mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-23 04:13:17 +00:00
06e931e5db
Conflicts: docs/clamdoc.pdf docs/html/WARNINGS docs/html/clamdoc.html docs/html/index.html docs/html/node1.html docs/html/node10.html docs/html/node11.html docs/html/node12.html docs/html/node13.html docs/html/node14.html docs/html/node15.html docs/html/node16.html docs/html/node17.html docs/html/node18.html docs/html/node19.html docs/html/node2.html docs/html/node20.html docs/html/node21.html docs/html/node22.html docs/html/node23.html docs/html/node24.html docs/html/node25.html docs/html/node26.html docs/html/node27.html docs/html/node28.html docs/html/node29.html docs/html/node3.html docs/html/node30.html docs/html/node31.html docs/html/node32.html docs/html/node33.html docs/html/node34.html docs/html/node35.html docs/html/node36.html docs/html/node37.html docs/html/node38.html docs/html/node39.html docs/html/node4.html docs/html/node40.html docs/html/node41.html docs/html/node42.html docs/html/node43.html docs/html/node44.html docs/html/node45.html docs/html/node46.html docs/html/node47.html docs/html/node48.html docs/html/node49.html docs/html/node5.html docs/html/node50.html docs/html/node51.html docs/html/node52.html docs/html/node53.html docs/html/node54.html docs/html/node55.html docs/html/node56.html docs/html/node57.html docs/html/node58.html docs/html/node59.html docs/html/node6.html docs/html/node60.html docs/html/node61.html docs/html/node62.html docs/html/node63.html docs/html/node64.html docs/html/node65.html docs/html/node66.html docs/html/node67.html docs/html/node68.html docs/html/node7.html docs/html/node8.html docs/html/node9.html
227 lines
7.3 KiB
HTML
227 lines
7.3 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
|
|
|
<!--Converted with LaTeX2HTML 2008 (1.71)
|
|
original version by: Nikos Drakos, CBLU, University of Leeds
|
|
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
|
|
* with significant contributions from:
|
|
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
|
|
<HTML>
|
|
<HEAD>
|
|
<TITLE>Data scan functions</TITLE>
|
|
<META NAME="description" CONTENT="Data scan functions">
|
|
<META NAME="keywords" CONTENT="clamdoc">
|
|
<META NAME="resource-type" CONTENT="document">
|
|
<META NAME="distribution" CONTENT="global">
|
|
|
|
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
|
|
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
|
|
|
|
<LINK REL="STYLESHEET" HREF="clamdoc.css">
|
|
|
|
<LINK REL="next" HREF="node58.html">
|
|
<LINK REL="previous" HREF="node56.html">
|
|
<LINK REL="up" HREF="node49.html">
|
|
<LINK REL="next" HREF="node58.html">
|
|
</HEAD>
|
|
|
|
<BODY >
|
|
|
|
<DIV CLASS="navigation"><!--Navigation Panel-->
|
|
<A NAME="tex2html971"
|
|
HREF="node58.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
|
|
<A NAME="tex2html967"
|
|
HREF="node49.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
|
|
<A NAME="tex2html961"
|
|
HREF="node56.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
|
|
<A NAME="tex2html969"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html972"
|
|
HREF="node58.html">Memory</A>
|
|
<B> Up:</B> <A NAME="tex2html968"
|
|
HREF="node49.html">API</A>
|
|
<B> Previous:</B> <A NAME="tex2html962"
|
|
HREF="node56.html">Database checks</A>
|
|
<B> <A NAME="tex2html970"
|
|
HREF="node1.html">Contents</A></B>
|
|
<BR>
|
|
<BR></DIV>
|
|
<!--End of Navigation Panel-->
|
|
|
|
<H3><A NAME="SECTION00073800000000000000">
|
|
Data scan functions</A>
|
|
</H3>
|
|
It's possible to scan a file or descriptor using:
|
|
<PRE>
|
|
int cl_scanfile(const char *filename, const char **virname,
|
|
unsigned long int *scanned, const struct cl_engine *engine,
|
|
unsigned int options);
|
|
|
|
int cl_scandesc(int desc, const char **virname, unsigned
|
|
long int *scanned, const struct cl_engine *engine,
|
|
unsigned int options);
|
|
</PRE>
|
|
Both functions will store a virus name under the pointer <code>virname</code>,
|
|
the virus name is part of the engine structure and must not be released
|
|
directly. If the third argument (<code>scanned</code>) is not NULL, the
|
|
functions will increase its value with the size of scanned data (in
|
|
<code>CL_COUNT_PRECISION</code> units).
|
|
The last argument (<code>options</code>) specified the scan options and supports
|
|
the following flags (which can be combined using bit operators):
|
|
|
|
<UL>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_STDOPT</SPAN>
|
|
<BR>
|
|
This is an alias for a recommended set of scan options. You
|
|
should use it to make your software ready for new features
|
|
in the future versions of libclamav.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_RAW</SPAN>
|
|
<BR>
|
|
Use it alone if you want to disable support for special files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_ARCHIVE</SPAN>
|
|
<BR>
|
|
This flag enables transparent scanning of various archive formats.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKENCRYPTED</SPAN>
|
|
<BR>
|
|
With this flag the library will mark encrypted archives as viruses
|
|
(Encrypted.Zip, Encrypted.RAR).
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
|
|
<BR>
|
|
Enable support for mail files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_OLE2</SPAN>
|
|
<BR>
|
|
Enables support for OLE2 containers (used by MS Office and .msi
|
|
files).
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_PDF</SPAN>
|
|
<BR>
|
|
Enables scanning within PDF files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_SWF</SPAN>
|
|
<BR>
|
|
Enables scanning within SWF files, notably compressed SWF.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_PE</SPAN>
|
|
<BR>
|
|
This flag enables deep scanning of Portable Executable files and
|
|
allows libclamav to unpack executables compressed with run-time
|
|
unpackers.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_ELF</SPAN>
|
|
<BR>
|
|
Enable support for ELF files.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKBROKEN</SPAN>
|
|
<BR>
|
|
libclamav will try to detect broken executables and mark them as
|
|
Broken.Executable.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_HTML</SPAN>
|
|
<BR>
|
|
This flag enables HTML normalisation (including ScrEnc
|
|
decryption).
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_ALGORITHMIC</SPAN>
|
|
<BR>
|
|
Enable algorithmic detection of viruses.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
|
|
<BR>
|
|
Phishing module: always block SSL mismatches in URLs.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKCLOAK</SPAN>
|
|
<BR>
|
|
Phishing module: always block cloaked URLs.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED</SPAN>
|
|
<BR>
|
|
Enable the DLP module which scans for credit card and SSN
|
|
numbers.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_NORMAL</SPAN>
|
|
<BR>
|
|
Search for SSNs formatted as xx-yy-zzzz.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_STRIPPED</SPAN>
|
|
<BR>
|
|
Search for SSNs formatted as xxyyzzzz.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_PARTIAL_MESSAGE</SPAN>
|
|
<BR>
|
|
Scan RFC1341 messages split over many emails. You will need to
|
|
periodically clean up <code>$TemporaryDirectory/clamav-partial</code>
|
|
directory.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_HEURISTIC_PRECEDENCE</SPAN>
|
|
<BR>
|
|
Allow heuristic match to take precedence. When enabled, if
|
|
a heuristic scan (such as phishingScan) detects a possible
|
|
virus/phish it will stop scan immediately. Recommended, saves CPU
|
|
scan-time. When disabled, virus/phish detected by heuristic scans
|
|
will be reported only at the end of a scan. If an archive
|
|
contains both a heuristically detected virus/phishing, and a real
|
|
malware, the real malware will be reported.
|
|
</LI>
|
|
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKMACROS</SPAN>
|
|
<BR>
|
|
OLE2 containers, which contain VBA macros will be marked infected
|
|
(Heuristics.OLE2.ContainsMacros).
|
|
|
|
</LI>
|
|
</UL>
|
|
All functions return <code>CL_CLEAN</code> when the file seems clean,
|
|
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
|
|
<PRE>
|
|
...
|
|
const char *virname;
|
|
|
|
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
|
|
CL_SCAN_STDOPT)) == CL_VIRUS) {
|
|
printf("Virus detected: %s\n", virname);
|
|
} else {
|
|
printf("No virus detected.\n");
|
|
if(ret != CL_CLEAN)
|
|
printf("Error: %s\n", cl_strerror(ret));
|
|
}
|
|
</PRE>
|
|
|
|
<P>
|
|
|
|
<DIV CLASS="navigation"><HR>
|
|
<!--Navigation Panel-->
|
|
<A NAME="tex2html971"
|
|
HREF="node58.html">
|
|
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
|
|
<A NAME="tex2html967"
|
|
HREF="node49.html">
|
|
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
|
|
<A NAME="tex2html961"
|
|
HREF="node56.html">
|
|
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
|
|
<A NAME="tex2html969"
|
|
HREF="node1.html">
|
|
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
|
|
<BR>
|
|
<B> Next:</B> <A NAME="tex2html972"
|
|
HREF="node58.html">Memory</A>
|
|
<B> Up:</B> <A NAME="tex2html968"
|
|
HREF="node49.html">API</A>
|
|
<B> Previous:</B> <A NAME="tex2html962"
|
|
HREF="node56.html">Database checks</A>
|
|
<B> <A NAME="tex2html970"
|
|
HREF="node1.html">Contents</A></B> </DIV>
|
|
<!--End of Navigation Panel-->
|
|
<ADDRESS>
|
|
Cisco 2014-05-21
|
|
</ADDRESS>
|
|
</BODY>
|
|
</HTML>
|