clamav/docs/html/node43.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

<!--Converted with LaTeX2HTML 99.2beta8 (1.46)
original version by:  Nikos Drakos, CBLU, University of Leeds
* revised and updated by:  Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
  Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Data scan functions</TITLE>
<META NAME="description" CONTENT="Data scan functions">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="LaTeX2HTML v99.2beta8">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">

<LINK REL="STYLESHEET" HREF="clamdoc.css">

<LINK REL="next" HREF="node44.html">
<LINK REL="previous" HREF="node42.html">
<LINK REL="up" HREF="node42.html">
<LINK REL="next" HREF="node44.html">
</HEAD>

<BODY >
<!--Navigation Panel-->
<A NAME="tex2html751"
  HREF="node44.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html747"
  HREF="node42.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html741"
  HREF="node42.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html749"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html752"
  HREF="node44.html">Memory</A>
<B> Up:</B> <A NAME="tex2html748"
  HREF="node42.html">Database reloading</A>
<B> Previous:</B> <A NAME="tex2html742"
  HREF="node42.html">Database reloading</A>
 &nbsp <B>  <A NAME="tex2html750"
  HREF="node1.html">Contents</A></B> 
<BR>
<BR>
<!--End of Navigation Panel-->

<H3><A NAME="SECTION00074100000000000000">
Data scan functions</A>
</H3>
    It's possible to scan a file or descriptor using:
    <PRE>
	int cl_scanfile(const char *filename, const char **virname,
	unsigned long int *scanned, const struct cl_engine *engine,
	const struct cl_limits *limits, unsigned int options);

	int cl_scandesc(int desc, const char **virname, unsigned
	long int *scanned, const struct cl_engine *engine, const
	struct cl_limits *limits, unsigned int options);
</PRE>
    Both functions will save a virus name under the pointer <code>virname</code>,
    the virus name is part of the engine structure and must not be released
    directly. If the third argument (<code>scanned</code>) is not NULL, the
    functions will increase its value with the size of scanned data (in
    <code>CL_COUNT_PRECISION</code> units). Both functions have support for archive
    limits in order to protect against Denial of Service attacks.
    <PRE>
struct cl_limits {
    unsigned int maxreclevel;     /* maximum recursion level for archives */
    unsigned int maxfiles;        /* maximum number of files to be scanned
                                   * within a single archive
                                   */
    unsigned int maxmailrec;	  /* maximum recursion level for mail files */
    unsigned int maxratio;	  /* maximum compression ratio */
    unsigned long int maxfilesize;/* compressed files larger than this limit
                                   * will not be scanned
                                   */
    unsigned short archivememlim;  /* limit memory usage for some unpackers */
};
</PRE>
    The last argument (<code>options</code>) configures the scan engine and supports
    the following flags (that can be combined using bit operators):
    
<UL>
<LI><B>CL_SCAN_STDOPT</B>
<BR>
This is an alias for a recommended set of scan options. You
	      should use it to make your software ready for new features
	      in the future versions of libclamav.
</LI>
<LI><B>CL_SCAN_RAW</B>
<BR>
Use it alone if you want to disable support for special files.
</LI>
<LI><B>CL_SCAN_ARCHIVE</B>
<BR>
This flag enables transparent scanning of various archive formats.
</LI>
<LI><B>CL_SCAN_BLOCKENCRYPTED</B>
<BR>
With this flag the library will mark encrypted archives as viruses
	      (Encrypted.Zip, Encrypted.RAR).
</LI>
<LI><B>CL_SCAN_BLOCKMAX</B>
<BR>
Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>,
	      or <code>maxreclevel</code> limit is reached.
</LI>
<LI><B>CL_SCAN_MAIL</B>
<BR>
Enable support for mail files.
</LI>
<LI><B>CL_SCAN_MAILURL</B>
<BR>
The mail scanner will download and scan URLs listed in a mail
	      body. This flag should not be used on loaded servers. Due to
	      potential problems please do not enable it by default but make
	      it optional.
</LI>
<LI><B>CL_SCAN_OLE2</B>
<BR>
Enables support for OLE2 containers (used by MS Office and .msi
	      files).
</LI>
<LI><B>CL_SCAN_PDF</B>
<BR>
Enables scanning within PDF files.
</LI>
<LI><B>CL_SCAN_PE</B>
<BR>
This flag enables deep scanning of Portable Executable files and
	      allows libclamav to unpack executables compressed with run-time
	      unpackers.
</LI>
<LI><B>CL_SCAN_ELF</B>
<BR>
Enable support for ELF files.
</LI>
<LI><B>CL_SCAN_BLOCKBROKEN</B>
<BR>
libclamav will try to detect broken executables and mark them as
	      Broken.Executable.
</LI>
<LI><B>CL_SCAN_HTML</B>
<BR>
This flag enables HTML normalisation (including ScrEnc
	      decryption).
</LI>
<LI><B>CL_SCAN_ALGORITHMIC</B>
<BR>
Enable algorithmic detection of viruses.
</LI>
<LI><B>CL_SCAN_PHISHING_DOMAINLIST</B>
<BR>
Phishing module: restrict URL scanning to domains from .pdf
	      (RECOMMENDED).
</LI>
<LI><B>CL_SCAN_PHISHING_BLOCKSSL</B>
<BR>
Phishing module: always block SSL mismatches in URLs.
</LI>
<LI><B>CL_SCAN_PHISHING_BLOCKCLOAK</B>
<BR>
Phishing module: always block cloaked URLs.
    
</LI>
</UL>
    All functions return 0 (<code>CL_CLEAN</code>) when the file seems clean,
    <code>CL_VIRUS</code> when a virus is detected and another value on failure.
    <PRE>
	    ...
	    struct cl_limits limits;
	    const char *virname;

	memset(&amp;limits, 0, sizeof(struct cl_limits));
	limits.maxfiles = 1000; /* max files */
	limits.maxfilesize = 10 * 1048576; /* maximum size of archived or
                                    * compressed file (files exceeding
                                    * this limit will be ignored)
                                    */
	limits.maxreclevel = 5; /* maximum recursion level for archives */
	limits.maxmailrec = 64; /* maximum recursion level for mail files */
	limits.maxratio = 200; /* maximum compression ratio */

	if((ret = cl_scanfile("/tmp/test.exe", &amp;virname, NULL, engine,
	&amp;limits, CL_STDOPT)) == CL_VIRUS) {
	    printf("Virus detected: %s\n", virname);
	} else {
	    printf("No virus detected.\n");
	    if(ret != CL_CLEAN)
	        printf("Error: %s\n", cl_strerror(ret));
	}
</PRE>

<P>
<HR>
<!--Navigation Panel-->
<A NAME="tex2html751"
  HREF="node44.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A> 
<A NAME="tex2html747"
  HREF="node42.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A> 
<A NAME="tex2html741"
  HREF="node42.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A> 
<A NAME="tex2html749"
  HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>  
<BR>
<B> Next:</B> <A NAME="tex2html752"
  HREF="node44.html">Memory</A>
<B> Up:</B> <A NAME="tex2html748"
  HREF="node42.html">Database reloading</A>
<B> Previous:</B> <A NAME="tex2html742"
  HREF="node42.html">Database reloading</A>
 &nbsp <B>  <A NAME="tex2html750"
  HREF="node1.html">Contents</A></B> 
<!--End of Navigation Panel-->
<ADDRESS>
Tomasz Kojm
2007-12-12
</ADDRESS>
</BODY>
</HTML>
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">`

			`<!--Converted with LaTeX2HTML 99.2beta8 (1.46)`
			`original version by: Nikos Drakos, CBLU, University of Leeds`
			`* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan`
			`* with significant contributions from:`
			`Jens Lippmann, Marek Rouchal, Martin Wilck and others -->`
			`<HTML>`
			`<HEAD>`
update html docs git-svn: trunk@3282 18 years ago			`<TITLE>Data scan functions</TITLE>`
			`<META NAME="description" CONTENT="Data scan functions">`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<META NAME="keywords" CONTENT="clamdoc">`
			`<META NAME="resource-type" CONTENT="document">`
			`<META NAME="distribution" CONTENT="global">`

			`<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">`
			`<META NAME="Generator" CONTENT="LaTeX2HTML v99.2beta8">`
			`<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">`

			`<LINK REL="STYLESHEET" HREF="clamdoc.css">`

update html docs git-svn: trunk@3282 18 years ago			`<LINK REL="next" HREF="node44.html">`
			`<LINK REL="previous" HREF="node42.html">`
			`<LINK REL="up" HREF="node42.html">`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<LINK REL="next" HREF="node44.html">`
			`</HEAD>`

			`<BODY >`
			`<!--Navigation Panel-->`
			`<A NAME="tex2html751"`
			`HREF="node44.html">`
			`<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>`
			`<A NAME="tex2html747"`
update html docs git-svn: trunk@3282 18 years ago			`HREF="node42.html">`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>`
			`<A NAME="tex2html741"`
			`HREF="node42.html">`
			`<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>`
			`<A NAME="tex2html749"`
			`HREF="node1.html">`
			`<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>`
			`<BR>`
			`<B> Next:</B> <A NAME="tex2html752"`
update html docs git-svn: trunk@3282 18 years ago			`HREF="node44.html">Memory</A>`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<B> Up:</B> <A NAME="tex2html748"`
update html docs git-svn: trunk@3282 18 years ago			`HREF="node42.html">Database reloading</A>`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<B> Previous:</B> <A NAME="tex2html742"`
update html docs git-svn: trunk@3282 18 years ago			`HREF="node42.html">Database reloading</A>`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`&nbsp <B> <A NAME="tex2html750"`
			`HREF="node1.html">Contents</A></B>`
			`<BR>`
			`<BR>`
			`<!--End of Navigation Panel-->`

update html docs git-svn: trunk@3282 18 years ago			`<H3><A NAME="SECTION00074100000000000000">`
			`Data scan functions</A>`
			`</H3>`
			`It's possible to scan a file or descriptor using:`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<PRE>`
update html docs git-svn: trunk@3282 18 years ago			`int cl_scanfile(const char filename, const char *virname,`
			`unsigned long int scanned, const struct cl_engine engine,`
			`const struct cl_limits *limits, unsigned int options);`

			`int cl_scandesc(int desc, const char **virname, unsigned`
			`long int scanned, const struct cl_engine engine, const`
			`struct cl_limits *limits, unsigned int options);`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`</PRE>`
update html docs git-svn: trunk@3282 18 years ago			`Both functions will save a virus name under the pointer <code>virname</code>,`
			`the virus name is part of the engine structure and must not be released`
			`directly. If the third argument (<code>scanned</code>) is not NULL, the`
			`functions will increase its value with the size of scanned data (in`
			`<code>CL_COUNT_PRECISION</code> units). Both functions have support for archive`
			`limits in order to protect against Denial of Service attacks.`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<PRE>`
update html docs git-svn: trunk@3282 18 years ago			`struct cl_limits {`
			`unsigned int maxreclevel; /* maximum recursion level for archives */`
			`unsigned int maxfiles; /* maximum number of files to be scanned`
			`* within a single archive`
			`*/`
			`unsigned int maxmailrec; /* maximum recursion level for mail files */`
			`unsigned int maxratio; /* maximum compression ratio */`
			`unsigned long int maxfilesize;/* compressed files larger than this limit`
			`* will not be scanned`
			`*/`
			`unsigned short archivememlim; /* limit memory usage for some unpackers */`
			`};`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`</PRE>`
update html docs git-svn: trunk@3282 18 years ago			`The last argument (<code>options</code>) configures the scan engine and supports`
			`the following flags (that can be combined using bit operators):`

			`<UL>`
			`<LI><B>CL_SCAN_STDOPT</B>`
			`<BR>`
			`This is an alias for a recommended set of scan options. You`
			`should use it to make your software ready for new features`
			`in the future versions of libclamav.`
			`</LI>`
			`<LI><B>CL_SCAN_RAW</B>`
			`<BR>`
			`Use it alone if you want to disable support for special files.`
			`</LI>`
			`<LI><B>CL_SCAN_ARCHIVE</B>`
			`<BR>`
			`This flag enables transparent scanning of various archive formats.`
			`</LI>`
			`<LI><B>CL_SCAN_BLOCKENCRYPTED</B>`
			`<BR>`
			`With this flag the library will mark encrypted archives as viruses`
			`(Encrypted.Zip, Encrypted.RAR).`
			`</LI>`
			`<LI><B>CL_SCAN_BLOCKMAX</B>`
			`<BR>`
			`Mark archives as viruses if <code>maxfiles</code>, <code>maxfilesize</code>,`
			`or <code>maxreclevel</code> limit is reached.`
			`</LI>`
			`<LI><B>CL_SCAN_MAIL</B>`
			`<BR>`
			`Enable support for mail files.`
			`</LI>`
			`<LI><B>CL_SCAN_MAILURL</B>`
			`<BR>`
			`The mail scanner will download and scan URLs listed in a mail`
			`body. This flag should not be used on loaded servers. Due to`
			`potential problems please do not enable it by default but make`
			`it optional.`
			`</LI>`
			`<LI><B>CL_SCAN_OLE2</B>`
			`<BR>`
			`Enables support for OLE2 containers (used by MS Office and .msi`
			`files).`
			`</LI>`
			`<LI><B>CL_SCAN_PDF</B>`
			`<BR>`
			`Enables scanning within PDF files.`
			`</LI>`
			`<LI><B>CL_SCAN_PE</B>`
			`<BR>`
			`This flag enables deep scanning of Portable Executable files and`
			`allows libclamav to unpack executables compressed with run-time`
			`unpackers.`
			`</LI>`
			`<LI><B>CL_SCAN_ELF</B>`
			`<BR>`
			`Enable support for ELF files.`
			`</LI>`
			`<LI><B>CL_SCAN_BLOCKBROKEN</B>`
			`<BR>`
			`libclamav will try to detect broken executables and mark them as`
			`Broken.Executable.`
			`</LI>`
			`<LI><B>CL_SCAN_HTML</B>`
			`<BR>`
			`This flag enables HTML normalisation (including ScrEnc`
			`decryption).`
			`</LI>`
			`<LI><B>CL_SCAN_ALGORITHMIC</B>`
			`<BR>`
			`Enable algorithmic detection of viruses.`
			`</LI>`
			`<LI><B>CL_SCAN_PHISHING_DOMAINLIST</B>`
			`<BR>`
			`Phishing module: restrict URL scanning to domains from .pdf`
			`(RECOMMENDED).`
			`</LI>`
			`<LI><B>CL_SCAN_PHISHING_BLOCKSSL</B>`
			`<BR>`
			`Phishing module: always block SSL mismatches in URLs.`
			`</LI>`
			`<LI><B>CL_SCAN_PHISHING_BLOCKCLOAK</B>`
			`<BR>`
			`Phishing module: always block cloaked URLs.`

			`</LI>`
			`</UL>`
			`All functions return 0 (<code>CL_CLEAN</code>) when the file seems clean,`
			`<code>CL_VIRUS</code> when a virus is detected and another value on failure.`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<PRE>`
update html docs git-svn: trunk@3282 18 years ago			`...`
			`struct cl_limits limits;`
			`const char *virname;`

			`memset(&limits, 0, sizeof(struct cl_limits));`
			`limits.maxfiles = 1000; /* max files */`
			`limits.maxfilesize = 10 * 1048576; /* maximum size of archived or`
			`* compressed file (files exceeding`
			`* this limit will be ignored)`
			`*/`
			`limits.maxreclevel = 5; /* maximum recursion level for archives */`
			`limits.maxmailrec = 64; /* maximum recursion level for mail files */`
			`limits.maxratio = 200; /* maximum compression ratio */`

			`if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,`
			`&limits, CL_STDOPT)) == CL_VIRUS) {`
			`printf("Virus detected: %s\n", virname);`
			`} else {`
			`printf("No virus detected.\n");`
			`if(ret != CL_CLEAN)`
			`printf("Error: %s\n", cl_strerror(ret));`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`}`
			`</PRE>`

			`<P>`
update html docs git-svn: trunk@3282 18 years ago			`<HR>`
			`<!--Navigation Panel-->`
			`<A NAME="tex2html751"`
			`HREF="node44.html">`
			`<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>`
			`<A NAME="tex2html747"`
			`HREF="node42.html">`
			`<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>`
			`<A NAME="tex2html741"`
			`HREF="node42.html">`
			`<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>`
			`<A NAME="tex2html749"`
			`HREF="node1.html">`
			`<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>`
			`<BR>`
			`<B> Next:</B> <A NAME="tex2html752"`
			`HREF="node44.html">Memory</A>`
			`<B> Up:</B> <A NAME="tex2html748"`
			`HREF="node42.html">Database reloading</A>`
			`<B> Previous:</B> <A NAME="tex2html742"`
			`HREF="node42.html">Database reloading</A>`
			`&nbsp <B> <A NAME="tex2html750"`
			`HREF="node1.html">Contents</A></B>`
			`<!--End of Navigation Panel-->`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`<ADDRESS>`
			`Tomasz Kojm`
update docs git-svn: trunk@3398 18 years ago			`2007-12-12`
new clamdoc tex/pdf/html git-svn: trunk@2708 19 years ago			`</ADDRESS>`
			`</BODY>`
			`</HTML>`