I'm using the API to access ClamAV (through JNI, yay!).
Anyways, I'm trying to scan email messages that are passed
to ClamAV as a buffer (string). I was wondering if this would
work or not. The API indicates that options are passed to the other API scan methods that allow the user to specify
which types of files are being scanned (e.g. CL_SCAN_MAIL).
This option is not available for the cl_scanbuff method and I was wondering why not? I'm confident that I am not understanding
something here and I am considering (but would not prefer)
writing the buffers out to files and using the files instead of the buffer.
What is happening is when I test the clam.exe file it is reported to not contain a virus when in fact it does have one. When I test the file using the ex1 binary compiled in the <clamavsrc>/example directory, the clam.exe file is indicated to contain the test virus.
Attached is a simple unit test that exemplefies what I'm trying to do. It can be compiled the same as ex1.c:
"gcc -lclamav test.txt -o test"
And run the same as ex1.c:
"./test <file>"
The output from my test is as follows:
test.o ../test/clam.exe
12 characters read
MZP is the message
Loaded 25253 signatures Return code: 0
Virus name : 134514609
Thanks for any insight on how I can use cl_scanbuff in the way I'd like to do it!
Regards, -- Gregory "Gus" Class Develper, Spam Arrest LLC http://gregoryclass.com
#include <clamav.h> #include <stdio.h>
//#DEFINE NODEBUG
int no = 0; struct cl_limits limits;
struct cl_node* root = NULL;
void loadDb(){ int ret = 0;
/* do nothing special for now, just use defaults */
if ((ret = cl_loaddbdir(cl_retdbdir(), &root, &no))){
#ifndef NODEBUG
printf("cl_loaddbdir: %s\n", cl_perror(ret));
#endif
}
#ifndef NODEBUG
printf("Loaded %d signatures \n",no);
#endif
}int main(int argc, char **argv) {
FILE *fp;
int i,ret;
char temp;
const char* virname;
char themessage[2000]; if(argc != 2) {
printf("Usage: %s file\n", argv[0]);
return 2;
}fp = fopen(argv[1], "r");
i=0;
while ((temp = fgetc(fp)) != EOF){
themessage[i++] = temp;
}
printf("%d characters read\n", i);
printf("%s is the message\n", themessage);
fclose(fp);loadDb();
if ((ret = cl_build(root))){
printf("cl_build() error: %s \n", cl_strerror(ret));
cl_free(root);
}
ret = cl_scanbuff(themessage, i + 1, &virname, root);
printf("Return code: %d\n",ret);
printf("Virus name : %d\n",virname);return 1; }
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
