Hi,
I'm just wondering if anyone can give me any advice on using cli_scanbuff,
I'm currently
completely stumped, I'm trying to simply get it to detect the EICAR 'virus'.
I call it with the following snippet:
--------------
unsigned char *buf = "X5O!P%@AP
[.4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
if((ret = cl_scanbuff(buf, strlen(buf),&virname, &size, engine,
CL_SCAN_STDOPT)) == CL_VIRUS) {
................................
}
-------------
Using the following additions I've added to the library:
-------------
int cl_scanbuff(unsigned char *data,unsigned int len, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine, unsigned int
scanoptions)
{
return cl_scanbuff_callback(data, len,virname, scanned, engine,
scanoptions, NULL);
}
int cl_scanbuff_callback(unsigned char *data,unsigned int len, const char
**virname, unsigned long int *scanned, const struct cl_engine *engine,
unsigned int scanoptions, void *context)
{
return scan_buff(data,len, NULL, virname, scanned, engine, scanoptions,
context);
}
static int scan_buff(unsigned char *data,uint32_t len, cl_fmap_t *map,
const char **virname, unsigned long int *scanned, const struct cl_engine
*engine, unsigned int scanoptions, void *context)
{
cli_ctx ctx;
int rc;
struct cli_matcher *groot = NULL;
struct cli_matcher *troot = NULL;
struct cli_matcher *root;
struct cli_ac_data gmdata, tmdata;
struct cli_ac_data *mdata[2];
int ret;
unsigned int viruses_found = 0;
int *partcnt;
unsigned long int *partoff;
cli_file_t ftype = CL_TYPE_ANY;
memset(&ctx, '\0', sizeof(cli_ctx));
ctx.engine = engine;
ctx.virname = virname;
ctx.scanned = scanned;
ctx.options = scanoptions;
root = (struct cli_matcher *) mpool_calloc(ctx.engine->mempool, 1,
sizeof(struct cli_matcher));
#ifdef USE_MPOOL
root->mempool = ctx.engine->mempool;
#endif
ctx.engine->root[0] = root;
ret = cli_scanbuff(data, len, 0, &ctx, 0, NULL);
if (ret == CL_VIRUS)
viruses_found++;
if (ret == CL_CLEAN && ctx.num_viruses){
ret = CL_VIRUS;
}
return (ret != CL_CLEAN)?ret:viruses_found?CL_VIRUS:CL_CLEAN;
}
-------------
Currently it always returns, with CL_CLEAN. I can easily detect EICAR with
a file, but for some reason not with cli_scanbuff.
Anyone got any ideas?
Kind Regards
Chris
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
I'm just wondering if anyone can give me any advice on using cli_scanbuff,
I'm currently
completely stumped, I'm trying to simply get it to detect the EICAR 'virus'.
I call it with the following snippet:
--------------
unsigned char *buf = "X5O!P%@AP
[.4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*";
if((ret = cl_scanbuff(buf, strlen(buf),&virname, &size, engine,
CL_SCAN_STDOPT)) == CL_VIRUS) {
................................
}
-------------
Using the following additions I've added to the library:
-------------
int cl_scanbuff(unsigned char *data,unsigned int len, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine, unsigned int
scanoptions)
{
return cl_scanbuff_callback(data, len,virname, scanned, engine,
scanoptions, NULL);
}
int cl_scanbuff_callback(unsigned char *data,unsigned int len, const char
**virname, unsigned long int *scanned, const struct cl_engine *engine,
unsigned int scanoptions, void *context)
{
return scan_buff(data,len, NULL, virname, scanned, engine, scanoptions,
context);
}
static int scan_buff(unsigned char *data,uint32_t len, cl_fmap_t *map,
const char **virname, unsigned long int *scanned, const struct cl_engine
*engine, unsigned int scanoptions, void *context)
{
cli_ctx ctx;
int rc;
struct cli_matcher *groot = NULL;
struct cli_matcher *troot = NULL;
struct cli_matcher *root;
struct cli_ac_data gmdata, tmdata;
struct cli_ac_data *mdata[2];
int ret;
unsigned int viruses_found = 0;
int *partcnt;
unsigned long int *partoff;
cli_file_t ftype = CL_TYPE_ANY;
memset(&ctx, '\0', sizeof(cli_ctx));
ctx.engine = engine;
ctx.virname = virname;
ctx.scanned = scanned;
ctx.options = scanoptions;
root = (struct cli_matcher *) mpool_calloc(ctx.engine->mempool, 1,
sizeof(struct cli_matcher));
#ifdef USE_MPOOL
root->mempool = ctx.engine->mempool;
#endif
ctx.engine->root[0] = root;
ret = cli_scanbuff(data, len, 0, &ctx, 0, NULL);
if (ret == CL_VIRUS)
viruses_found++;
if (ret == CL_CLEAN && ctx.num_viruses){
ret = CL_VIRUS;
}
return (ret != CL_CLEAN)?ret:viruses_found?CL_VIRUS:CL_CLEAN;
}
-------------
Currently it always returns, with CL_CLEAN. I can easily detect EICAR with
a file, but for some reason not with cli_scanbuff.
Anyone got any ideas?
Kind Regards
Chris
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net