Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

various updates

Browse source 
git-svn: trunk@3721
This commit is contained in:
Tomasz Kojm 2008-03-18 15:40:41 +00:00
parent 758b2755c5
commit 50b8f5d66b
61 changed files with 188 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Tue Mar 18 15:47:47 CET 2008 (tk)
---------------------------------
* docs/clamdoc.*: various documentation updates
* examples/ex1.c: update to new limits
Tue Mar 18 13:35:00 EET 2008 (edwin) Tue Mar 18 13:35:00 EET 2008 (edwin)
------------------------------------ ------------------------------------
* libclamav/entconv.c: fix memory leak (patch from TK) * libclamav/entconv.c: fix memory leak (patch from TK)

BIN
docs/clamdoc.pdf
View file

Binary file not shown.

88
docs/clamdoc.tex
View file

@ -127,7 +127,7 @@
\item{POSIX compliant, portable} \item{POSIX compliant, portable}
\item{Fast scanning} \item{Fast scanning}
\item{Supports on-access scanning (Linux and FreeBSD only)} \item{Supports on-access scanning (Linux and FreeBSD only)}
\item{Detects over 158.000 viruses, worms and trojans, including \item{Detects over 230.000 viruses, worms and trojans, including
Microsoft Office macro viruses, mobile malware, and other threats} Microsoft Office macro viruses, mobile malware, and other threats}
\item{Scans within archives and compressed files (also protects \item{Scans within archives and compressed files (also protects
against archive bombs), built-in support includes: against archive bombs), built-in support includes:
@ -144,12 +144,15 @@
\item MS SZDD compression format \item MS SZDD compression format
\item BinHex \item BinHex
\item SIS (SymbianOS packages) \item SIS (SymbianOS packages)
\item AutoIt
\end{itemize}} \end{itemize}}
\item{Supports Portable Executable (32/64-bit) files compressed or obfuscated with:} \item{Supports Portable Executable (32/64-bit) files compressed or obfuscated with:}
\begin{itemize} \begin{itemize}
\item AsPack
\item UPX \item UPX
\item FSG \item FSG
\item Petite \item Petite
\item PeSpin
\item NsPack \item NsPack
\item wwpack32 \item wwpack32
\item MEW \item MEW
@ -200,7 +203,7 @@
\section{Base package} \section{Base package}
\subsection{Supported platforms} \subsection{Supported platforms}
Most popular UNIX operating systems are supported. Clam AntiVirus 0.90 was Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was
tested on: tested on:
\begin{itemize} \begin{itemize}
\item{GNU/Linux} \item{GNU/Linux}
@ -223,7 +226,13 @@
The following elements are required to compile ClamAV: The following elements are required to compile ClamAV:
\begin{itemize} \begin{itemize}
\item zlib and zlib-devel packages \item zlib and zlib-devel packages
\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series) \item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)\\
\textbf{If you are compiling with higher optimization levels
than the default one (\hbox{-O2} for gcc), be aware that there
have been reports of misoptimizations. The build system of ClamAV
only checks for bugs affecting the default settings, it is your
responsibility to check that your compiler version doesn't
have any bugs.}
\end{itemize} \end{itemize}
The following packages are optional but \textbf{highly recommended}: The following packages are optional but \textbf{highly recommended}:
\begin{itemize} \begin{itemize}
@ -610,14 +619,15 @@ N * * * * /usr/local/bin/freshclam --quiet
and 32-bit ELF files. Additionally, it can handle PE files compressed or and 32-bit ELF files. Additionally, it can handle PE files compressed or
obfuscated with the following tools: obfuscated with the following tools:
\begin{itemize} \begin{itemize}
\item Aspack (2.12)
\item UPX (all versions) \item UPX (all versions)
\item FSG (1.3, 1.31, 1.33, 2.0) \item FSG (1.3, 1.31, 1.33, 2.0)
\item Petite (2.x) \item Petite (2.x)
\item PeSpin (1.1)
\item NsPack \item NsPack
\item wwpack32 (1.20) \item wwpack32 (1.20)
\item MEW \item MEW
\item Upack \item Upack
\item SUE
\item Y0da Cryptor (1.3) \item Y0da Cryptor (1.3)
\end{itemize} \end{itemize}
@ -640,6 +650,7 @@ N * * * * /usr/local/bin/freshclam --quiet
\item MS SZDD compression format \item MS SZDD compression format
\item BinHex \item BinHex
\item SIS (SymbianOS packages) \item SIS (SymbianOS packages)
\item AutoIt
\end{itemize} \end{itemize}
\subsubsection{Documents} \subsubsection{Documents}
@ -694,8 +705,13 @@ N * * * * /usr/local/bin/freshclam --quiet
Load phishing signatures. Load phishing signatures.
\item \textbf{CL\_DB\_PHISHING\_URLS}\\ \item \textbf{CL\_DB\_PHISHING\_URLS}\\
Initialize the phishing detection module and load .wdb and .pdb files. Initialize the phishing detection module and load .wdb and .pdb files.
\item \textbf{CL\_DB\_PUA}\\
Load signatures for Potentially Unwanted Applications.
\item \textbf{CL\_DB\_CVDNOTMP}\\
Load CVD files directly without unpacking them into a temporary
directory.
\end{itemize} \end{itemize}
\verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a non-negative \verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a negative
value on failure. value on failure.
\begin{verbatim} \begin{verbatim}
... ...
@ -751,7 +767,7 @@ N * * * * /usr/local/bin/freshclam --quiet
cl_statinidir(dbdir, &dbstat); cl_statinidir(dbdir, &dbstat);
\end{verbatim} \end{verbatim}
To check for a change you just need to call \verb+cl_statchkdir+ and check To check for a change you just need to call \verb+cl_statchkdir+ and check
its return value: its return value (0 - no change, 1 - some change occured):
\begin{verbatim} \begin{verbatim}
if(cl_statchkdir(&dbstat) == 1) { if(cl_statchkdir(&dbstat) == 1) {
reload_database...; reload_database...;
@ -772,7 +788,7 @@ N * * * * /usr/local/bin/freshclam --quiet
long int *scanned, const struct cl_engine *engine, const long int *scanned, const struct cl_engine *engine, const
struct cl_limits *limits, unsigned int options); struct cl_limits *limits, unsigned int options);
\end{verbatim} \end{verbatim}
Both functions will save a virus name under the pointer \verb+virname+, Both functions will store a virus name under the pointer \verb+virname+,
the virus name is part of the engine structure and must not be released the virus name is part of the engine structure and must not be released
directly. If the third argument (\verb+scanned+) is not NULL, the directly. If the third argument (\verb+scanned+) is not NULL, the
functions will increase its value with the size of scanned data (in functions will increase its value with the size of scanned data (in
@ -780,16 +796,17 @@ N * * * * /usr/local/bin/freshclam --quiet
limits in order to protect against Denial of Service attacks. limits in order to protect against Denial of Service attacks.
\begin{verbatim} \begin{verbatim}
struct cl_limits { struct cl_limits {
unsigned int maxreclevel; /* maximum recursion level for archives */ unsigned long int maxscansize; /* during the scanning of archives this
unsigned int maxfiles; /* maximum number of files to be scanned * size will never be exceeded
* within a single archive */
*/ unsigned long int maxfilesize; /* compressed files will only be
unsigned int maxmailrec; /* maximum recursion level for mail files */ * decompressed and scanned up to this size
unsigned int maxratio; /* maximum compression ratio */ */
unsigned long int maxfilesize;/* compressed files larger than this limit unsigned int maxreclevel; /* maximum recursion level for archives */
* will not be scanned unsigned int maxfiles; /* maximum number of files to be scanned
*/ * within a single archive
unsigned short archivememlim; /* limit memory usage for some unpackers */ */
unsigned short archivememlim; /* limit memory usage for some unpackers */
}; };
\end{verbatim} \end{verbatim}
The last argument (\verb+options+) configures the scan engine and supports The last argument (\verb+options+) configures the scan engine and supports
@ -806,9 +823,6 @@ struct cl_limits {
\item \textbf{CL\_SCAN\_BLOCKENCRYPTED}\\ \item \textbf{CL\_SCAN\_BLOCKENCRYPTED}\\
With this flag the library will mark encrypted archives as viruses With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR). (Encrypted.Zip, Encrypted.RAR).
\item \textbf{CL\_SCAN\_BLOCKMAX}\\
Mark archives as viruses if \verb+maxfiles+, \verb+maxfilesize+,
or \verb+maxreclevel+ limit is reached.
\item \textbf{CL\_SCAN\_MAIL}\\ \item \textbf{CL\_SCAN\_MAIL}\\
Enable support for mail files. Enable support for mail files.
\item \textbf{CL\_SCAN\_MAILURL}\\ \item \textbf{CL\_SCAN\_MAILURL}\\
@ -835,9 +849,6 @@ struct cl_limits {
decryption). decryption).
\item \textbf{CL\_SCAN\_ALGORITHMIC}\\ \item \textbf{CL\_SCAN\_ALGORITHMIC}\\
Enable algorithmic detection of viruses. Enable algorithmic detection of viruses.
\item \textbf{CL\_SCAN\_PHISHING\_DOMAINLIST}\\
Phishing module: restrict URL scanning to domains from .pdf
(RECOMMENDED).
\item \textbf{CL\_SCAN\_PHISHING\_BLOCKSSL}\\ \item \textbf{CL\_SCAN\_PHISHING\_BLOCKSSL}\\
Phishing module: always block SSL mismatches in URLs. Phishing module: always block SSL mismatches in URLs.
\item \textbf{CL\_SCAN\_PHISHING\_BLOCKCLOAK}\\ \item \textbf{CL\_SCAN\_PHISHING\_BLOCKCLOAK}\\
@ -851,14 +862,10 @@ struct cl_limits {
const char *virname; const char *virname;
memset(&limits, 0, sizeof(struct cl_limits)); memset(&limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */ limits.maxfiles = 10000;
limits.maxfilesize = 10 * 1048576; /* maximum size of archived or limits.maxscansize = 100 * 1048576; /* 100 MB */
* compressed file (files exceeding limits.maxfilesize = 10 * 1048576; /* 10 MB */
* this limit will be ignored) limits.maxreclevel = 16;
*/
limits.maxreclevel = 5; /* maximum recursion level for archives */
limits.maxmailrec = 64; /* maximum recursion level for mail files */
limits.maxratio = 200; /* maximum compression ratio */
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine, if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
&limits, CL_STDOPT)) == CL_VIRUS) { &limits, CL_STDOPT)) == CL_VIRUS) {
@ -871,7 +878,7 @@ struct cl_limits {
\end{verbatim} \end{verbatim}
\subsubsection{Memory} \subsubsection{Memory}
Because the engine structure consumes a few megabytes of system memory, you Because the engine structure occupies a few megabytes of system memory, you
should release it with \verb+cl_free+ if you no longer need to scan files. should release it with \verb+cl_free+ if you no longer need to scan files.
\subsubsection{clamav-config} \subsubsection{clamav-config}
@ -902,15 +909,16 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)
\verb+sigtool --info+ displays detailed information on CVD files: \verb+sigtool --info+ displays detailed information on CVD files:
\begin{verbatim} \begin{verbatim}
zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd
Build time: 11 Feb 2007 19-28 +0000 File: daily.cvd
Version: 2553 Build time: 10 Mar 2008 10:45 +0000
# of signatures: 6063 Version: 6191
Functionality level: 9 Signatures: 59084
Functionality level: 26
Builder: ccordes Builder: ccordes
MD5: 7f337b409249e11dea3effb04dd352f2 MD5: 6e6e29dae36b4b7315932c921e568330
Digital signature: 6Ybd2eeDHBAs8raaEwmayqzoa5ysGDNnQ5Cc89mS2VCm1jRXZP Digital signature: zz9irc9irupR3z7yX6J+OR6XdFPUat4HIM9ERn3kAcOWpcMFxq
ke/itmkTyYQTc/rgJc2uQPr+NvzvUxRpsniwoyZ/gIkPniCLnqVCYOOytwtmirivbrV8j Fs4toG5WJsHda0Jj92IUusZ7wAgYjpai1Nr+jFfXHsJxv0dBkS5/XWMntj0T1ctNgqmiF
0kzxb9nHd+5UQqj/Z3rLbS7T5HCbRX3uE0JX1tAo642Gq9ACH9Fc +RLU6V0VeTl4Oej3Aya0cVpd9K4XXevEO2eTTvzWNCAq0ZzWNdjc
Verification OK. Verification OK.
\end{verbatim} \end{verbatim}

2
docs/html/clamdoc.html
View file

@ -209,7 +209,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

10
docs/html/footnode.html
View file

@ -98,7 +98,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
. .
</PRE> </PRE>
</DD> </DD>
<DT><A NAME="foot135">... system:</A><A <DT><A NAME="foot136">... system:</A><A
HREF="node12.html#tex2html7"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT> HREF="node12.html#tex2html7"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
<DD>Cygwin note: If you have not <DD>Cygwin note: If you have not
/etc/passwd you can skip this point /etc/passwd you can skip this point
@ -135,7 +135,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
. .
</PRE> </PRE>
</DD> </DD>
<DT><A NAME="foot176">... file</A><A <DT><A NAME="foot177">... file</A><A
HREF="node19.html#tex2html9"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT> HREF="node19.html#tex2html9"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
<DD>To get more info on clamscan options run 'man clamscan' <DD>To get more info on clamscan options run 'man clamscan'
@ -171,7 +171,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
. .
</PRE> </PRE>
</DD> </DD>
<DT><A NAME="foot210">... file</A><A <DT><A NAME="foot211">... file</A><A
HREF="node23.html#tex2html13"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT> HREF="node23.html#tex2html13"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
<DD>man 5 clamd.conf <DD>man 5 clamd.conf
@ -207,7 +207,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
. .
</PRE> </PRE>
</DD> </DD>
<DT><A NAME="foot267">... it</A><A <DT><A NAME="foot268">... it</A><A
HREF="node30.html#tex2html14"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT> HREF="node30.html#tex2html14"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
<DD>You can still use clamd or clamscan instead <DD>You can still use clamd or clamscan instead
@ -243,7 +243,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
. .
</PRE> </PRE>
</DD> </DD>
<DT><A NAME="foot290">... <code>signo</code></A><A <DT><A NAME="foot291">... <code>signo</code></A><A
HREF="node39.html#tex2html15"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT> HREF="node39.html#tex2html15"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
<DD>Remember to initialize the virus counter <DD>Remember to initialize the virus counter
variable with 0. variable with 0.

2
docs/html/index.html
View file

@ -209,7 +209,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node1.html
View file

@ -179,7 +179,7 @@ ClamAV and Clam AntiVirus are trademarks of Sourcefire, Inc.
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

8
docs/html/node10.html
View file

@ -61,6 +61,12 @@ Requirements</A>
<LI>zlib and zlib-devel packages <LI>zlib and zlib-devel packages
</LI> </LI>
<LI>gcc compiler suite (tested with 2.9x, 3.x and 4.x series) <LI>gcc compiler suite (tested with 2.9x, 3.x and 4.x series)
<BR> <SPAN CLASS="textbf">If you are compiling with higher optimization levels
than the default one (-O2 for gcc), be aware that there
have been reports of misoptimizations. The build system of ClamAV
only checks for bugs affecting the default settings, it is your
responsibility to check that your compiler version doesn't
have any bugs.</SPAN>
</LI> </LI>
</UL> </UL>
@ -90,7 +96,7 @@ A note for Solaris/SPARC users: you must set the <SPAN CLASS="textit">ABI</SPAN
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node11.html
View file

@ -75,7 +75,7 @@ Installing on shell account</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node12.html
View file

@ -57,7 +57,7 @@ Adding new system user and group</A>
</H2> </H2>
If you are installing ClamAV for the first time, you have to add a new If you are installing ClamAV for the first time, you have to add a new
user and group to your system: <A NAME="tex2html7" user and group to your system: <A NAME="tex2html7"
HREF="footnode.html#foot135"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <PRE> HREF="footnode.html#foot136"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <PRE>
# groupadd clamav # groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav # useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
</PRE> </PRE>
@ -69,7 +69,7 @@ Adding new system user and group</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node13.html
View file

@ -75,7 +75,7 @@ Compilation of base package</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node14.html
View file

@ -64,7 +64,7 @@ Compilation with clamav-milter enabled</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node15.html
View file

@ -83,7 +83,7 @@ Configuration</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node16.html
View file

@ -79,7 +79,7 @@ clamd</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node17.html
View file

@ -90,7 +90,7 @@ On-access scanning</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node18.html
View file

@ -81,7 +81,7 @@ define(`confINPUT_MAIL_FILTERS', `clmilter')
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node19.html
View file

@ -62,7 +62,7 @@ Testing</A>
It should find some test files in the clamav-x.yz/test directory. It should find some test files in the clamav-x.yz/test directory.
The scan result will be saved in the <code>scan.txt</code> log file The scan result will be saved in the <code>scan.txt</code> log file
<A NAME="tex2html9" <A NAME="tex2html9"
HREF="footnode.html#foot176"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>. HREF="footnode.html#foot177"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>.
To test <code>clamd</code>, start it and use <code>clamdscan</code> (or instead connect To test <code>clamd</code>, start it and use <code>clamdscan</code> (or instead connect
directly to its socket and run the SCAN command): directly to its socket and run the SCAN command):
<PRE> <PRE>
@ -75,7 +75,7 @@ Testing</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node2.html
View file

@ -79,7 +79,7 @@ Introduction</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node20.html
View file

@ -139,7 +139,7 @@ N * * * * /usr/local/bin/freshclam --quiet
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node21.html
View file

@ -77,7 +77,7 @@ Closest mirrors</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node22.html
View file

@ -80,7 +80,7 @@ Usage</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node23.html
View file

@ -68,7 +68,7 @@ Clam daemon
</UL> </UL>
The daemon is fully configurable via the <code>clamd.conf</code> file The daemon is fully configurable via the <code>clamd.conf</code> file
<A NAME="tex2html13" <A NAME="tex2html13"
HREF="footnode.html#foot210"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands: HREF="footnode.html#foot211"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands:
<UL> <UL>
<LI><SPAN CLASS="textbf">PING</SPAN> <LI><SPAN CLASS="textbf">PING</SPAN>
@ -160,7 +160,7 @@ Start/end a <code>clamd</code> session - you can do multiple commands
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node24.html
View file

@ -76,7 +76,7 @@ Clam<SPAN CLASS="textbf">d</SPAN>scan</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node25.html
View file

@ -92,7 +92,7 @@ SIGTERM signal. In other case you can lose access
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node26.html
View file

@ -70,7 +70,7 @@ Output format</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node27.html
View file

@ -94,7 +94,7 @@ clamscan</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node28.html
View file

@ -83,7 +83,7 @@ Error messages are printed in the following format:
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node29.html
View file

@ -124,7 +124,7 @@ LibClamAV</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

10
docs/html/node3.html
View file

@ -67,7 +67,7 @@ Features</A>
</LI> </LI>
<LI>Supports on-access scanning (Linux and FreeBSD only) <LI>Supports on-access scanning (Linux and FreeBSD only)
</LI> </LI>
<LI>Detects over 158.000 viruses, worms and trojans, including <LI>Detects over 230.000 viruses, worms and trojans, including
Microsoft Office macro viruses, mobile malware, and other threats Microsoft Office macro viruses, mobile malware, and other threats
</LI> </LI>
<LI>Scans within archives and compressed files (also protects <LI>Scans within archives and compressed files (also protects
@ -97,6 +97,8 @@ Features</A>
<LI>BinHex <LI>BinHex
</LI> </LI>
<LI>SIS (SymbianOS packages) <LI>SIS (SymbianOS packages)
</LI>
<LI>AutoIt
</LI> </LI>
</UL> </UL>
@ -104,12 +106,16 @@ Features</A>
<LI>Supports Portable Executable (32/64-bit) files compressed or obfuscated with: <LI>Supports Portable Executable (32/64-bit) files compressed or obfuscated with:
<UL> <UL>
<LI>AsPack
</LI>
<LI>UPX <LI>UPX
</LI> </LI>
<LI>FSG <LI>FSG
</LI> </LI>
<LI>Petite <LI>Petite
</LI> </LI>
<LI>PeSpin
</LI>
<LI>NsPack <LI>NsPack
</LI> </LI>
<LI>wwpack32 <LI>wwpack32
@ -177,7 +183,7 @@ Features</A>
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node30.html
View file

@ -58,14 +58,14 @@ Licence</A>
Libclamav is licensed under the GNU GPL v2 licence. This means you are Libclamav is licensed under the GNU GPL v2 licence. This means you are
<SPAN CLASS="textbf">not allowed</SPAN> to link commercial, close-source applications <SPAN CLASS="textbf">not allowed</SPAN> to link commercial, close-source applications
against it<A NAME="tex2html14" against it<A NAME="tex2html14"
HREF="footnode.html#foot267"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>. HREF="footnode.html#foot268"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>.
All software using libclamav must be GPL compliant. All software using libclamav must be GPL compliant.
<P> <P>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node31.html
View file

@ -77,7 +77,7 @@ Supported formats</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

8
docs/html/node32.html
View file

@ -60,12 +60,16 @@ Executables</A>
obfuscated with the following tools: obfuscated with the following tools:
<UL> <UL>
<LI>Aspack (2.12)
</LI>
<LI>UPX (all versions) <LI>UPX (all versions)
</LI> </LI>
<LI>FSG (1.3, 1.31, 1.33, 2.0) <LI>FSG (1.3, 1.31, 1.33, 2.0)
</LI> </LI>
<LI>Petite (2.x) <LI>Petite (2.x)
</LI> </LI>
<LI>PeSpin (1.1)
</LI>
<LI>NsPack <LI>NsPack
</LI> </LI>
<LI>wwpack32 (1.20) <LI>wwpack32 (1.20)
@ -74,8 +78,6 @@ Executables</A>
</LI> </LI>
<LI>Upack <LI>Upack
</LI> </LI>
<LI>SUE
</LI>
<LI>Y0da Cryptor (1.3) <LI>Y0da Cryptor (1.3)
</LI> </LI>
@ -85,7 +87,7 @@ Executables</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node33.html
View file

@ -62,7 +62,7 @@ Mail files</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node34.html
View file

@ -80,6 +80,8 @@ Archives and compressed files</A>
<LI>BinHex <LI>BinHex
</LI> </LI>
<LI>SIS (SymbianOS packages) <LI>SIS (SymbianOS packages)
</LI>
<LI>AutoIt
</LI> </LI>
</UL> </UL>
@ -88,7 +90,7 @@ Archives and compressed files</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node35.html
View file

@ -73,7 +73,7 @@ Documents</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node36.html
View file

@ -75,7 +75,7 @@ Others</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node37.html
View file

@ -75,7 +75,7 @@ API</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node38.html
View file

@ -64,7 +64,7 @@ Header file</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

15
docs/html/node39.html
View file

@ -70,7 +70,7 @@ Database loading</A>
is used for passing in the engine structure which should be previously is used for passing in the engine structure which should be previously
initialized with NULL. A number of loaded signatures will be <SPAN CLASS="textbf">added</SPAN> initialized with NULL. A number of loaded signatures will be <SPAN CLASS="textbf">added</SPAN>
to <code>signo</code> <A NAME="tex2html15" to <code>signo</code> <A NAME="tex2html15"
HREF="footnode.html#foot290"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags: HREF="footnode.html#foot291"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags:
<UL> <UL>
<LI><SPAN CLASS="textbf">CL_DB_STDOPT</SPAN> <LI><SPAN CLASS="textbf">CL_DB_STDOPT</SPAN>
@ -84,10 +84,19 @@ Load phishing signatures.
<LI><SPAN CLASS="textbf">CL_DB_PHISHING_URLS</SPAN> <LI><SPAN CLASS="textbf">CL_DB_PHISHING_URLS</SPAN>
<BR> <BR>
Initialize the phishing detection module and load .wdb and .pdb files. Initialize the phishing detection module and load .wdb and .pdb files.
</LI>
<LI><SPAN CLASS="textbf">CL_DB_PUA</SPAN>
<BR>
Load signatures for Potentially Unwanted Applications.
</LI>
<LI><SPAN CLASS="textbf">CL_DB_CVDNOTMP</SPAN>
<BR>
Load CVD files directly without unpacking them into a temporary
directory.
</LI> </LI>
</UL> </UL>
<code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a non-negative <code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a negative
value on failure. value on failure.
<PRE> <PRE>
... ...
@ -102,7 +111,7 @@ Initialize the phishing detection module and load .wdb and .pdb files.
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node4.html
View file

@ -86,7 +86,7 @@ Alternatively you can try asking on the <code>#clamav</code> IRC channel - launc
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node40.html
View file

@ -68,7 +68,7 @@ Error handling</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node41.html
View file

@ -74,7 +74,7 @@ Engine structure</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node42.html
View file

@ -72,7 +72,7 @@ Database reloading</A>
cl_statinidir(dbdir, &amp;dbstat); cl_statinidir(dbdir, &amp;dbstat);
</PRE> </PRE>
To check for a change you just need to call <code>cl_statchkdir</code> and check To check for a change you just need to call <code>cl_statchkdir</code> and check
its return value: its return value (0 - no change, 1 - some change occured):
<PRE> <PRE>
if(cl_statchkdir(&amp;dbstat) == 1) { if(cl_statchkdir(&amp;dbstat) == 1) {
reload_database...; reload_database...;
@ -101,7 +101,7 @@ Database reloading</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

47
docs/html/node43.html
View file

@ -65,7 +65,7 @@ Data scan functions</A>
long int *scanned, const struct cl_engine *engine, const long int *scanned, const struct cl_engine *engine, const
struct cl_limits *limits, unsigned int options); struct cl_limits *limits, unsigned int options);
</PRE> </PRE>
Both functions will save a virus name under the pointer <code>virname</code>, Both functions will store a virus name under the pointer <code>virname</code>,
the virus name is part of the engine structure and must not be released the virus name is part of the engine structure and must not be released
directly. If the third argument (<code>scanned</code>) is not NULL, the directly. If the third argument (<code>scanned</code>) is not NULL, the
functions will increase its value with the size of scanned data (in functions will increase its value with the size of scanned data (in
@ -73,16 +73,17 @@ Data scan functions</A>
limits in order to protect against Denial of Service attacks. limits in order to protect against Denial of Service attacks.
<PRE> <PRE>
struct cl_limits { struct cl_limits {
unsigned int maxreclevel; /* maximum recursion level for archives */ unsigned long int maxscansize; /* during the scanning of archives this
unsigned int maxfiles; /* maximum number of files to be scanned * size will never be exceeded
* within a single archive */
*/ unsigned long int maxfilesize; /* compressed files will only be
unsigned int maxmailrec; /* maximum recursion level for mail files */ * decompressed and scanned up to this size
unsigned int maxratio; /* maximum compression ratio */ */
unsigned long int maxfilesize;/* compressed files larger than this limit unsigned int maxreclevel; /* maximum recursion level for archives */
* will not be scanned unsigned int maxfiles; /* maximum number of files to be scanned
*/ * within a single archive
unsigned short archivememlim; /* limit memory usage for some unpackers */ */
unsigned short archivememlim; /* limit memory usage for some unpackers */
}; };
</PRE> </PRE>
The last argument (<code>options</code>) configures the scan engine and supports The last argument (<code>options</code>) configures the scan engine and supports
@ -108,11 +109,6 @@ This flag enables transparent scanning of various archive formats.
With this flag the library will mark encrypted archives as viruses With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR). (Encrypted.Zip, Encrypted.RAR).
</LI> </LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKMAX</SPAN>
<BR>
Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>,
or <code>maxreclevel</code> limit is reached.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN> <LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
<BR> <BR>
Enable support for mail files. Enable support for mail files.
@ -157,11 +153,6 @@ This flag enables HTML normalisation (including ScrEnc
<BR> <BR>
Enable algorithmic detection of viruses. Enable algorithmic detection of viruses.
</LI> </LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_DOMAINLIST</SPAN>
<BR>
Phishing module: restrict URL scanning to domains from .pdf
(RECOMMENDED).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN> <LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
<BR> <BR>
Phishing module: always block SSL mismatches in URLs. Phishing module: always block SSL mismatches in URLs.
@ -180,14 +171,10 @@ Phishing module: always block cloaked URLs.
const char *virname; const char *virname;
memset(&amp;limits, 0, sizeof(struct cl_limits)); memset(&amp;limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */ limits.maxfiles = 10000;
limits.maxfilesize = 10 * 1048576; /* maximum size of archived or limits.maxscansize = 100 * 1048576; /* 100 MB */
* compressed file (files exceeding limits.maxfilesize = 10 * 1048576; /* 10 MB */
* this limit will be ignored) limits.maxreclevel = 16;
*/
limits.maxreclevel = 5; /* maximum recursion level for archives */
limits.maxmailrec = 64; /* maximum recursion level for mail files */
limits.maxratio = 200; /* maximum compression ratio */
if((ret = cl_scanfile("/tmp/test.exe", &amp;virname, NULL, engine, if((ret = cl_scanfile("/tmp/test.exe", &amp;virname, NULL, engine,
&amp;limits, CL_STDOPT)) == CL_VIRUS) { &amp;limits, CL_STDOPT)) == CL_VIRUS) {
@ -227,7 +214,7 @@ Phishing module: always block cloaked URLs.
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node44.html
View file

@ -55,14 +55,14 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<H3><A NAME="SECTION00074200000000000000"> <H3><A NAME="SECTION00074200000000000000">
Memory</A> Memory</A>
</H3> </H3>
Because the engine structure consumes a few megabytes of system memory, you Because the engine structure occupies a few megabytes of system memory, you
should release it with <code>cl_free</code> if you no longer need to scan files. should release it with <code>cl_free</code> if you no longer need to scan files.
<P> <P>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node45.html
View file

@ -67,7 +67,7 @@ clamav-config</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node46.html
View file

@ -65,7 +65,7 @@ Example</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

19
docs/html/node47.html
View file

@ -65,15 +65,16 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)
<code>sigtool --info</code> displays detailed information on CVD files: <code>sigtool --info</code> displays detailed information on CVD files:
<PRE> <PRE>
zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd
Build time: 11 Feb 2007 19-28 +0000 File: daily.cvd
Version: 2553 Build time: 10 Mar 2008 10:45 +0000
# of signatures: 6063 Version: 6191
Functionality level: 9 Signatures: 59084
Functionality level: 26
Builder: ccordes Builder: ccordes
MD5: 7f337b409249e11dea3effb04dd352f2 MD5: 6e6e29dae36b4b7315932c921e568330
Digital signature: 6Ybd2eeDHBAs8raaEwmayqzoa5ysGDNnQ5Cc89mS2VCm1jRXZP Digital signature: zz9irc9irupR3z7yX6J+OR6XdFPUat4HIM9ERn3kAcOWpcMFxq
ke/itmkTyYQTc/rgJc2uQPr+NvzvUxRpsniwoyZ/gIkPniCLnqVCYOOytwtmirivbrV8j Fs4toG5WJsHda0Jj92IUusZ7wAgYjpai1Nr+jFfXHsJxv0dBkS5/XWMntj0T1ctNgqmiF
0kzxb9nHd+5UQqj/Z3rLbS7T5HCbRX3uE0JX1tAo642Gq9ACH9Fc +RLU6V0VeTl4Oej3Aya0cVpd9K4XXevEO2eTTvzWNCAq0ZzWNdjc
Verification OK. Verification OK.
</PRE> </PRE>
@ -81,7 +82,7 @@ Verification OK.
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node48.html
View file

@ -613,7 +613,7 @@ Contributors</A>
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node49.html
View file

@ -459,7 +459,7 @@ Donors</A>
<!--End of Navigation Panel--> <!--End of Navigation Panel-->
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node5.html
View file

@ -65,7 +65,7 @@ Virus submitting</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node50.html
View file

@ -63,7 +63,7 @@ Graphics</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node51.html
View file

@ -62,7 +62,7 @@ OpenAntiVirus</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node52.html
View file

@ -134,7 +134,7 @@ Role: coder
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node53.html
View file

@ -64,11 +64,11 @@ Mathematics Department, Macquarie University, Sydney.
The command line arguments were: <BR> The command line arguments were: <BR>
<STRONG>latex2html</STRONG> <TT>-local_icons clamdoc.tex</TT> <STRONG>latex2html</STRONG> <TT>-local_icons clamdoc.tex</TT>
<P> <P>
The translation was initiated by Tomasz Kojm on 2008-03-03 The translation was initiated by Tomasz Kojm on 2008-03-18
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node6.html
View file

@ -71,7 +71,7 @@ Base package</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

4
docs/html/node7.html
View file

@ -55,7 +55,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<H2><A NAME="SECTION00031000000000000000"> <H2><A NAME="SECTION00031000000000000000">
Supported platforms</A> Supported platforms</A>
</H2> </H2>
Most popular UNIX operating systems are supported. Clam AntiVirus 0.90 was Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was
tested on: tested on:
<UL> <UL>
@ -80,7 +80,7 @@ Supported platforms</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node8.html
View file

@ -61,7 +61,7 @@ Binary packages</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

2
docs/html/node9.html
View file

@ -77,7 +77,7 @@ Installation</A>
<BR><HR> <BR><HR>
<ADDRESS> <ADDRESS>
Tomasz Kojm Tomasz Kojm
2008-03-03 2008-03-18
</ADDRESS> </ADDRESS>
</BODY> </BODY>
</HTML> </HTML>

18
examples/ex1.c
View file

@ -1,6 +1,9 @@
/* /*
* Compilation: gcc -Wall ex1.c -o ex1 -lclamav * Compilation: gcc -Wall ex1.c -o ex1 -lclamav
* *
* Copyright (C) 2007 - 2008 Sourcefire, Inc.
* Author: Tomasz Kojm <tkojm@clamav.net>
*
* Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net> * Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net>
* *
* This program is free software; you can redistribute it and/or modify * This program is free software; you can redistribute it and/or modify
@ -75,14 +78,15 @@ int main(int argc, char **argv)
/* set up archive limits */ /* set up archive limits */
memset(&limits, 0, sizeof(struct cl_limits)); memset(&limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */ limits.maxscansize = 100 * 1048576; /* during the scanning of archives this
limits.maxfilesize = 10 * 1048576; /* maximum size of archived/compressed * size (100 MB) will never be exceeded
* file (files exceeding this limit */
* will be ignored) limits.maxfilesize = 10 * 1048576; /* compressed files will only be
* decompressed and scanned up to this
* size (10 MB)
*/ */
limits.maxreclevel = 5; /* maximum recursion level for archives */ limits.maxfiles = 10000; /* max files */
limits.maxmailrec = 64; /* maximum recursion level for mail files */ limits.maxreclevel = 16; /* maximum recursion level for archives */
limits.maxratio = 200; /* maximum compression ratio */
/* scan file descriptor */ /* scan file descriptor */
if((ret = cl_scandesc(fd, &virname, &size, engine, &limits, CL_SCAN_STDOPT)) == CL_VIRUS) { if((ret = cl_scandesc(fd, &virname, &size, engine, &limits, CL_SCAN_STDOPT)) == CL_VIRUS) {

2
libclamav/clamav.h
View file

@ -84,7 +84,7 @@ extern "C"
#define CL_SCAN_PE 0x20 #define CL_SCAN_PE 0x20
#define CL_SCAN_BLOCKBROKEN 0x40 #define CL_SCAN_BLOCKBROKEN 0x40
#define CL_SCAN_MAILURL 0x80 #define CL_SCAN_MAILURL 0x80
#define CL_SCAN_BLOCKMAX 0x100 #define CL_SCAN_BLOCKMAX 0x100 /* ignored */
#define CL_SCAN_ALGORITHMIC 0x200 #define CL_SCAN_ALGORITHMIC 0x200
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/ #define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000 #define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000