<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2K.1beta (1.48) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>Data scan functions</TITLE> <META NAME="description" CONTENT="Data scan functions"> <META NAME="keywords" CONTENT="clamdoc"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="LaTeX2HTML v2K.1beta"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="clamdoc.css"> <LINK REL="next" HREF="node42.html"> <LINK REL="previous" HREF="node40.html"> <LINK REL="up" HREF="node40.html"> <LINK REL="next" HREF="node42.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html958" HREF="node42.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="/usr/share/latex2html/icons/next.png"></A> <A NAME="tex2html954" HREF="node40.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="/usr/share/latex2html/icons/up.png"></A> <A NAME="tex2html948" HREF="node40.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="/usr/share/latex2html/icons/prev.png"></A> <A NAME="tex2html956" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="/usr/share/latex2html/icons/contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html959" HREF="node42.html">Memory</A> <B> Up:</B> <A NAME="tex2html955" HREF="node40.html">Database reloading</A> <B> Previous:</B> <A NAME="tex2html949" HREF="node40.html">Database reloading</A>   <B> <A NAME="tex2html957" HREF="node1.html">Contents</A></B> <BR> <BR> <!--End of Navigation Panel--> <H3><A NAME="SECTION00074100000000000000"> Data scan functions</A> </H3> It's possible to scan a buffer, a descriptor, or a file with: <PRE> int cl_scanbuff(const char *buffer, unsigned int length, const char **virname, const struct cl_node *root); int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options); int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_node *root, const struct cl_limits *limits, unsigned int options); </PRE> All the functions save a virus name under <code>virname</code> pointer. It points to a field in the internal database structure and must not be released directly. If the <code>scanned</code> pointer is not NULL the functions will increase a value represented by this pointer by a size of scanned data in <code>CL_COUNT_PRECISION</code> units. The last two functions also support archive limits required to protect against Denial of Service attacks. <PRE> struct cl_limits { int maxreclevel; /* maximal recursion level */ int maxfiles; /* maximal number of files to be * scanned within archive */ int maxratio; /* maximal compression ratio */ short archivememlim; /* limit memory usage for bzip2 (0/1) */ long int maxfilesize; /* archived files larger than this * value will not be scanned */ }; </PRE> The <code>options</code> argument configures the scan engine and supports the following flags (that can be combined using bit operators): <UL> <LI><B>CL_SCAN_STDOPT</B> <BR> This is an alias for a recommended set of scan options. You should use it to make your software ready for new features in future versions of libclamav. </LI> <LI><B>CL_SCAN_RAW</B> <BR> It does nothing. Please use it (alone) if you don't want to scan any special files. </LI> <LI><B>CL_SCAN_ARCHIVE</B> <BR> This flag enables transparent scanning of various archive formats. </LI> <LI><B>CL_SCAN_BLOCKENCRYPTED</B> <BR> With this flag the library marks encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). </LI> <LI><B>CL_SCAN_BLOCKMAX</B> <BR> Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>, or <code>maxreclevel</code> limit is reached. </LI> <LI><B>CL_SCAN_MAIL</B> <BR> It enables support for mail files. </LI> <LI><B>CL_SCAN_MAILURL</B> <BR> The mail scanner will download and scan URLs listed in a mail body. This flag should not be used on loaded servers. Due to potential problems please do not enable it by default but make it optional. </LI> <LI><B>CL_SCAN_OLE2</B> <BR> Enables support for Microsoft Office document files. </LI> <LI><B>CL_SCAN_PE</B> <BR> This flag enables scanning withing Portable Executable files and allows libclamav to unpack UPX, Petite, and FSG compressed executables. </LI> <LI><B>CL_SCAN_BLOCKBROKEN</B> <BR> libclamav will try to detect broken executables and mark them as Broken.Executable. </LI> <LI><B>CL_SCAN_HTML</B> <BR> This flag enables HTML normalisation (including JScript decryption). </LI> </UL> All functions return 0 (<code>CL_CLEAN</code>) if the file is clean, <code>CL_VIRUS</code> when virus is detected and an another value on failure. <PRE> ... struct cl_limits limits; const char *virname; memset(&limits, 0, sizeof(struct cl_limits)); /* maximal number of files in archive */; limits.maxfiles = 1000 /* maximal archived file size */ limits.maxfilesize = 10 * 1048576; /* 10 MB */ /* maximal recursion level */ limits.maxreclevel = 5; /* maximal compression ratio */ limits.maxratio = 200; /* disable memory limit for bzip2 scanner */ limits.archivememlim = 0; if((ret = cl_scanfile("/home/zolw/test", &virname, NULL, root, &limits, CL_STDOPT)) == CL_VIRUS) { printf("Detected %s virus.\n", virname); } else { printf("No virus detected.\n"); if(ret != CL_CLEAN) printf("Error: %s\n", cl_strerror(ret)); } </PRE> <P> <HR> <!--Navigation Panel--> <A NAME="tex2html958" HREF="node42.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="/usr/share/latex2html/icons/next.png"></A> <A NAME="tex2html954" HREF="node40.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="/usr/share/latex2html/icons/up.png"></A> <A NAME="tex2html948" HREF="node40.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="/usr/share/latex2html/icons/prev.png"></A> <A NAME="tex2html956" HREF="node1.html"> <IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="/usr/share/latex2html/icons/contents.png"></A> <BR> <B> Next:</B> <A NAME="tex2html959" HREF="node42.html">Memory</A> <B> Up:</B> <A NAME="tex2html955" HREF="node40.html">Database reloading</A> <B> Previous:</B> <A NAME="tex2html949" HREF="node40.html">Database reloading</A>   <B> <A NAME="tex2html957" HREF="node1.html">Contents</A></B> <!--End of Navigation Panel--> <ADDRESS> Tomasz Kojm 2004-10-17 </ADDRESS> </BODY> </HTML>