@@ -188,14 +188,15 @@ CL_CLEAN = File is scanned

 CL_BREAK = Whitelisted by callback - file is skipped and marked as clean

 CL_VIRUS = Blacklisted by callback - file is skipped and marked as infected

 */

-extern void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback, void *context);

+extern void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback);

-typedef cl_error_t (*clcb_post_scan)(int fd, int result, void *context);

+typedef cl_error_t (*clcb_post_scan)(int fd, int result, const char *virname, void *context);

 /* POST-SCAN

 Input:

 fd      = File descriptor which is was scanned

 result  = The scan result for the file

+virname = Virus name if infected

 context = Opaque application provided data

 Output:

@@ -203,7 +204,7 @@ CL_CLEAN = Scan result is not overridden

 CL_BREAK = Whitelisted by callback - scan result is set to CL_CLEAN

 CL_VIRUS = Blacklisted by callback - scan result is set to CL_VIRUS

 */

-extern void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback, void *context);

+extern void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback);

 typedef int (*clcb_sigload)(const char *type, const char *name, void *context);

@@ -241,6 +242,7 @@ struct cl_cvd {		    /* field no. */

 /* file scanning */

 extern int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int scanoptions);

+extern int cl_scandesc_callback(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int scanoptions, void *context);

 extern int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int scanoptions);

@@ -1009,14 +1009,12 @@ int cli_bitset_test(bitset_t *bs, unsigned long bit_offset)

 	return (bs->bitset[char_offset] & ((unsigned char)1 << bit_offset));

 }

-void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback, void *context) {

+void cl_engine_set_clcb_pre_scan(struct cl_engine *engine, clcb_pre_scan callback) {

     engine->cb_pre_scan = callback;

-    engine->cb_pre_scan_ctx = callback ? context : NULL;

 }

-void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback, void *context) {

+void cl_engine_set_clcb_post_scan(struct cl_engine *engine, clcb_post_scan callback) {

     engine->cb_post_scan = callback;

-    engine->cb_post_scan_ctx = callback ? context : NULL;

 }

 void cl_engine_set_clcb_sigload(struct cl_engine *engine, clcb_sigload callback, void *context) {

@@ -125,6 +125,7 @@ typedef struct cli_ctx_tag {

     struct cli_dconf *dconf;

     fmap_t **fmap;

     bitset_t* hook_lsig_matches;

+    void *cb_ctx;

 #ifdef HAVE__INTERNAL__SHA_COLLECT

     char entry_filename[2048];

     int sha_collect;

@@ -251,9 +252,7 @@ struct cl_engine {

     /* Callback(s) */

     clcb_pre_scan cb_pre_scan;

-    void *cb_pre_scan_ctx;

     clcb_post_scan cb_post_scan;

-    void *cb_post_scan_ctx;

     clcb_sigload cb_sigload;

     void *cb_sigload_ctx;

@@ -1897,7 +1897,7 @@ static void emax_reached(cli_ctx *ctx) {

 #define ret_from_magicscan(retcode) do {							\

     cli_dbgmsg("cli_magic_scandesc: returning %d %s\n", retcode, __AT__);			\

     if(ctx->engine->cb_post_scan) {								\

-	switch(ctx->engine->cb_post_scan(desc, retcode, ctx->engine->cb_post_scan_ctx)) {	\

+	switch(ctx->engine->cb_post_scan(desc, retcode, ctx->virname ? *ctx->virname : NULL, ctx->cb_ctx)) {		\

 	case CL_BREAK:										\

 	    cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");			\

 	    return CL_CLEAN;									\

@@ -1970,7 +1970,7 @@ int cli_magic_scandesc(int desc, cli_ctx *ctx)

     }

     if(ctx->engine->cb_pre_scan) {

-	switch(ctx->engine->cb_pre_scan(desc, ctx->engine->cb_pre_scan_ctx)) {

+	switch(ctx->engine->cb_pre_scan(desc, ctx->cb_ctx)) {

 	case CL_BREAK:

 	    cli_dbgmsg("cli_magic_scandesc: file whitelisted by callback\n");

 	    funmap(*ctx->fmap);

@@ -2424,6 +2424,54 @@ int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, cons

     return cli_scandesc_stats(desc, virname, NULL, NULL, scanned, engine, scanoptions);

 }

+

+int cl_scandesc_callback(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int scanoptions, void *context)

+{

+    cli_ctx ctx;

+    int rc;

+

+    memset(&ctx, '\0', sizeof(cli_ctx));

+    ctx.engine = engine;

+    ctx.virname = virname;

+    ctx.scanned = scanned;

+    ctx.options = scanoptions;

+    ctx.found_possibly_unwanted = 0;

+    ctx.container_type = CL_TYPE_ANY;

+    ctx.container_size = 0;

+    ctx.dconf = (struct cli_dconf *) engine->dconf;

+    ctx.cb_ctx = context;

+    ctx.fmap = cli_calloc(sizeof(fmap_t *), ctx.engine->maxreclevel + 2);

+    if(!ctx.fmap)

+	return CL_EMEM;

+    if (!(ctx.hook_lsig_matches = cli_bitset_init())) {

+	free(ctx.fmap);

+	return CL_EMEM;

+    }

+

+#ifdef HAVE__INTERNAL__SHA_COLLECT

+    if(scanoptions & CL_SCAN_INTERNAL_COLLECT_SHA) {

+	char link[32];

+	ssize_t linksz;

+

+	snprintf(link, sizeof(link), "/proc/self/fd/%u", desc);

+	link[sizeof(link)-1]='\0';

+	if((linksz=readlink(link, ctx.entry_filename, sizeof(ctx.entry_filename)))==-1) {

+	    cli_errmsg("failed to resolve filename for descriptor %d (%s)\n", desc, link);

+	    strcpy(ctx.entry_filename, "NO_IDEA");

+	} else

+	    ctx.entry_filename[linksz]='\0';

+    } while(0);

+#endif

+

+    rc = cli_magic_scandesc(desc, &ctx);

+

+    cli_bitset_free(ctx.hook_lsig_matches);

+    free(ctx.fmap);

+    if(rc == CL_CLEAN && ctx.found_possibly_unwanted)

+    	rc = CL_VIRUS;

+    return rc;

+}

+

 int cli_found_possibly_unwanted(cli_ctx* ctx)

 {

 	if(ctx->virname) {

@@ -45,7 +45,7 @@

 				Name="VCCLCompilerTool"

 				Optimization="0"

 				AdditionalIncludeDirectories=""$(SolutionDir)";"$(SolutionDir)..\libclamav";"$(SolutionDir)compat";"$(SolutionDir)3rdparty\zlib";"$(SolutionDir)3rdparty\pthreads";"$(SolutionDir)..""

-				PreprocessorDefinitions="WIN32_LEAN_AND_MEAN;HAVE_CONFIG_H;_BIND_TO_CURRENT_VCLIBS_VERSION=1;CLAMAV_EXPORTS"

+				PreprocessorDefinitions="WIN32_LEAN_AND_MEAN;HAVE_CONFIG_H;_BIND_TO_CURRENT_VCLIBS_VERSION=1;CLAMAPI= __declspec(dllexport)"

 				MinimalRebuild="true"

 				BasicRuntimeChecks="3"

 				RuntimeLibrary="3"

@@ -123,7 +123,7 @@

 				Optimization="2"

 				EnableIntrinsicFunctions="true"

 				AdditionalIncludeDirectories=""$(SolutionDir)";"$(SolutionDir)..\libclamav";"$(SolutionDir)compat";"$(SolutionDir)3rdparty\zlib";"$(SolutionDir)3rdparty\pthreads";"$(SolutionDir)..""

-				PreprocessorDefinitions="WIN32_LEAN_AND_MEAN;HAVE_CONFIG_H;_BIND_TO_CURRENT_VCLIBS_VERSION=1;CLAMAV_EXPORTS"

+				PreprocessorDefinitions="WIN32_LEAN_AND_MEAN;HAVE_CONFIG_H;_BIND_TO_CURRENT_VCLIBS_VERSION=1;CLAMAPI= __declspec(dllexport)"

 				RuntimeLibrary="2"

 				EnableFunctionLevelLinking="true"

 				UsePrecompiledHeader="0"

new file mode 100644

@@ -0,0 +1,15 @@

+#if HAVE_CONFIG_H

+#include "clamav-config.h"

+#endif

+

+#include "clscanapi.h"

+

+typedef void (CALL_CONVENTION *CLAM_PASSWORD_CALLBACK)(int objectType, const wchar_t *pObjectName, wchar_t *pPassword, int *pPasswordLen, void *context);

+

+int CLAMAPI Scan_SetPasswordCallback(CClamAVScanner *pScanner, CLAM_PASSWORD_CALLBACK pfnCallback, void *pContext) {

+    return CLAMAPI_SUCCESS;

+}

+

+int CLAMAPI Scan_ScanObjectInMemory(CClamAVScanner *pScanner, const void *pObject, unsigned int objectSize, int objectType, int action, int impersonatePID, int *pScanStatus, PCLAM_SCAN_INFO_LIST *pInfoList) {

+    return CLAMAPI_SUCCESS;

+}

\ No newline at end of file

@@ -25,24 +25,21 @@

                                    CLAMAPI interface

 ***************************************************************************************/

-/* CLAMAPI declspec */

-#ifdef CLAMAV_EXPORTS

-#define CLAMAPI __declspec(dllexport)

-#else

-#define CLAMAPI __declspec(dllimport)

-#endif

-

 /* CLAMAPI calling convention. Please do not touch */

 #ifndef CALL_CONVENTION

 #define CALL_CONVENTION __cdecl

 #endif

+#ifndef CLAMAPI

+#define CLAMAPI

+#endif

+

 /* CLAMAPI - return codes */

 /* Always check for the return value of CLAMAPI's 

  * Possible values are:

  * - return_value == CLAMAPI_SUCCESS: API succeded

- * - return_value != CLAMAPI_SUCCESS: API failed (call ClamGetErrorMsg(return_value) to retrieve the error message)

+ * - return_value != CLAMAPI_SUCCESS: API failed (call Scan_GetErrorMsg(return_value) to retrieve the error message)

  */

 #define CLAMAPI_SUCCESS 0

@@ -67,9 +64,10 @@ enum CLAM_SCAN_OPTIONS {

 /* CLAMAPI SCAN PHASES */

 /* Define the scan phase to which the returned results refer to */

 typedef enum _CLAM_SCAN_PHASE {

+    SCAN_PHASE_INITIAL,	 /* ight before ClamAV starts scanning the entry (outer) file - in scan callback mode only */

     SCAN_PHASE_PRESCAN,	 /* Right before ClamAV starts scanning the current file - in scan callback mode only */

     SCAN_PHASE_POSTSCAN, /* After ClamAV has scanned the current file - in scan callback mode only */

-    SCAN_PHASE_FINAL	 /* Upon returning from ScanObject */

+    SCAN_PHASE_FINAL	 /* After ClamAV has scanned the entry (outer) file (callback) and upon returning from ScanObject */

 } CLAM_SCAN_PHASE;

@@ -88,12 +86,15 @@ typedef struct _CLAM_SCAN_INFO {

     /* Presence: ALWAYS */

     int cbSize;

+    /** A single field that can store information regarding packers, installers, compound objects etc **/

+    int flags;

+

     /** The phase to which the results refer to **/

     /* Presence: ALWAYS */

     CLAM_SCAN_PHASE scanPhase;

     /** Error condition **/

-    /* Possible values: CLAMAPI_SUCCESS if no error; call ClamGetErrorMsg(errorCode)

+    /* Possible values: CLAMAPI_SUCCESS if no error; call Scan_GetErrorMsg(errorCode)

      * to retrieve the error message */

     /* Presence: ALWAYS */

     int errorCode;

@@ -273,7 +274,7 @@ int CLAMAPI Scan_SetOption(CClamAVScanner *pScanner, int option, void *value, un

  * INPUT @param errorCode

  * NOTE: the returned string is not to be freed!

  */

-const wchar_t *ClamGetErrorMsg(int errorCode);

+CLAMAPI const wchar_t * Scan_GetErrorMsg(int errorCode);

 #ifdef __cplusplus

 }; /* extern "C" */

@@ -3,6 +3,9 @@

 // check scan funcs

 // after scan returns and ret!=CL_VIRUS pInfoList NULL or unchanged?

 // changed set option value to 0 or non 0

+// restore file position

+// cb context per instance or per scanobj ??

+// optional shit to really be OPTIONAL!

 /*

  * Copyright (C) 2010 Sourcefire, Inc.

@@ -49,6 +52,9 @@ unsigned int engine_refcnt;

 #define lock_engine()(WaitForSingleObject(engine_mutex, INFINITE) == WAIT_FAILED)

 #define unlock_engine() do {ReleaseMutex(engine_mutex);} while(0)

+cl_error_t prescan_cb(int fd, void *context);

+cl_error_t postscan_cb(int fd, int result, const char *virname, void *context);

+

 BOOL interface_setup(void) {

     if(!(engine_mutex = CreateMutex(NULL, FALSE, NULL)))

 	return FALSE;

@@ -127,6 +133,7 @@ int CLAMAPI Scan_Initialize(const wchar_t *pEnginesFolder, const wchar_t *pTempR

 	unlock_engine();

 	FAIL(CL_EMEM, "Not enough memory for a new engine");

     }

+    cl_engine_set_clcb_pre_scan(engine, prescan_cb);

     if(!WideCharToMultiByte(CP_ACP, WC_NO_BEST_FIT_CHARS, pTempRoot, -1, tmpdir, sizeof(tmpdir), NULL, &cant_convert) || cant_convert) {

 	free_engine_and_unlock();

 	FAIL(CL_EARG, "Can't translate pTempRoot");

@@ -216,8 +223,11 @@ int CLAMAPI Scan_DestroyInstance(CClamAVScanner *pScanner) {

 int CLAMAPI Scan_SetScanCallback(CClamAVScanner *pScanner, CLAM_SCAN_CALLBACK pfnCallback, void *pContext) {

     instance *inst = (instance *)pScanner;

+    InterlockedIncrement(&inst->refcnt);

     inst->scancb = pfnCallback;

     inst->scancb_ctx = pContext;

+    InterlockedDecrement(&inst->refcnt);

+    

     WIN();

 }

@@ -327,11 +337,17 @@ int CLAMAPI Scan_ScanObject(CClamAVScanner *pScanner, const wchar_t *pObjectPath

     return res;

 }

+struct scan_ctx {

+    int entryfd;

+    instance *inst;

+};

+

 int CLAMAPI Scan_ScanObjectByHandle(CClamAVScanner *pScanner, HANDLE object, int *pScanStatus, PCLAM_SCAN_INFO_LIST *pInfoList) {

     instance *inst = (instance *)pScanner;

     HANDLE duphdl, self;

     char *virname;

     int fd, res;

+    struct scan_ctx sctx;

     InterlockedIncrement(&inst->refcnt);

@@ -347,7 +363,9 @@ int CLAMAPI Scan_ScanObjectByHandle(CClamAVScanner *pScanner, HANDLE object, int

 	FAIL(CL_EOPEN, "Open handle failed");

     }

-    res = cl_scandesc(fd, &virname, NULL, engine, inst->scanopts);

+    sctx.entryfd = fd;

+    sctx.inst = inst;

+    res = cl_scandesc_callback(fd, &virname, NULL, engine, inst->scanopts, &sctx);

     InterlockedDecrement(&inst->refcnt);

     close(fd);

@@ -385,3 +403,68 @@ int CLAMAPI Scan_DeleteScanInfo(CClamAVScanner *pScanner, PCLAM_SCAN_INFO_LIST p

     WIN();

 }

+cl_error_t prescan_cb(int fd, void *context) {

+    struct scan_ctx *sctx = (struct scan_ctx *)context;

+    instance *inst = sctx->inst;

+    CLAM_SCAN_INFO si;

+    CLAM_ACTION act;

+

+    logg("in prescan cb with %d %p\n", fd, context);

+    si.cbSize = sizeof(si);

+    si.flags = 0;

+    si.scanPhase = (fd == sctx->entryfd) ? SCAN_PHASE_INITIAL : SCAN_PHASE_PRESCAN;

+    si.errorCode = CLAMAPI_SUCCESS;

+    si.pThreatType = NULL;

+    si.pThreatName = NULL;

+    si.object = (HANDLE)_get_osfhandle(fd);

+    si.pInnerObjectPath = NULL;

+    inst->scancb(&si, &act, inst->scancb_ctx);

+    switch(act) {

+	case CLAM_ACTION_SKIP:

+	    logg("prescan cb result: SKIP\n");

+	    return CL_BREAK;

+	case CLAM_ACTION_ABORT:

+	    logg("prescan cb result: ABORT\n");

+	    return CL_VIRUS;

+	default:

+	    logg("prescan cb returned bogus value\n");

+	case CLAM_ACTION_CONTINUE:

+	    logg("prescan cb result: CONTINUE\n");

+	    return CL_CLEAN;

+    }

+}

+

+cl_error_t postscan_cb(int fd, int result, const char *virname, void *context) {

+    struct scan_ctx *sctx = (struct scan_ctx *)context;

+    instance *inst = sctx->inst;

+    CLAM_SCAN_INFO si;

+    CLAM_ACTION act;

+

+    logg("in prostscan cb with %d %d %s %p\n", fd, result, virname, context);

+    si.cbSize = sizeof(si);

+    si.flags = 0;

+    si.scanPhase = (fd == sctx->entryfd) ? SCAN_PHASE_FINAL : SCAN_PHASE_POSTSCAN;

+    si.errorCode = CLAMAPI_SUCCESS;

+    si.pThreatType = NULL;

+    si.pThreatName = (result == CL_VIRUS) ? L"Fixme" : NULL; /* FIXME */

+    si.object = (HANDLE)_get_osfhandle(fd);

+    si.pInnerObjectPath = NULL;

+    inst->scancb(&si, &act, inst->scancb_ctx);

+    switch(act) {

+	case CLAM_ACTION_SKIP:

+	    logg("postscan cb result: SKIP\n");

+	    return CL_BREAK;

+	case CLAM_ACTION_ABORT:

+	    logg("postscan cb result: ABORT\n");

+	    return CL_VIRUS;

+	default:

+	    logg("postscan cb returned bogus value\n");

+	case CLAM_ACTION_CONTINUE:

+	    logg("prescan cb result: CONTINUE\n");

+	    return CL_CLEAN;

+    }

+}

+

+CLAMAPI const wchar_t * Scan_GetErrorMsg(int errorCode) {

+    return L"w00t!"; /* FIXME */

+}

@@ -32,6 +32,9 @@ EXPORTS cl_statchkdir @24

 EXPORTS cl_statfree @25

 EXPORTS cl_statinidir @26

 EXPORTS cl_strerror @27

+EXPORTS cl_engine_set_clcb_pre_scan @28

+EXPORTS cl_engine_set_clcb_post_scan @29

+EXPORTS cl_scandesc_callback @30

 ; path variables