itemize}

 	\item zlib and zlib-devel packages

-	\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)

+	\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)\\

+	      \textbf{If you are compiling with higher optimization levels

+	      than the default one (\hbox{-O2} for gcc), be aware that there

+	      have been reports of misoptimizations. The build system of ClamAV

+	      only checks for bugs affecting the default settings, it is your

+	      responsibility to check that your compiler version doesn't

+	      have any bugs.}

     \end{itemize}

     The following packages are optional but \textbf{highly recommended}:

     \begin{itemize}

@@ -610,14 +619,15 @@ N * * * *	/usr/local/bin/freshclam --quiet

     and 32-bit ELF files. Additionally, it can handle PE files compressed or

     obfuscated with the following tools:

     \begin{itemize}

+	\item Aspack (2.12)

 	\item UPX (all versions)

 	\item FSG (1.3, 1.31, 1.33, 2.0)

 	\item Petite (2.x)

+	\item PeSpin (1.1)

 	\item NsPack

 	\item wwpack32 (1.20)

 	\item MEW

 	\item Upack

-	\item SUE

 	\item Y0da Cryptor (1.3)

     \end{itemize}

@@ -640,6 +650,7 @@ N * * * *	/usr/local/bin/freshclam --quiet

 	\item MS SZDD compression format

 	\item BinHex

 	\item SIS (SymbianOS packages)

+	\item AutoIt

     \end{itemize}

     \subsubsection{Documents}

@@ -694,8 +705,13 @@ N * * * *	/usr/local/bin/freshclam --quiet

 	Load phishing signatures.

 	\item \textbf{CL\_DB\_PHISHING\_URLS}\\

 	Initialize the phishing detection module and load .wdb and .pdb files.

+	\item \textbf{CL\_DB\_PUA}\\

+	Load signatures for Potentially Unwanted Applications.

+	\item \textbf{CL\_DB\_CVDNOTMP}\\

+	Load CVD files directly without unpacking them into a temporary

+	directory.

     \end{itemize}

-    \verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a non-negative

+    \verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a negative

     value on failure.

     \begin{verbatim}

 	    ...

@@ -751,7 +767,7 @@ N * * * *	/usr/local/bin/freshclam --quiet

 	cl_statinidir(dbdir, &dbstat);

     \end{verbatim}

     To check for a change you just need to call \verb+cl_statchkdir+ and check

-    its return value:

+    its return value (0 - no change, 1 - some change occured):

     \begin{verbatim}

 	if(cl_statchkdir(&dbstat) == 1) {

 	    reload_database...;

@@ -772,7 +788,7 @@ N * * * *	/usr/local/bin/freshclam --quiet

 	long int *scanned, const struct cl_engine *engine, const

 	struct cl_limits *limits, unsigned int options);

     \end{verbatim}

-    Both functions will save a virus name under the pointer \verb+virname+,

+    Both functions will store a virus name under the pointer \verb+virname+,

     the virus name is part of the engine structure and must not be released

     directly. If the third argument (\verb+scanned+) is not NULL, the

     functions will increase its value with the size of scanned data (in

@@ -780,16 +796,17 @@ N * * * *	/usr/local/bin/freshclam --quiet

     limits in order to protect against Denial of Service attacks.

     \begin{verbatim}

 struct cl_limits {

-    unsigned int maxreclevel;     /* maximum recursion level for archives */

-    unsigned int maxfiles;        /* maximum number of files to be scanned

-                                   * within a single archive

-                                   */

-    unsigned int maxmailrec;	  /* maximum recursion level for mail files */

-    unsigned int maxratio;	  /* maximum compression ratio */

-    unsigned long int maxfilesize;/* compressed files larger than this limit

-                                   * will not be scanned

-                                   */

-    unsigned short archivememlim;  /* limit memory usage for some unpackers */

+    unsigned long int maxscansize;  /* during the scanning of archives this

+                                     * size will never be exceeded

+                                     */

+    unsigned long int maxfilesize;  /* compressed files will only be

+                                     * decompressed and scanned up to this size

+                                     */

+    unsigned int maxreclevel;       /* maximum recursion level for archives */

+    unsigned int maxfiles;          /* maximum number of files to be scanned

+                                     * within a single archive

+                                     */

+    unsigned short archivememlim;   /* limit memory usage for some unpackers */

 };

     \end{verbatim}

     The last argument (\verb+options+) configures the scan engine and supports

@@ -806,9 +823,6 @@ struct cl_limits {

 	\item \textbf{CL\_SCAN\_BLOCKENCRYPTED}\\

 	      With this flag the library will mark encrypted archives as viruses

 	      (Encrypted.Zip, Encrypted.RAR).

-	\item \textbf{CL\_SCAN\_BLOCKMAX}\\

-	      Mark archives as viruses if \verb+maxfiles+, \verb+maxfilesize+,

-	      or \verb+maxreclevel+ limit is reached.

 	\item \textbf{CL\_SCAN\_MAIL}\\

 	      Enable support for mail files.

 	\item \textbf{CL\_SCAN\_MAILURL}\\

@@ -835,9 +849,6 @@ struct cl_limits {

 	      decryption).

 	\item \textbf{CL\_SCAN\_ALGORITHMIC}\\

 	      Enable algorithmic detection of viruses.

-	\item \textbf{CL\_SCAN\_PHISHING\_DOMAINLIST}\\

-	      Phishing module: restrict URL scanning to domains from .pdf

-	      (RECOMMENDED).

 	\item \textbf{CL\_SCAN\_PHISHING\_BLOCKSSL}\\

 	      Phishing module: always block SSL mismatches in URLs.

 	\item \textbf{CL\_SCAN\_PHISHING\_BLOCKCLOAK}\\

@@ -851,14 +862,10 @@ struct cl_limits {

 	    const char *virname;

 	memset(&limits, 0, sizeof(struct cl_limits));

-	limits.maxfiles = 1000; /* max files */

-	limits.maxfilesize = 10 * 1048576; /* maximum size of archived or

-                                    * compressed file (files exceeding

-                                    * this limit will be ignored)

-                                    */

-	limits.maxreclevel = 5; /* maximum recursion level for archives */

-	limits.maxmailrec = 64; /* maximum recursion level for mail files */

-	limits.maxratio = 200; /* maximum compression ratio */

+	limits.maxfiles = 10000;

+	limits.maxscansize = 100 * 1048576; /* 100 MB */

+	limits.maxfilesize = 10 * 1048576; /* 10 MB */

+	limits.maxreclevel = 16;

 	if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,

 	&limits, CL_STDOPT)) == CL_VIRUS) {

@@ -871,7 +878,7 @@ struct cl_limits {

     \end{verbatim}

     \subsubsection{Memory}

-    Because the engine structure consumes a few megabytes of system memory, you

+    Because the engine structure occupies a few megabytes of system memory, you

     should release it with \verb+cl_free+ if you no longer need to scan files.

     \subsubsection{clamav-config}

@@ -902,15 +909,16 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)

     \verb+sigtool --info+ displays detailed information on CVD files:

     \begin{verbatim}

 zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd 

-Build time: 11 Feb 2007 19-28 +0000

-Version: 2553

-# of signatures: 6063

-Functionality level: 9

+File: daily.cvd

+Build time: 10 Mar 2008 10:45 +0000

+Version: 6191

+Signatures: 59084

+Functionality level: 26

 Builder: ccordes

-MD5: 7f337b409249e11dea3effb04dd352f2

-Digital signature: 6Ybd2eeDHBAs8raaEwmayqzoa5ysGDNnQ5Cc89mS2VCm1jRXZP

-ke/itmkTyYQTc/rgJc2uQPr+NvzvUxRpsniwoyZ/gIkPniCLnqVCYOOytwtmirivbrV8j

-0kzxb9nHd+5UQqj/Z3rLbS7T5HCbRX3uE0JX1tAo642Gq9ACH9Fc

+MD5: 6e6e29dae36b4b7315932c921e568330

+Digital signature: zz9irc9irupR3z7yX6J+OR6XdFPUat4HIM9ERn3kAcOWpcMFxq

+Fs4toG5WJsHda0Jj92IUusZ7wAgYjpai1Nr+jFfXHsJxv0dBkS5/XWMntj0T1ctNgqmiF

++RLU6V0VeTl4Oej3Aya0cVpd9K4XXevEO2eTTvzWNCAq0ZzWNdjc

 Verification OK.

     \end{verbatim}

@@ -209,7 +209,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -98,7 +98,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 .

 </PRE>

 </DD>

-<DT><A NAME="foot135">... system:</A><A

+<DT><A NAME="foot136">... system:</A><A

  HREF="node12.html#tex2html7"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>

 <DD>Cygwin note: If you have not

     /etc/passwd you can skip this point

@@ -135,7 +135,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 .

 </PRE>

 </DD>

-<DT><A NAME="foot176">... file</A><A

+<DT><A NAME="foot177">... file</A><A

  HREF="node19.html#tex2html9"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>

 <DD>To get more info on clamscan options run 'man clamscan'

@@ -171,7 +171,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 .

 </PRE>

 </DD>

-<DT><A NAME="foot210">... file</A><A

+<DT><A NAME="foot211">... file</A><A

  HREF="node23.html#tex2html13"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>

 <DD>man 5 clamd.conf

@@ -207,7 +207,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 .

 </PRE>

 </DD>

-<DT><A NAME="foot267">... it</A><A

+<DT><A NAME="foot268">... it</A><A

  HREF="node30.html#tex2html14"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>

 <DD>You can still use clamd or clamscan instead

@@ -243,7 +243,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 .

 </PRE>

 </DD>

-<DT><A NAME="foot290">... <code>signo</code></A><A

+<DT><A NAME="foot291">... <code>signo</code></A><A

  HREF="node39.html#tex2html15"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>

 <DD>Remember to initialize the virus counter

     variable with 0.

@@ -209,7 +209,7 @@ original version by:  Nikos Drakos, CBLU, University of Leeds

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -179,7 +179,7 @@ ClamAV and Clam AntiVirus are trademarks of Sourcefire, Inc.

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -61,6 +61,12 @@ Requirements</A>

 <LI>zlib and zlib-devel packages

 </LI>

 <LI>gcc compiler suite (tested with 2.9x, 3.x and 4.x series)

+<BR>	      <SPAN  CLASS="textbf">If you are compiling with higher optimization levels

+	      than the default one (-O2 for gcc), be aware that there

+	      have been reports of misoptimizations. The build system of ClamAV

+	      only checks for bugs affecting the default settings, it is your

+	      responsibility to check that your compiler version doesn't

+	      have any bugs.</SPAN>

 </LI>

 </UL>

@@ -90,7 +96,7 @@ A note for Solaris/SPARC users: you must set the <SPAN  CLASS="textit">ABI</SPAN

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Installing on shell account</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -57,7 +57,7 @@ Adding new system user and group</A>

 </H2>

     If you are installing ClamAV for the first time, you have to add a new

     user and group to your system: <A NAME="tex2html7"

-  HREF="footnode.html#foot135"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A>    <PRE>

+  HREF="footnode.html#foot136"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A>    <PRE>

 	# groupadd clamav

 	# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav

 </PRE>

@@ -69,7 +69,7 @@ Adding new system user and group</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Compilation of base package</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -64,7 +64,7 @@ Compilation with clamav-milter enabled</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -83,7 +83,7 @@ Configuration</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -79,7 +79,7 @@ clamd</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -90,7 +90,7 @@ On-access scanning</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -81,7 +81,7 @@ define(`confINPUT_MAIL_FILTERS', `clmilter')

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -62,7 +62,7 @@ Testing</A>

     It should find some test files in the clamav-x.yz/test directory.

     The scan result will be saved in the <code>scan.txt</code> log file

     <A NAME="tex2html9"

-  HREF="footnode.html#foot176"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>.

+  HREF="footnode.html#foot177"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>.

     To test <code>clamd</code>, start it and use <code>clamdscan</code> (or instead connect

     directly to its socket and run the SCAN command):

     <PRE>

@@ -75,7 +75,7 @@ Testing</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -79,7 +79,7 @@ Introduction</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -139,7 +139,7 @@ N * * * *	/usr/local/bin/freshclam --quiet

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -77,7 +77,7 @@ Closest mirrors</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -80,7 +80,7 @@ Usage</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -68,7 +68,7 @@ Clam daemon

 </UL>

     The daemon is fully configurable via the <code>clamd.conf</code> file

     <A NAME="tex2html13"

-  HREF="footnode.html#foot210"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands:

+  HREF="footnode.html#foot211"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands:

 <UL>

 <LI><SPAN  CLASS="textbf">PING</SPAN>

@@ -160,7 +160,7 @@ Start/end a <code>clamd</code> session - you can do multiple commands

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -76,7 +76,7 @@ Clam<SPAN  CLASS="textbf">d</SPAN>scan</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -92,7 +92,7 @@ SIGTERM signal. In other case you can lose access

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -70,7 +70,7 @@ Output format</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -94,7 +94,7 @@ clamscan</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -83,7 +83,7 @@ Error messages are printed in the following format:

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -124,7 +124,7 @@ LibClamAV</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -67,7 +67,7 @@ Features</A>

 </LI>

 <LI>Supports on-access scanning (Linux and FreeBSD only)

 </LI>

-<LI>Detects over 158.000 viruses, worms and trojans, including

+<LI>Detects over 230.000 viruses, worms and trojans, including

 	      Microsoft Office macro viruses, mobile malware, and other threats

 </LI>

 <LI>Scans within archives and compressed files (also protects

@@ -97,6 +97,8 @@ Features</A>

 <LI>BinHex

 </LI>

 <LI>SIS (SymbianOS packages)

+</LI>

+<LI>AutoIt

 </LI>

 </UL>

@@ -104,12 +106,16 @@ Features</A>

 <LI>Supports Portable Executable (32/64-bit) files compressed or obfuscated with:

 <UL>

+<LI>AsPack

+</LI>

 <LI>UPX

 </LI>

 <LI>FSG

 </LI>

 <LI>Petite

 </LI>

+<LI>PeSpin

+</LI>

 <LI>NsPack

 </LI>

 <LI>wwpack32

@@ -177,7 +183,7 @@ Features</A>

 <!--End of Navigation Panel-->

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -58,14 +58,14 @@ Licence</A>

     Libclamav is licensed under the GNU GPL v2 licence. This means you are

     <SPAN  CLASS="textbf">not allowed</SPAN> to link commercial, close-source applications

     against it<A NAME="tex2html14"

-  HREF="footnode.html#foot267"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>.

+  HREF="footnode.html#foot268"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>.

     All software using libclamav must be GPL compliant.

 <P>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -77,7 +77,7 @@ Supported formats</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -60,12 +60,16 @@ Executables</A>

     obfuscated with the following tools:

 <UL>

+<LI>Aspack (2.12)

+</LI>

 <LI>UPX (all versions)

 </LI>

 <LI>FSG (1.3, 1.31, 1.33, 2.0)

 </LI>

 <LI>Petite (2.x)

 </LI>

+<LI>PeSpin (1.1)

+</LI>

 <LI>NsPack

 </LI>

 <LI>wwpack32 (1.20)

@@ -74,8 +78,6 @@ Executables</A>

 </LI>

 <LI>Upack

 </LI>

-<LI>SUE

-</LI>

 <LI>Y0da Cryptor (1.3)

 </LI>

@@ -85,7 +87,7 @@ Executables</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -62,7 +62,7 @@ Mail files</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -80,6 +80,8 @@ Archives and compressed files</A>

 <LI>BinHex

 </LI>

 <LI>SIS (SymbianOS packages)

+</LI>

+<LI>AutoIt

 </LI>

 </UL>

@@ -88,7 +90,7 @@ Archives and compressed files</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -73,7 +73,7 @@ Documents</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ Others</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -75,7 +75,7 @@ API</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -64,7 +64,7 @@ Header file</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -70,7 +70,7 @@ Database loading</A>

     is used for passing in the engine structure which should be previously

     initialized with NULL. A number of loaded signatures will be <SPAN  CLASS="textbf">added</SPAN>

     to <code>signo</code> <A NAME="tex2html15"

-  HREF="footnode.html#foot290"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags:

+  HREF="footnode.html#foot291"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags:

 <UL>

 <LI><SPAN  CLASS="textbf">CL_DB_STDOPT</SPAN>

@@ -84,10 +84,19 @@ Load phishing signatures.

 <LI><SPAN  CLASS="textbf">CL_DB_PHISHING_URLS</SPAN>

 <BR>

 Initialize the phishing detection module and load .wdb and .pdb files.

+</LI>

+<LI><SPAN  CLASS="textbf">CL_DB_PUA</SPAN>

+<BR>

+Load signatures for Potentially Unwanted Applications.

+</LI>

+<LI><SPAN  CLASS="textbf">CL_DB_CVDNOTMP</SPAN>

+<BR>

+Load CVD files directly without unpacking them into a temporary

+	directory.

 </LI>

 </UL>

-    <code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a non-negative

+    <code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a negative

     value on failure.

     <PRE>

 	    ...

@@ -102,7 +111,7 @@ Initialize the phishing detection module and load .wdb and .pdb files.

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -86,7 +86,7 @@ Alternatively you can try asking on the <code>#clamav</code> IRC channel - launc

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -68,7 +68,7 @@ Error handling</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -74,7 +74,7 @@ Engine structure</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -72,7 +72,7 @@ Database reloading</A>

 	cl_statinidir(dbdir, &dbstat);

 </PRE>

     To check for a change you just need to call <code>cl_statchkdir</code> and check

-    its return value:

+    its return value (0 - no change, 1 - some change occured):

     <PRE>

 	if(cl_statchkdir(&dbstat) == 1) {

 	    reload_database...;

@@ -101,7 +101,7 @@ Database reloading</A>

 <BR><HR>

 <ADDRESS>

 Tomasz Kojm

-2008-03-03

+2008-03-18

 </ADDRESS>

 </BODY>

 </HTML>

@@ -65,7 +65,7 @@ Data scan functions</A>

 	long int *scanned, const struct cl_engine *engine, const

 	struct cl_limits *limits, unsigned int options);

 </PRE>

-    Both functions will save a virus name under the pointer <code>virname</code>,

+    Both functions will store a virus name under the pointer <code>virname</code>,

     the virus name is part of the engine structure and must not be released

     directly. If the third argument (<code>scanned</code>) is not NULL, the

     functions will increase its value with the size of scanned data (in

@@ -73,16 +73,17 @@ Data scan functions</A>

     limits in order to protect against Denial of Service attacks.

     <PRE>

 struct cl_limits {

-    unsigned int maxreclevel;     /* maximum recursion level for archives */

-    unsigned int maxfiles;        /* maximum number of files to be scanned

-                                   * within a single archive

-                                   */

-    unsigned int maxmailrec;	  /* maximum recursion level for mail files */

-    unsigned int maxratio;	  /* maximum compression ratio */

-    unsigned long int maxfilesize;/* compressed files larger than this limit

-                                   * will not be scanned

-                                   */

-    unsigned short archivememlim;  /* limit memory usage for some unpackers */

+    unsigned long int maxscansize;  /* during the scanning of archives this

+                                     * size will never be exceeded

+                                     */

+    unsigned long int maxfilesize;  /* compressed files will only be

+                                     * decompressed and scanned up to this size

+                                     */

+    unsigned int maxreclevel;       /* maximum recursion level for archives */

+    unsigned int maxfiles;          /* maximum number of files to be scanned

+                                     * within a single archive

+                                     */

+    unsigned short archivememlim;   /* limit memory usage for some unpackers */

 };

 </PRE>

     The last argument (<code>options</code>) configures the scan engine and supports

@@ -108,11 +109,6 @@ This flag enables transparent scanning of various archive formats.

 With this flag the library will mark encrypted archives as viruses

 	      (Encrypted.Zip, Encrypted.RAR).

 </LI>

-<LI><SPAN  CLASS="textbf">CL_SCAN_BLOCKMAX</SPAN>

-<BR>

-Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>,

-	      or <code>maxreclevel</code> limit is reached.

-</LI>

 <LI><SPAN  CLASS="textbf">CL_SCAN_MAIL</SPAN>

 <BR>

 Enable support for mail files.

@@ -157,11 +153,6 @@ This flag enables HTML normalisation (including ScrEnc

 <BR>

 Enable algorithmic detection of viruses.

 </LI>