clamav-users January 2014 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Hi, I have a question

Re: [clamav-users] Hi, I have a question

From: Brian Bebeau <BBebeau_at_nospam>
Date: Mon Jan 13 2014 - 15:31:25 GMT
To: ClamAV users ML <clamav-users@lists.clamav.net>

> Due to my university project in my lab, I want to utilize unpacking function of clamav.
> So, is there anyway to only unpack binary files without any other analysis?
> Because performance of my project is very important, other unnecessary analysis steps degrade performance.

I've done this. Start by initializing:

cl_init(CL_INIT_DEFAULT);

Create a new engine:

engine = cl_engine_new();

Set the directory you want it to be parsed into, and tell it to keep the temp files:

cl_engine_set_str(engine, CL_ENGINE_TMPDIR, tmpdir);
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);

Create a dummy database of only one line and load it:

cl_load(dummy_db_file, engine, &sigs, CL_DB_STDOPT);

Compile the engine:

cl_engine_compile(engine);

Finally scan the file you want to parse:

cl_scanfile(filename, &matchname, NULL, engine, CL_SCAN_STDOPT);

The file's components will be in the tmp dir you specified and you can check them
at your leisure. When you're done, make sure to call cl_engine_free() to free the engine,
and then you need to remove the files in the tmp dir. Check the Clamav docs for the
arguments in the routines called, and add your own error checking.

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml