Tomasz Kojm wrote:
>>First, I think that even very conservative approach (return "need file
>>scanning" if there is a slightest doubt) would be useful anyway,
>>eliminating large portion of unnecessary temp file operations.
>>
>>For a start, what about adding something along these lines to
>>libclamav:
>>
>>/* return true (1) if file scanning is recommended */
>>int
>>cl_needfilescan(char *buf, size_t buflen)
>>{
>> int rc=1;
>> cli_file_t filetype;
>>
>> filetype=cli_filetype(buf,buflen);
>> switch (filetype) {
>> case CL_TYPE_UNKNOWN_TEXT:
>> case CL_TYPE_UNKNOWN_DATA:
>> /* case CL_TYPE_MSEXE: not all exe's need filescan
>> but how to tell?? */
>> case CL_TYPE_DATA:
>> case CL_TYPE_GRAPHICS:
>> case CL_TYPE_RIFF:
>> case CL_TYPE_HTML:
>> rc=0;
>> break;
>> default:
>> rc=1;
>> break;
>> }
>> return rc;
>>}
>
>
> This function would produce a large number of false negatives.Maybe it's possible to specify a smaller set of "negative" file types, that would produce a possibly large number of false positives instead, without false negatives? Or no way? Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
