Hi everyone,
I wrote this python code. It shows how to load libclamav.dll and call
exported functions to scan a file.
#
# Python version: 2.7.3
# libclamav.dll version : 0.97.0.0
#
# Author: Ab Arous <ab@tunforge.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
import sys
from ctypes import *
import argparse
# JUST SOME CONSTANTS THAT WE NEED IN THIS EXEMPLE
CL_INIT_DEFAULT = 0x0
CL_SUCCESS = 0
CL_DB_BYTECODE = 0x2000
CL_SCAN_PE = 0x20
CL_CLEAN = 0
# RETRIEVE THE NAME OF THE FILE TO SCAN FROM THE COMMAND LINE ARGUMENTS
parser = argparse.ArgumentParser(description='Sample demo: Using
libclamav.dll to scan a file')
parser.add_argument('-f', '--file', help='File to scan', required=True)
args = parser.parse_args()
FILE_TO_SCAN_PATH = args.file
# CHECK IF THE FILE EXIST
fdesc = open(FILE_TO_SCAN_PATH, "r")
if not fdesc:
print "PYTHON # File not found: %s" % FILE_TO_SCAN_PATH
sys.exit(1)
fdesc.close()
# CALLING LoadLibrary
LIBCLAMAV_PATH = "libclamav.dll"
libclam = cdll.LoadLibrary(LIBCLAMAV_PATH)
if libclam:
print "PYTHON # libclamav loaded : %s " % libclam
# INITIALIZATION
init = libclam.cl_init(CL_INIT_DEFAULT)
if init != CL_SUCCESS:
print "PYTHON # Can't initiaize libclamav: %s " %
libclam.cl_strerror(init)
sys.exit(1)
else:
print "PYTHON # Initialized "
# ENABLE DEBUG MESSAGES
# UNCOMMENT CODE BELOW TO SEE DEBUG MESSAGES
#libdebug = libclam.cl_debug()
#if libdebug:
# print "PYTHON # Debug enabled : %s " % libdebug
# CREATE NEW ENGINE
engine = libclam.cl_engine_new()
if not engine:
print "PYTHON # Can't create new engine"
sys.exit(1)
else:
print "PYTHON # New engine created : %s " % engine
# LOADING SIGNATURES
# sigs: WILL HOLD SIGNATURES COUNT
sigs = c_uint(0)
SIGNATURES_PATH = "."
load = libclam.cl_load(SIGNATURES_PATH, engine, byref(sigs),CL_DB_BYTECODE)
if load != CL_SUCCESS:
print "PYTHON # Can't load signatures : %s " %
libclam.cl_strerror(init)
libclam.cl_engine_free(engine)
sys.exit(1)
else:
print "PYTHON # Loaded %d signatures : %s " % (sigs.value,
load)
# COMPILING THE ENGINE
compeng = libclam.cl_engine_compile(engine)
if compeng != CL_SUCCESS:
print "PYTHON # Database initialization error: %s " %
libclam.cl_strerror(init)
libclam.cl_engine_free(engine)
sys.exit(1)
else:
print "PYTHON # Engine compiled : %s " % compeng
# CALLING CL_SCANFILE:
# C PROTOTYPE : cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine, unsigned int
scanoptions)
# PASSING PARAMETERS BY REFENRENCE USING byref()
# virname: WILL HOLD MALWARE NAME
virname = c_char_p()
size = c_int()
scanfile = libclam.cl_scanfile(FILE_TO_SCAN_PATH, byref(virname),
byref(size), engine, CL_SCAN_PE)
if scanfile:
print "PYTHON # New Match : %s " % virname.value
print " - FILE : %s FOUND : %s " %
(FILE_TO_SCAN_PATH, virname.value)
elif scanfile == CL_CLEAN:
print "PYTHON # No malware detected"
else:
print "Error: %s " % libclam.cl_strerror(scanfile)
libclam.cl_engine_free(engine)
sys.exit(1)
# FREE MEMORY
libclam.cl_engine_free(engine)
#
# OUTPUT EXEMPLE:
#
# D:\clamav-win32\code>files.py -f scanme.exe
# PYTHON # libclamav loaded : <CDLL 'libclamav.dll', handle
1bc0000 at 1a62250>
# PYTHON # Initialized
# PYTHON # New engine created : 32051704
# LibClamAV Warning:
***********************************************************
# LibClamAV Warning: *** This version of the ClamAV engine is
outdated. ***
# LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
# LibClamAV Warning:
***********************************************************
# PYTHON # Loaded 1267523 signatures : 0
# PYTHON # Engine compiled : 0
# PYTHON # New Match : AB_VIRUS.UNOFFICIAL
# - FILE : scanme.exe FOUND :
AB_VIRUS.UNOFFICIAL
#
Maybe you can add it to the examples folder (near: ex1.c).
Feedbacks are welcome :)
Ab
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
I wrote this python code. It shows how to load libclamav.dll and call
exported functions to scan a file.
#
# Python version: 2.7.3
# libclamav.dll version : 0.97.0.0
#
# Author: Ab Arous <ab@tunforge.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
import sys
from ctypes import *
import argparse
# JUST SOME CONSTANTS THAT WE NEED IN THIS EXEMPLE
CL_INIT_DEFAULT = 0x0
CL_SUCCESS = 0
CL_DB_BYTECODE = 0x2000
CL_SCAN_PE = 0x20
CL_CLEAN = 0
# RETRIEVE THE NAME OF THE FILE TO SCAN FROM THE COMMAND LINE ARGUMENTS
parser = argparse.ArgumentParser(description='Sample demo: Using
libclamav.dll to scan a file')
parser.add_argument('-f', '--file', help='File to scan', required=True)
args = parser.parse_args()
FILE_TO_SCAN_PATH = args.file
# CHECK IF THE FILE EXIST
fdesc = open(FILE_TO_SCAN_PATH, "r")
if not fdesc:
print "PYTHON # File not found: %s" % FILE_TO_SCAN_PATH
sys.exit(1)
fdesc.close()
# CALLING LoadLibrary
LIBCLAMAV_PATH = "libclamav.dll"
libclam = cdll.LoadLibrary(LIBCLAMAV_PATH)
if libclam:
print "PYTHON # libclamav loaded : %s " % libclam
# INITIALIZATION
init = libclam.cl_init(CL_INIT_DEFAULT)
if init != CL_SUCCESS:
print "PYTHON # Can't initiaize libclamav: %s " %
libclam.cl_strerror(init)
sys.exit(1)
else:
print "PYTHON # Initialized "
# ENABLE DEBUG MESSAGES
# UNCOMMENT CODE BELOW TO SEE DEBUG MESSAGES
#libdebug = libclam.cl_debug()
#if libdebug:
# print "PYTHON # Debug enabled : %s " % libdebug
# CREATE NEW ENGINE
engine = libclam.cl_engine_new()
if not engine:
print "PYTHON # Can't create new engine"
sys.exit(1)
else:
print "PYTHON # New engine created : %s " % engine
# LOADING SIGNATURES
# sigs: WILL HOLD SIGNATURES COUNT
sigs = c_uint(0)
SIGNATURES_PATH = "."
load = libclam.cl_load(SIGNATURES_PATH, engine, byref(sigs),CL_DB_BYTECODE)
if load != CL_SUCCESS:
print "PYTHON # Can't load signatures : %s " %
libclam.cl_strerror(init)
libclam.cl_engine_free(engine)
sys.exit(1)
else:
print "PYTHON # Loaded %d signatures : %s " % (sigs.value,
load)
# COMPILING THE ENGINE
compeng = libclam.cl_engine_compile(engine)
if compeng != CL_SUCCESS:
print "PYTHON # Database initialization error: %s " %
libclam.cl_strerror(init)
libclam.cl_engine_free(engine)
sys.exit(1)
else:
print "PYTHON # Engine compiled : %s " % compeng
# CALLING CL_SCANFILE:
# C PROTOTYPE : cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine, unsigned int
scanoptions)
# PASSING PARAMETERS BY REFENRENCE USING byref()
# virname: WILL HOLD MALWARE NAME
virname = c_char_p()
size = c_int()
scanfile = libclam.cl_scanfile(FILE_TO_SCAN_PATH, byref(virname),
byref(size), engine, CL_SCAN_PE)
if scanfile:
print "PYTHON # New Match : %s " % virname.value
print " - FILE : %s FOUND : %s " %
(FILE_TO_SCAN_PATH, virname.value)
elif scanfile == CL_CLEAN:
print "PYTHON # No malware detected"
else:
print "Error: %s " % libclam.cl_strerror(scanfile)
libclam.cl_engine_free(engine)
sys.exit(1)
# FREE MEMORY
libclam.cl_engine_free(engine)
#
# OUTPUT EXEMPLE:
#
# D:\clamav-win32\code>files.py -f scanme.exe
# PYTHON # libclamav loaded : <CDLL 'libclamav.dll', handle
1bc0000 at 1a62250>
# PYTHON # Initialized
# PYTHON # New engine created : 32051704
# LibClamAV Warning:
***********************************************************
# LibClamAV Warning: *** This version of the ClamAV engine is
outdated. ***
# LibClamAV Warning: *** DON'T PANIC! Read
http://www.clamav.net/support/faq ***
# LibClamAV Warning:
***********************************************************
# PYTHON # Loaded 1267523 signatures : 0
# PYTHON # Engine compiled : 0
# PYTHON # New Match : AB_VIRUS.UNOFFICIAL
# - FILE : scanme.exe FOUND :
AB_VIRUS.UNOFFICIAL
#
Maybe you can add it to the examples folder (near: ex1.c).
Feedbacks are welcome :)
Ab
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net