mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-25 21:24:11 +00:00
252 lines
8.3 KiB
HTML
252 lines
8.3 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
|
|
<!--Converted with LaTeX2HTML 2002-2-1 (1.70)
|
|
original version by: Nikos Drakos, CBLU, University of Leeds
|
|
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
|
|
* with significant contributions from:
|
|
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>General API</TITLE>
|
|
<META NAME="description" CONTENT="General API">
|
|
<META NAME="keywords" CONTENT="clamdoc">
|
|
<META NAME="resource-type" CONTENT="document">
|
|
<META NAME="distribution" CONTENT="global">
|
|
|
|
<META NAME="Generator" CONTENT="LaTeX2HTML v2002-2-1">
|
|
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
|
|
|
|
<LINK REL="STYLESHEET" HREF="clamdoc.css">
|
|
|
|
<LINK REL="next" HREF="node79.html">
|
|
<LINK REL="previous" HREF="node77.html">
|
|
<LINK REL="up" HREF="node77.html">
|
|
<LINK REL="next" HREF="node79.html">
|
|
</HEAD>
|
|
|
|
<BODY >
|
|
|
|
<DIV CLASS="navigation"><!--Navigation Panel-->
|
|
<A NAME="tex2html1351"
|
|
HREF="node79.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next"
|
|
SRC="/usr/share/latex2html/icons/next.png"></A>
|
|
<A NAME="tex2html1347"
|
|
HREF="node77.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up"
|
|
SRC="/usr/share/latex2html/icons/up.png"></A>
|
|
<A NAME="tex2html1341"
|
|
HREF="node77.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous"
|
|
SRC="/usr/share/latex2html/icons/prev.png"></A>
|
|
<A NAME="tex2html1349"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents"
|
|
SRC="/usr/share/latex2html/icons/contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html1352"
|
|
HREF="node79.html">Database reloading</A>
|
|
<B> Up:</B> <A NAME="tex2html1348"
|
|
HREF="node77.html">LibClamAV</A>
|
|
<B> Previous:</B> <A NAME="tex2html1342"
|
|
HREF="node77.html">LibClamAV</A>
|
|
<B> <A NAME="tex2html1350"
|
|
HREF="node1.html">Contents</A></B>
|
|
<BR>
|
|
<BR></DIV>
|
|
<!--End of Navigation Panel-->
|
|
|
|
<H2><A NAME="SECTION00071000000000000000">
|
|
General API</A>
|
|
</H2>
|
|
Every program based on libclamav must include the <code>clamav.h</code> header
|
|
file:
|
|
<PRE>
|
|
#include <clamav.h>
|
|
</PRE>
|
|
A first step is to initialize the scanning engine. There are three
|
|
functions available:
|
|
<PRE>
|
|
int cl_loaddb(const char *filename, struct cl_node **root,
|
|
int *virnum);
|
|
|
|
int cl_loaddbdir(const char *dirname, struct cl_node **root,
|
|
int *virnum);
|
|
|
|
const char *cl_retdbdir(void);
|
|
</PRE>
|
|
<code>cl_loaddb()</code> loads a particular database, <code>cl_loaddbdir()</code>
|
|
loads all <SPAN CLASS="textit">.cvd</SPAN> (and older <SPAN CLASS="textit">.db</SPAN>, .db2) databases from a
|
|
directory <code>dirname</code>. <code>cl_retdbdir()</code> returns a hardcoded
|
|
database directory path. Initial internal database (Aho-Corasick tree,
|
|
trie; see <A HREF="node80.html#engine">6.3</A>) will be saved under <code>root</code> and a number of
|
|
signatures loaded will be <SPAN CLASS="textbf">added</SPAN> <A NAME="tex2html129"
|
|
HREF="footnode.html#foot742"><SUP><SPAN CLASS="arabic">8</SPAN></SUP></A> to <code>virnum</code>. Pointer to the trie
|
|
must initially point to NULL. If you don't care about number of signatures
|
|
pass NULL as a third argument. <code>cl_loaddb</code> functions return 0 on
|
|
success and an other value on failure.
|
|
<PRE>
|
|
struct cl_node *root = NULL;
|
|
int ret;
|
|
|
|
ret = cl_loaddbdir(cl_retdbdir(), &root, NULL);
|
|
</PRE>
|
|
There's an elegant way to print libclamav's error codes:
|
|
<PRE>
|
|
const char *cl_strerror(int clerror);
|
|
</PRE>
|
|
<code>cl_strerror()</code> returns a (statically allocated) string describing
|
|
a <code>clerror</code> code:
|
|
<PRE>
|
|
if(ret) {
|
|
printf("cl_loaddbdir() error: %s\n", cl_strerror(ret));
|
|
exit(1);
|
|
}
|
|
</PRE>
|
|
When database is loaded you must build the final trie with:
|
|
<PRE>
|
|
int cl_buildtrie(struct cl_node *root);
|
|
</PRE>
|
|
In our example:
|
|
<PRE>
|
|
if((ret = cl_buildtrie(root)))
|
|
printf("cl_buildtrie() error: %s\n", cl_strerror(ret));
|
|
</PRE>
|
|
Now you can scan a buffer, a descriptor or a file with:
|
|
<PRE>
|
|
int cl_scanbuff(const char *buffer, unsigned int length,
|
|
const char **virname, const struct cl_node *root);
|
|
|
|
int cl_scandesc(int desc, const char **virname, unsigned
|
|
long int *scanned, const struct cl_node *root, const
|
|
struct cl_limits *limits, int options);
|
|
|
|
int cl_scanfile(const char *filename, const char **virname,
|
|
unsigned long int *scanned, const struct cl_node *root,
|
|
const struct cl_limits *limits, int options);
|
|
</PRE>
|
|
All the functions save a virus name address under <code>virname</code> pointer.
|
|
It points to a name in the trie structure thus it can't be released
|
|
directly. <code>cl_scandesc()</code> and <code>cl_scanfile()</code> can
|
|
increase the <code>scanned</code> value in <code>CL_COUNT_PRECISION</code> units,
|
|
they also support archive limits:
|
|
<PRE>
|
|
struct cl_limits {
|
|
int maxreclevel; /* maximal recursion level */
|
|
int maxfiles; /* maximal number of files to be
|
|
* scanned within an archive
|
|
*/
|
|
int maxratio; /* maximal compression ratio */
|
|
short archivememlim; /* limit memory usage for bzip2 (0/1) */
|
|
long int maxfilesize; /* files in an archive larger than
|
|
* this value will not be scanned
|
|
*/
|
|
};
|
|
</PRE>
|
|
The last argument in the <code>cl_scan</code> family configures the scan
|
|
engine. It supports the following flags:
|
|
|
|
<UL>
|
|
<LI><SPAN CLASS="textbf">CL_RAW</SPAN>
|
|
<BR>
|
|
It does nothing. Please use it (alone) if you don't want
|
|
to scan any special files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_ARCHIVE</SPAN>
|
|
<BR>
|
|
This flag enables the transparent archive scanning.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_DISABLERAR</SPAN>
|
|
<BR>
|
|
Disables the built-in RAR unpacker which is known to cause
|
|
memory leaks.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_ENCRYPTED</SPAN>
|
|
<BR>
|
|
Marks encrypted archives as viruses (Encrypted.Zip,
|
|
Encrypted.RAR).
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_MAIL</SPAN>
|
|
<BR>
|
|
Required to scan various types of mail files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_OLE2</SPAN>
|
|
<BR>
|
|
Enables support for Microsoft Office document files.
|
|
|
|
</LI>
|
|
</UL>
|
|
All functions return 0 (<code>CL_CLEAN</code>) if the file is clean,
|
|
<code>CL_VIRUS</code> when virus is detected and an other value on failure.
|
|
<PRE>
|
|
struct cl_limits limits;
|
|
const char *virname;
|
|
|
|
memset(&limits, 0, sizeof(struct cl_limits));
|
|
/* maximal number of files in archive */;
|
|
limits.maxfiles = 1000
|
|
/* maximal archived file size == 10 MB */
|
|
limits.maxfilesize = 10 * 1048576;
|
|
/* maximal recursion level */
|
|
limits.maxreclevel = 5;
|
|
/* maximal compression ratio */
|
|
limits.maxratio = 200;
|
|
/* disable memory limit for bzip2 scanner */
|
|
limits.archivememlim = 0;
|
|
|
|
if((ret = cl_scanfile("/home/zolw/test", &virname, NULL, root,
|
|
&limits, CL_ARCHIVE | CL_MAIL | CL_OLE2)) == CL_VIRUS) {
|
|
printf("Detected %s virus.\n", virname);
|
|
} else {
|
|
printf("No virus detected.\n");
|
|
if(ret != CL_CLEAN)
|
|
printf("Error: %s\n", cl_strerror(ret));
|
|
}
|
|
</PRE>
|
|
Release the trie if you no longer need it:
|
|
<PRE>
|
|
void cl_freetrie(struct cl_node *root);
|
|
</PRE>
|
|
You will find an example scanner in clamav sources (/example). All
|
|
programs based on libclamav must be linked against it:
|
|
<PRE>
|
|
gcc -Wall ex1.c -o ex1 -lclamav
|
|
</PRE>
|
|
Enjoy !
|
|
|
|
<P>
|
|
|
|
<DIV CLASS="navigation"><HR>
|
|
<!--Navigation Panel-->
|
|
<A NAME="tex2html1351"
|
|
HREF="node79.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next"
|
|
SRC="/usr/share/latex2html/icons/next.png"></A>
|
|
<A NAME="tex2html1347"
|
|
HREF="node77.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up"
|
|
SRC="/usr/share/latex2html/icons/up.png"></A>
|
|
<A NAME="tex2html1341"
|
|
HREF="node77.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous"
|
|
SRC="/usr/share/latex2html/icons/prev.png"></A>
|
|
<A NAME="tex2html1349"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents"
|
|
SRC="/usr/share/latex2html/icons/contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html1352"
|
|
HREF="node79.html">Database reloading</A>
|
|
<B> Up:</B> <A NAME="tex2html1348"
|
|
HREF="node77.html">LibClamAV</A>
|
|
<B> Previous:</B> <A NAME="tex2html1342"
|
|
HREF="node77.html">LibClamAV</A>
|
|
<B> <A NAME="tex2html1350"
|
|
HREF="node1.html">Contents</A></B> </DIV>
|
|
<!--End of Navigation Panel-->
|
|
<ADDRESS>
|
|
Tomasz Kojm
|
|
2004-07-22
|
|
</ADDRESS>
|
|
</BODY>
|
|
</HTML>
|