1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Data scan functions</TITLE>
<META NAME="description" CONTENT="Data scan functions">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="clamdoc.css">
<LINK REL="next" HREF="node58.html">
<LINK REL="previous" HREF="node56.html">
<LINK REL="up" HREF="node49.html">
<LINK REL="next" HREF="node58.html">
</HEAD>
<BODY >
<!--Navigation Panel-->
<A NAME="tex2html971"
HREF="node58.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html967"
HREF="node49.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html961"
HREF="node56.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html969"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html972"
HREF="node58.html">Memory</A>
<B> Up:</B> <A NAME="tex2html968"
HREF="node49.html">API</A>
<B> Previous:</B> <A NAME="tex2html962"
HREF="node56.html">Database checks</A>
<B> <A NAME="tex2html970"
HREF="node1.html">Contents</A></B>
<BR>
<BR>
<!--End of Navigation Panel-->
<H3><A NAME="SECTION00073800000000000000">
Data scan functions</A>
</H3>
It's possible to scan a file or descriptor using:
<PRE>
int cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine,
unsigned int options);
int cl_scandesc(int desc, const char **virname, unsigned
long int *scanned, const struct cl_engine *engine,
unsigned int options);
</PRE>
Both functions will store a virus name under the pointer <code>virname</code>,
the virus name is part of the engine structure and must not be released
directly. If the third argument (<code>scanned</code>) is not NULL, the
functions will increase its value with the size of scanned data (in
<code>CL_COUNT_PRECISION</code> units).
The last argument (<code>options</code>) specified the scan options and supports
the following flags (which can be combined using bit operators):
<UL>
<LI><B>CL_SCAN_STDOPT</B>
<BR>
This is an alias for a recommended set of scan options. You
should use it to make your software ready for new features
in the future versions of libclamav.
</LI>
<LI><B>CL_SCAN_RAW</B>
<BR>
Use it alone if you want to disable support for special files.
</LI>
<LI><B>CL_SCAN_ARCHIVE</B>
<BR>
This flag enables transparent scanning of various archive formats.
</LI>
<LI><B>CL_SCAN_BLOCKENCRYPTED</B>
<BR>
With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
</LI>
<LI><B>CL_SCAN_MAIL</B>
<BR>
Enable support for mail files.
</LI>
<LI><B>CL_SCAN_OLE2</B>
<BR>
Enables support for OLE2 containers (used by MS Office and .msi
files).
</LI>
<LI><B>CL_SCAN_PDF</B>
<BR>
Enables scanning within PDF files.
</LI>
<LI><B>CL_SCAN_SWF</B>
<BR>
Enables scanning within SWF files, notably compressed SWF.
</LI>
<LI><B>CL_SCAN_PE</B>
<BR>
This flag enables deep scanning of Portable Executable files and
allows libclamav to unpack executables compressed with run-time
unpackers.
</LI>
<LI><B>CL_SCAN_ELF</B>
<BR>
Enable support for ELF files.
</LI>
<LI><B>CL_SCAN_BLOCKBROKEN</B>
<BR>
libclamav will try to detect broken executables and mark them as
Broken.Executable.
</LI>
<LI><B>CL_SCAN_HTML</B>
<BR>
This flag enables HTML normalisation (including ScrEnc
decryption).
</LI>
<LI><B>CL_SCAN_ALGORITHMIC</B>
<BR>
Enable algorithmic detection of viruses.
</LI>
<LI><B>CL_SCAN_PHISHING_BLOCKSSL</B>
<BR>
Phishing module: always block SSL mismatches in URLs.
</LI>
<LI><B>CL_SCAN_PHISHING_BLOCKCLOAK</B>
<BR>
Phishing module: always block cloaked URLs.
</LI>
<LI><B>CL_SCAN_STRUCTURED</B>
<BR>
Enable the DLP module which scans for credit card and SSN
numbers.
</LI>
<LI><B>CL_SCAN_STRUCTURED_SSN_NORMAL</B>
<BR>
Search for SSNs formatted as xx-yy-zzzz.
</LI>
<LI><B>CL_SCAN_STRUCTURED_SSN_STRIPPED</B>
<BR>
Search for SSNs formatted as xxyyzzzz.
</LI>
<LI><B>CL_SCAN_PARTIAL_MESSAGE</B>
<BR>
Scan RFC1341 messages split over many emails. You will need to
periodically clean up <code>$TemporaryDirectory/clamav-partial</code>
directory.
</LI>
<LI><B>CL_SCAN_HEURISTIC_PRECEDENCE</B>
<BR>
Allow heuristic match to take precedence. When enabled, if
a heuristic scan (such as phishingScan) detects a possible
virus/phish it will stop scan immediately. Recommended, saves CPU
scan-time. When disabled, virus/phish detected by heuristic scans
will be reported only at the end of a scan. If an archive
contains both a heuristically detected virus/phishing, and a real
malware, the real malware will be reported.
</LI>
<LI><B>CL_SCAN_BLOCKMACROS</B>
<BR>
OLE2 containers, which contain VBA macros will be marked infected
(Heuristics.OLE2.ContainsMacros).
</LI>
</UL>
All functions return <code>CL_CLEAN</code> when the file seems clean,
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
<PRE>
...
const char *virname;
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
CL_SCAN_STDOPT)) == CL_VIRUS) {
printf("Virus detected: %s\n", virname);
} else {
printf("No virus detected.\n");
if(ret != CL_CLEAN)
printf("Error: %s\n", cl_strerror(ret));
}
</PRE>
<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html971"
HREF="node58.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html967"
HREF="node49.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html961"
HREF="node56.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html969"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html972"
HREF="node58.html">Memory</A>
<B> Up:</B> <A NAME="tex2html968"
HREF="node49.html">API</A>
<B> Previous:</B> <A NAME="tex2html962"
HREF="node56.html">Database checks</A>
<B> <A NAME="tex2html970"
HREF="node1.html">Contents</A></B>
<!--End of Navigation Panel-->
<ADDRESS>
Cisco 2014-11-21
</ADDRESS>
</BODY>
</HTML>
|
