Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-19 18:33:16 +00:00
Code Issues Projects Releases Packages Wiki Activity

various updates

Browse source 
git-svn: trunk@3721
This commit is contained in:
Tomasz Kojm 2008-03-18 15:40:41 +00:00
parent 758b2755c5
commit 50b8f5d66b
61 changed files with 188 additions and 158 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ChangeLog
View file

@ -1,3 +1,8 @@
Tue Mar 18 15:47:47 CET 2008 (tk)
---------------------------------
* docs/clamdoc.*: various documentation updates
* examples/ex1.c: update to new limits
Tue Mar 18 13:35:00 EET 2008 (edwin)
------------------------------------
* libclamav/entconv.c: fix memory leak (patch from TK)

BIN
docs/clamdoc.pdf
View file

Binary file not shown.

78
docs/clamdoc.tex
View file

@ -127,7 +127,7 @@
\item{POSIX compliant, portable}
\item{Fast scanning}
\item{Supports on-access scanning (Linux and FreeBSD only)}
\item{Detects over 158.000 viruses, worms and trojans, including
\item{Detects over 230.000 viruses, worms and trojans, including
Microsoft Office macro viruses, mobile malware, and other threats}
\item{Scans within archives and compressed files (also protects
against archive bombs), built-in support includes:
@ -144,12 +144,15 @@
\item MS SZDD compression format
\item BinHex
\item SIS (SymbianOS packages)
\item AutoIt
\end{itemize}}
\item{Supports Portable Executable (32/64-bit) files compressed or obfuscated with:}
\begin{itemize}
\item AsPack
\item UPX
\item FSG
\item Petite
\item PeSpin
\item NsPack
\item wwpack32
\item MEW
@ -200,7 +203,7 @@
\section{Base package}
\subsection{Supported platforms}
Most popular UNIX operating systems are supported. Clam AntiVirus 0.90 was
Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was
tested on:
\begin{itemize}
\item{GNU/Linux}
@ -223,7 +226,13 @@
The following elements are required to compile ClamAV:
\begin{itemize}
\item zlib and zlib-devel packages
\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)
\item gcc compiler suite (tested with 2.9x, 3.x and 4.x series)\\
\textbf{If you are compiling with higher optimization levels
than the default one (\hbox{-O2} for gcc), be aware that there
have been reports of misoptimizations. The build system of ClamAV
only checks for bugs affecting the default settings, it is your
responsibility to check that your compiler version doesn't
have any bugs.}
\end{itemize}
The following packages are optional but \textbf{highly recommended}:
\begin{itemize}
@ -610,14 +619,15 @@ N * * * * /usr/local/bin/freshclam --quiet
and 32-bit ELF files. Additionally, it can handle PE files compressed or
obfuscated with the following tools:
\begin{itemize}
\item Aspack (2.12)
\item UPX (all versions)
\item FSG (1.3, 1.31, 1.33, 2.0)
\item Petite (2.x)
\item PeSpin (1.1)
\item NsPack
\item wwpack32 (1.20)
\item MEW
\item Upack
\item SUE
\item Y0da Cryptor (1.3)
\end{itemize}
@ -640,6 +650,7 @@ N * * * * /usr/local/bin/freshclam --quiet
\item MS SZDD compression format
\item BinHex
\item SIS (SymbianOS packages)
\item AutoIt
\end{itemize}
\subsubsection{Documents}
@ -694,8 +705,13 @@ N * * * * /usr/local/bin/freshclam --quiet
Load phishing signatures.
\item \textbf{CL\_DB\_PHISHING\_URLS}\\
Initialize the phishing detection module and load .wdb and .pdb files.
\item \textbf{CL\_DB\_PUA}\\
Load signatures for Potentially Unwanted Applications.
\item \textbf{CL\_DB\_CVDNOTMP}\\
Load CVD files directly without unpacking them into a temporary
directory.
\end{itemize}
\verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a non-negative
\verb+cl_load+ returns 0 (\verb+CL_SUCCESS+) on success and a negative
value on failure.
\begin{verbatim}
...
@ -751,7 +767,7 @@ N * * * * /usr/local/bin/freshclam --quiet
cl_statinidir(dbdir, &dbstat);
\end{verbatim}
To check for a change you just need to call \verb+cl_statchkdir+ and check
its return value:
its return value (0 - no change, 1 - some change occured):
\begin{verbatim}
if(cl_statchkdir(&dbstat) == 1) {
reload_database...;
@ -772,7 +788,7 @@ N * * * * /usr/local/bin/freshclam --quiet
long int *scanned, const struct cl_engine *engine, const
struct cl_limits *limits, unsigned int options);
\end{verbatim}
Both functions will save a virus name under the pointer \verb+virname+,
Both functions will store a virus name under the pointer \verb+virname+,
the virus name is part of the engine structure and must not be released
directly. If the third argument (\verb+scanned+) is not NULL, the
functions will increase its value with the size of scanned data (in
@ -780,15 +796,16 @@ N * * * * /usr/local/bin/freshclam --quiet
limits in order to protect against Denial of Service attacks.
\begin{verbatim}
struct cl_limits {
unsigned long int maxscansize; /* during the scanning of archives this
* size will never be exceeded
*/
unsigned long int maxfilesize; /* compressed files will only be
* decompressed and scanned up to this size
*/
unsigned int maxreclevel; /* maximum recursion level for archives */
unsigned int maxfiles; /* maximum number of files to be scanned
* within a single archive
*/
unsigned int maxmailrec; /* maximum recursion level for mail files */
unsigned int maxratio; /* maximum compression ratio */
unsigned long int maxfilesize;/* compressed files larger than this limit
* will not be scanned
*/
unsigned short archivememlim; /* limit memory usage for some unpackers */
};
\end{verbatim}
@ -806,9 +823,6 @@ struct cl_limits {
\item \textbf{CL\_SCAN\_BLOCKENCRYPTED}\\
With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
\item \textbf{CL\_SCAN\_BLOCKMAX}\\
Mark archives as viruses if \verb+maxfiles+, \verb+maxfilesize+,
or \verb+maxreclevel+ limit is reached.
\item \textbf{CL\_SCAN\_MAIL}\\
Enable support for mail files.
\item \textbf{CL\_SCAN\_MAILURL}\\
@ -835,9 +849,6 @@ struct cl_limits {
decryption).
\item \textbf{CL\_SCAN\_ALGORITHMIC}\\
Enable algorithmic detection of viruses.
\item \textbf{CL\_SCAN\_PHISHING\_DOMAINLIST}\\
Phishing module: restrict URL scanning to domains from .pdf
(RECOMMENDED).
\item \textbf{CL\_SCAN\_PHISHING\_BLOCKSSL}\\
Phishing module: always block SSL mismatches in URLs.
\item \textbf{CL\_SCAN\_PHISHING\_BLOCKCLOAK}\\
@ -851,14 +862,10 @@ struct cl_limits {
const char *virname;
memset(&limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */
limits.maxfilesize = 10 * 1048576; /* maximum size of archived or
* compressed file (files exceeding
* this limit will be ignored)
*/
limits.maxreclevel = 5; /* maximum recursion level for archives */
limits.maxmailrec = 64; /* maximum recursion level for mail files */
limits.maxratio = 200; /* maximum compression ratio */
limits.maxfiles = 10000;
limits.maxscansize = 100 * 1048576; /* 100 MB */
limits.maxfilesize = 10 * 1048576; /* 10 MB */
limits.maxreclevel = 16;
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
&limits, CL_STDOPT)) == CL_VIRUS) {
@ -871,7 +878,7 @@ struct cl_limits {
\end{verbatim}
\subsubsection{Memory}
Because the engine structure consumes a few megabytes of system memory, you
Because the engine structure occupies a few megabytes of system memory, you
should release it with \verb+cl_free+ if you no longer need to scan files.
\subsubsection{clamav-config}
@ -902,15 +909,16 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)
\verb+sigtool --info+ displays detailed information on CVD files:
\begin{verbatim}
zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd
Build time: 11 Feb 2007 19-28 +0000
Version: 2553
# of signatures: 6063
Functionality level: 9
File: daily.cvd
Build time: 10 Mar 2008 10:45 +0000
Version: 6191
Signatures: 59084
Functionality level: 26
Builder: ccordes
MD5: 7f337b409249e11dea3effb04dd352f2
Digital signature: 6Ybd2eeDHBAs8raaEwmayqzoa5ysGDNnQ5Cc89mS2VCm1jRXZP
ke/itmkTyYQTc/rgJc2uQPr+NvzvUxRpsniwoyZ/gIkPniCLnqVCYOOytwtmirivbrV8j
0kzxb9nHd+5UQqj/Z3rLbS7T5HCbRX3uE0JX1tAo642Gq9ACH9Fc
MD5: 6e6e29dae36b4b7315932c921e568330
Digital signature: zz9irc9irupR3z7yX6J+OR6XdFPUat4HIM9ERn3kAcOWpcMFxq
Fs4toG5WJsHda0Jj92IUusZ7wAgYjpai1Nr+jFfXHsJxv0dBkS5/XWMntj0T1ctNgqmiF
+RLU6V0VeTl4Oej3Aya0cVpd9K4XXevEO2eTTvzWNCAq0ZzWNdjc
Verification OK.
\end{verbatim}

2
docs/html/clamdoc.html
View file

@ -209,7 +209,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

10
docs/html/footnode.html
View file

@ -98,7 +98,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
.
</PRE>
</DD>
<DT><A NAME="foot135">... system:</A><A
<DT><A NAME="foot136">... system:</A><A
HREF="node12.html#tex2html7"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A></DT>
<DD>Cygwin note: If you have not
/etc/passwd you can skip this point
@ -135,7 +135,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
.
</PRE>
</DD>
<DT><A NAME="foot176">... file</A><A
<DT><A NAME="foot177">... file</A><A
HREF="node19.html#tex2html9"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A></DT>
<DD>To get more info on clamscan options run 'man clamscan'
@ -171,7 +171,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
.
</PRE>
</DD>
<DT><A NAME="foot210">... file</A><A
<DT><A NAME="foot211">... file</A><A
HREF="node23.html#tex2html13"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A></DT>
<DD>man 5 clamd.conf
@ -207,7 +207,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
.
</PRE>
</DD>
<DT><A NAME="foot267">... it</A><A
<DT><A NAME="foot268">... it</A><A
HREF="node30.html#tex2html14"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A></DT>
<DD>You can still use clamd or clamscan instead
@ -243,7 +243,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
.
</PRE>
</DD>
<DT><A NAME="foot290">... <code>signo</code></A><A
<DT><A NAME="foot291">... <code>signo</code></A><A
HREF="node39.html#tex2html15"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A></DT>
<DD>Remember to initialize the virus counter
variable with 0.

2
docs/html/index.html
View file

@ -209,7 +209,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node1.html
View file

@ -179,7 +179,7 @@ ClamAV and Clam AntiVirus are trademarks of Sourcefire, Inc.
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

8
docs/html/node10.html
View file

@ -61,6 +61,12 @@ Requirements</A>
<LI>zlib and zlib-devel packages
</LI>
<LI>gcc compiler suite (tested with 2.9x, 3.x and 4.x series)
<BR> <SPAN CLASS="textbf">If you are compiling with higher optimization levels
than the default one (-O2 for gcc), be aware that there
have been reports of misoptimizations. The build system of ClamAV
only checks for bugs affecting the default settings, it is your
responsibility to check that your compiler version doesn't
have any bugs.</SPAN>
</LI>
</UL>
@ -90,7 +96,7 @@ A note for Solaris/SPARC users: you must set the <SPAN CLASS="textit">ABI</SPAN
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node11.html
View file

@ -75,7 +75,7 @@ Installing on shell account</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node12.html
View file

@ -57,7 +57,7 @@ Adding new system user and group</A>
</H2>
If you are installing ClamAV for the first time, you have to add a new
user and group to your system: <A NAME="tex2html7"
HREF="footnode.html#foot135"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <PRE>
HREF="footnode.html#foot136"><SUP><SPAN CLASS="arabic">3</SPAN></SUP></A> <PRE>
# groupadd clamav
# useradd -g clamav -s /bin/false -c "Clam AntiVirus" clamav
</PRE>
@ -69,7 +69,7 @@ Adding new system user and group</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node13.html
View file

@ -75,7 +75,7 @@ Compilation of base package</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node14.html
View file

@ -64,7 +64,7 @@ Compilation with clamav-milter enabled</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node15.html
View file

@ -83,7 +83,7 @@ Configuration</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node16.html
View file

@ -79,7 +79,7 @@ clamd</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node17.html
View file

@ -90,7 +90,7 @@ On-access scanning</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node18.html
View file

@ -81,7 +81,7 @@ define(`confINPUT_MAIL_FILTERS', `clmilter')
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node19.html
View file

@ -62,7 +62,7 @@ Testing</A>
It should find some test files in the clamav-x.yz/test directory.
The scan result will be saved in the <code>scan.txt</code> log file
<A NAME="tex2html9"
HREF="footnode.html#foot176"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>.
HREF="footnode.html#foot177"><SUP><SPAN CLASS="arabic">4</SPAN></SUP></A>.
To test <code>clamd</code>, start it and use <code>clamdscan</code> (or instead connect
directly to its socket and run the SCAN command):
<PRE>
@ -75,7 +75,7 @@ Testing</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node2.html
View file

@ -79,7 +79,7 @@ Introduction</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node20.html
View file

@ -139,7 +139,7 @@ N * * * * /usr/local/bin/freshclam --quiet
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node21.html
View file

@ -77,7 +77,7 @@ Closest mirrors</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node22.html
View file

@ -80,7 +80,7 @@ Usage</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node23.html
View file

@ -68,7 +68,7 @@ Clam daemon
</UL>
The daemon is fully configurable via the <code>clamd.conf</code> file
<A NAME="tex2html13"
HREF="footnode.html#foot210"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands:
HREF="footnode.html#foot211"><SUP><SPAN CLASS="arabic">5</SPAN></SUP></A>. <code>clamd</code> recognizes the following commands:
<UL>
<LI><SPAN CLASS="textbf">PING</SPAN>
@ -160,7 +160,7 @@ Start/end a <code>clamd</code> session - you can do multiple commands
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node24.html
View file

@ -76,7 +76,7 @@ Clam<SPAN CLASS="textbf">d</SPAN>scan</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node25.html
View file

@ -92,7 +92,7 @@ SIGTERM signal. In other case you can lose access
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node26.html
View file

@ -70,7 +70,7 @@ Output format</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node27.html
View file

@ -94,7 +94,7 @@ clamscan</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node28.html
View file

@ -83,7 +83,7 @@ Error messages are printed in the following format:
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node29.html
View file

@ -124,7 +124,7 @@ LibClamAV</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

10
docs/html/node3.html
View file

@ -67,7 +67,7 @@ Features</A>
</LI>
<LI>Supports on-access scanning (Linux and FreeBSD only)
</LI>
<LI>Detects over 158.000 viruses, worms and trojans, including
<LI>Detects over 230.000 viruses, worms and trojans, including
Microsoft Office macro viruses, mobile malware, and other threats
</LI>
<LI>Scans within archives and compressed files (also protects
@ -97,6 +97,8 @@ Features</A>
<LI>BinHex
</LI>
<LI>SIS (SymbianOS packages)
</LI>
<LI>AutoIt
</LI>
</UL>
@ -104,12 +106,16 @@ Features</A>
<LI>Supports Portable Executable (32/64-bit) files compressed or obfuscated with:
<UL>
<LI>AsPack
</LI>
<LI>UPX
</LI>
<LI>FSG
</LI>
<LI>Petite
</LI>
<LI>PeSpin
</LI>
<LI>NsPack
</LI>
<LI>wwpack32
@ -177,7 +183,7 @@ Features</A>
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node30.html
View file

@ -58,14 +58,14 @@ Licence</A>
Libclamav is licensed under the GNU GPL v2 licence. This means you are
<SPAN CLASS="textbf">not allowed</SPAN> to link commercial, close-source applications
against it<A NAME="tex2html14"
HREF="footnode.html#foot267"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>.
HREF="footnode.html#foot268"><SUP><SPAN CLASS="arabic">6</SPAN></SUP></A>.
All software using libclamav must be GPL compliant.
<P>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node31.html
View file

@ -77,7 +77,7 @@ Supported formats</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

8
docs/html/node32.html
View file

@ -60,12 +60,16 @@ Executables</A>
obfuscated with the following tools:
<UL>
<LI>Aspack (2.12)
</LI>
<LI>UPX (all versions)
</LI>
<LI>FSG (1.3, 1.31, 1.33, 2.0)
</LI>
<LI>Petite (2.x)
</LI>
<LI>PeSpin (1.1)
</LI>
<LI>NsPack
</LI>
<LI>wwpack32 (1.20)
@ -74,8 +78,6 @@ Executables</A>
</LI>
<LI>Upack
</LI>
<LI>SUE
</LI>
<LI>Y0da Cryptor (1.3)
</LI>
@ -85,7 +87,7 @@ Executables</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node33.html
View file

@ -62,7 +62,7 @@ Mail files</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node34.html
View file

@ -80,6 +80,8 @@ Archives and compressed files</A>
<LI>BinHex
</LI>
<LI>SIS (SymbianOS packages)
</LI>
<LI>AutoIt
</LI>
</UL>
@ -88,7 +90,7 @@ Archives and compressed files</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node35.html
View file

@ -73,7 +73,7 @@ Documents</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node36.html
View file

@ -75,7 +75,7 @@ Others</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node37.html
View file

@ -75,7 +75,7 @@ API</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node38.html
View file

@ -64,7 +64,7 @@ Header file</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

15
docs/html/node39.html
View file

@ -70,7 +70,7 @@ Database loading</A>
is used for passing in the engine structure which should be previously
initialized with NULL. A number of loaded signatures will be <SPAN CLASS="textbf">added</SPAN>
to <code>signo</code> <A NAME="tex2html15"
HREF="footnode.html#foot290"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags:
HREF="footnode.html#foot291"><SUP><SPAN CLASS="arabic">7</SPAN></SUP></A>. The last argument can pass the following flags:
<UL>
<LI><SPAN CLASS="textbf">CL_DB_STDOPT</SPAN>
@ -84,10 +84,19 @@ Load phishing signatures.
<LI><SPAN CLASS="textbf">CL_DB_PHISHING_URLS</SPAN>
<BR>
Initialize the phishing detection module and load .wdb and .pdb files.
</LI>
<LI><SPAN CLASS="textbf">CL_DB_PUA</SPAN>
<BR>
Load signatures for Potentially Unwanted Applications.
</LI>
<LI><SPAN CLASS="textbf">CL_DB_CVDNOTMP</SPAN>
<BR>
Load CVD files directly without unpacking them into a temporary
directory.
</LI>
</UL>
<code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a non-negative
<code>cl_load</code> returns 0 (<code>CL_SUCCESS</code>) on success and a negative
value on failure.
<PRE>
...
@ -102,7 +111,7 @@ Initialize the phishing detection module and load .wdb and .pdb files.
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node4.html
View file

@ -86,7 +86,7 @@ Alternatively you can try asking on the <code>#clamav</code> IRC channel - launc
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node40.html
View file

@ -68,7 +68,7 @@ Error handling</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node41.html
View file

@ -74,7 +74,7 @@ Engine structure</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node42.html
View file

@ -72,7 +72,7 @@ Database reloading</A>
cl_statinidir(dbdir, &amp;dbstat);
</PRE>
To check for a change you just need to call <code>cl_statchkdir</code> and check
its return value:
its return value (0 - no change, 1 - some change occured):
<PRE>
if(cl_statchkdir(&amp;dbstat) == 1) {
reload_database...;
@ -101,7 +101,7 @@ Database reloading</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

37
docs/html/node43.html
View file

@ -65,7 +65,7 @@ Data scan functions</A>
long int *scanned, const struct cl_engine *engine, const
struct cl_limits *limits, unsigned int options);
</PRE>
Both functions will save a virus name under the pointer <code>virname</code>,
Both functions will store a virus name under the pointer <code>virname</code>,
the virus name is part of the engine structure and must not be released
directly. If the third argument (<code>scanned</code>) is not NULL, the
functions will increase its value with the size of scanned data (in
@ -73,15 +73,16 @@ Data scan functions</A>
limits in order to protect against Denial of Service attacks.
<PRE>
struct cl_limits {
unsigned long int maxscansize; /* during the scanning of archives this
* size will never be exceeded
*/
unsigned long int maxfilesize; /* compressed files will only be
* decompressed and scanned up to this size
*/
unsigned int maxreclevel; /* maximum recursion level for archives */
unsigned int maxfiles; /* maximum number of files to be scanned
* within a single archive
*/
unsigned int maxmailrec; /* maximum recursion level for mail files */
unsigned int maxratio; /* maximum compression ratio */
unsigned long int maxfilesize;/* compressed files larger than this limit
* will not be scanned
*/
unsigned short archivememlim; /* limit memory usage for some unpackers */
};
</PRE>
@ -108,11 +109,6 @@ This flag enables transparent scanning of various archive formats.
With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKMAX</SPAN>
<BR>
Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>,
or <code>maxreclevel</code> limit is reached.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
<BR>
Enable support for mail files.
@ -157,11 +153,6 @@ This flag enables HTML normalisation (including ScrEnc
<BR>
Enable algorithmic detection of viruses.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_DOMAINLIST</SPAN>
<BR>
Phishing module: restrict URL scanning to domains from .pdf
(RECOMMENDED).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
<BR>
Phishing module: always block SSL mismatches in URLs.
@ -180,14 +171,10 @@ Phishing module: always block cloaked URLs.
const char *virname;
memset(&amp;limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */
limits.maxfilesize = 10 * 1048576; /* maximum size of archived or
* compressed file (files exceeding
* this limit will be ignored)
*/
limits.maxreclevel = 5; /* maximum recursion level for archives */
limits.maxmailrec = 64; /* maximum recursion level for mail files */
limits.maxratio = 200; /* maximum compression ratio */
limits.maxfiles = 10000;
limits.maxscansize = 100 * 1048576; /* 100 MB */
limits.maxfilesize = 10 * 1048576; /* 10 MB */
limits.maxreclevel = 16;
if((ret = cl_scanfile("/tmp/test.exe", &amp;virname, NULL, engine,
&amp;limits, CL_STDOPT)) == CL_VIRUS) {
@ -227,7 +214,7 @@ Phishing module: always block cloaked URLs.
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node44.html
View file

@ -55,14 +55,14 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<H3><A NAME="SECTION00074200000000000000">
Memory</A>
</H3>
Because the engine structure consumes a few megabytes of system memory, you
Because the engine structure occupies a few megabytes of system memory, you
should release it with <code>cl_free</code> if you no longer need to scan files.
<P>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node45.html
View file

@ -67,7 +67,7 @@ clamav-config</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node46.html
View file

@ -65,7 +65,7 @@ Example</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

19
docs/html/node47.html
View file

@ -65,15 +65,16 @@ level required:MD5 checksum:digital signature:builder name:build time (sec)
<code>sigtool --info</code> displays detailed information on CVD files:
<PRE>
zolw@localhost:/usr/local/share/clamav$ sigtool -i daily.cvd
Build time: 11 Feb 2007 19-28 +0000
Version: 2553
# of signatures: 6063
Functionality level: 9
File: daily.cvd
Build time: 10 Mar 2008 10:45 +0000
Version: 6191
Signatures: 59084
Functionality level: 26
Builder: ccordes
MD5: 7f337b409249e11dea3effb04dd352f2
Digital signature: 6Ybd2eeDHBAs8raaEwmayqzoa5ysGDNnQ5Cc89mS2VCm1jRXZP
ke/itmkTyYQTc/rgJc2uQPr+NvzvUxRpsniwoyZ/gIkPniCLnqVCYOOytwtmirivbrV8j
0kzxb9nHd+5UQqj/Z3rLbS7T5HCbRX3uE0JX1tAo642Gq9ACH9Fc
MD5: 6e6e29dae36b4b7315932c921e568330
Digital signature: zz9irc9irupR3z7yX6J+OR6XdFPUat4HIM9ERn3kAcOWpcMFxq
Fs4toG5WJsHda0Jj92IUusZ7wAgYjpai1Nr+jFfXHsJxv0dBkS5/XWMntj0T1ctNgqmiF
+RLU6V0VeTl4Oej3Aya0cVpd9K4XXevEO2eTTvzWNCAq0ZzWNdjc
Verification OK.
</PRE>
@ -81,7 +82,7 @@ Verification OK.
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node48.html
View file

@ -613,7 +613,7 @@ Contributors</A>
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node49.html
View file

@ -459,7 +459,7 @@ Donors</A>
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node5.html
View file

@ -65,7 +65,7 @@ Virus submitting</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node50.html
View file

@ -63,7 +63,7 @@ Graphics</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node51.html
View file

@ -62,7 +62,7 @@ OpenAntiVirus</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node52.html
View file

@ -134,7 +134,7 @@ Role: coder
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node53.html
View file

@ -64,11 +64,11 @@ Mathematics Department, Macquarie University, Sydney.
The command line arguments were: <BR>
<STRONG>latex2html</STRONG> <TT>-local_icons clamdoc.tex</TT>
<P>
The translation was initiated by Tomasz Kojm on 2008-03-03
The translation was initiated by Tomasz Kojm on 2008-03-18
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node6.html
View file

@ -71,7 +71,7 @@ Base package</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

4
docs/html/node7.html
View file

@ -55,7 +55,7 @@ original version by: Nikos Drakos, CBLU, University of Leeds
<H2><A NAME="SECTION00031000000000000000">
Supported platforms</A>
</H2>
Most popular UNIX operating systems are supported. Clam AntiVirus 0.90 was
Most popular UNIX operating systems are supported. Clam AntiVirus 0.9x was
tested on:
<UL>
@ -80,7 +80,7 @@ Supported platforms</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node8.html
View file

@ -61,7 +61,7 @@ Binary packages</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

2
docs/html/node9.html
View file

@ -77,7 +77,7 @@ Installation</A>
<BR><HR>
<ADDRESS>
Tomasz Kojm
2008-03-03
2008-03-18
</ADDRESS>
</BODY>
</HTML>

18
examples/ex1.c
View file

@ -1,6 +1,9 @@
/*
* Compilation: gcc -Wall ex1.c -o ex1 -lclamav
*
* Copyright (C) 2007 - 2008 Sourcefire, Inc.
* Author: Tomasz Kojm <tkojm@clamav.net>
*
* Copyright (C) 2002 - 2006 Tomasz Kojm <tkojm@clamav.net>
*
* This program is free software; you can redistribute it and/or modify
@ -75,14 +78,15 @@ int main(int argc, char **argv)
/* set up archive limits */
memset(&limits, 0, sizeof(struct cl_limits));
limits.maxfiles = 1000; /* max files */
limits.maxfilesize = 10 * 1048576; /* maximum size of archived/compressed
* file (files exceeding this limit
* will be ignored)
limits.maxscansize = 100 * 1048576; /* during the scanning of archives this
* size (100 MB) will never be exceeded
*/
limits.maxreclevel = 5; /* maximum recursion level for archives */
limits.maxmailrec = 64; /* maximum recursion level for mail files */
limits.maxratio = 200; /* maximum compression ratio */
limits.maxfilesize = 10 * 1048576; /* compressed files will only be
* decompressed and scanned up to this
* size (10 MB)
*/
limits.maxfiles = 10000; /* max files */
limits.maxreclevel = 16; /* maximum recursion level for archives */
/* scan file descriptor */
if((ret = cl_scandesc(fd, &virname, &size, engine, &limits, CL_SCAN_STDOPT)) == CL_VIRUS) {

2
libclamav/clamav.h
View file

@ -84,7 +84,7 @@ extern "C"
#define CL_SCAN_PE 0x20
#define CL_SCAN_BLOCKBROKEN 0x40
#define CL_SCAN_MAILURL 0x80
#define CL_SCAN_BLOCKMAX 0x100
#define CL_SCAN_BLOCKMAX 0x100 /* ignored */
#define CL_SCAN_ALGORITHMIC 0x200
#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/
#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000