Curious, when I take that assumption, so basically memcpy into buf+offset it won't even scan, I end up with:
... LibClamAV debug: Recognized MS-EXE/DLL file Fatal error. LibClamAV debug: clean_cache_check: cb249dd6cbda01c212f56ab4112f2a18 is negative Testbed.exe (process 38728) exited with code -1073741819. However, if I assume offset is the file offset, so just read directly into buf (no adjustment with offset) then I get this: ... LibClamAV debug: cli_pcre_report: no match found LibClamAV debug: cli_pcre_report: PCRE Execution Report End LibClamAV debug: LibClamAV debug: FP SIGNATURE: 33d90e22aa498f3c68837fee91e900f7:174592:Test.Win32.VirusC.UNOFFICIAL # Name: Test.file, Type: CL_TYPE_MSEXE LibClamAV debug: hashtab: Freeing hashset, elements: 0, capacity: 0 Testbed.exe (process 21428) exited with code -1073740791. So here it looks like it manages to scan and returns the correct `virus` found. However it still then exits for some reason (i.e I don't return from cl_scanmap_callback). I also find it curious that count on the first call of the callback is 4096, but on subsequent calls is the decrementing size of the `file` I'm passing through it. Surely count would be of fixed size and you just read blocks into buf until you can't read anymore (and return 0)? Does this make sense? What am I missing :S -----Original Message----- From: Markus Kolb <markus.kolb+cla...@tower-net.de> Sent: Thursday, March 23, 2023 3:24 PM To: ClamAV Development <clamav-devel@lists.clamav.net>; Lloyd Kinsella <ll...@kinwood.net> Subject: Re: [Clamav-devel] Confusion with Offset for cl_fmap_open_callback Am 23. März 2023 11:45:45 UTC schrieb Lloyd Kinsella <ll...@kinwood.net>: >* @param buf A buffer to read data into, must be at least offset + count >* @param count The number of bytes to read. >* @param offset The the offset into buf to read the data to. If I think the param description is quite clear... buf needs to be of size offset + count, so offset specifies the start point where to store count number of bytes in buf. _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
