I would also like to mention that i have written C# bindings for both libclamav and clamd over tcp if that helps IRT windows.
https://github.com/brandonprry/clam-sharp Sent from a computer > On Feb 18, 2014, at 2:20 PM, Steven Morgan <[email protected]> wrote: > > James, > > Some comments inline: > > > On Mon, Feb 17, 2014 at 9:13 PM, Northern Technical > <[email protected]>wrote: > >> Hello, >> >> From what I can see so far, ClamAV provides a shared library which does the >> scanning and provides tools, e.g. unpacking archives for scanning, updating >> the malware databases. So perhaps providing a ClamAV app is not much more >> than a UI which calls the library to scan and update. >> > > Pretty much. clamscan and clamd link to libclamav. clamdscan uses clamd > through tcp or unix socket. Other apps can use the clamd protocols as well, > or link to libclamav and use its api. Then there are also several utilities > such as freshclam and sigtool, > > >> >> Is that an oversimplification? I'm a little lost since I'm still learning >> how AV programs work generally. I've got the idea with virus signatures >> which AV programs look for, and they probably go through the entire FS >> looking inside files for those signatures. I don't know about how >> heuristics work, and what might be done for specific platforms, e.g. >> scanning the Windows registry for entries like login notify and other areas >> malware might hook into. Same for browser malware, e.g. scanning JS or >> whatever is done there. >> >> I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be >> fetched from the Windows App Store. If it's "simple" like providing a good >> UI and using the shared library, would it make sense to fork the ClamAV >> sources and, since it's originally written for UNIX-like platforms, provide >> a Windows-specific AV engine? I know Windows can support POSIX programs, >> but would a Windows AV engine using native Windows calls, threading, etc., >> be a good idea if there's the time and patience to develop it? >> > > Sounds good. There is windows support currently, see clamav/win32 and also > http://sourceforge.net/projects/clamav/files/clamav/win32/. There are some > other third party windows projects, and also our Immunet. > > >> Is there any documentation which gives me a good overall picture of how it >> works, linking to the shared library, launching scans, updating, what it >> does (if anything; would a user of the library do it?) with malware that it >> finds? On Windows, would a user of the ClamAV library do anything such as >> keep a list of hashes of known Windows system DLLs and check those, if >> that's a good idea? What about scanning the boot area? >> > > clamav/docs. Also google around to find some presentations and papers on > clamav topics. > > >> >> Thanks for any guidance or tips. >> >> James >> _______________________________________________ >> http://lurker.clamav.net/list/clamav-devel.html >> Please submit your patches to our Bugzilla: http://bugs.clamav.net >> > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
