21
21
<LINK REL="next" HREF="node50.html">
22
22
<LINK REL="previous" HREF="node48.html">
23
<LINK REL="up" HREF="node48.html">
23
<LINK REL="up" HREF="node43.html">
24
24
<LINK REL="next" HREF="node50.html">
29
29
<DIV CLASS="navigation"><!--Navigation Panel-->
31
31
HREF="node50.html">
32
32
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
35
35
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
37
37
HREF="node48.html">
38
38
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
41
41
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
43
<B> Next:</B> <A NAME="tex2html847"
44
HREF="node50.html">Memory</A>
45
<B> Up:</B> <A NAME="tex2html843"
46
HREF="node48.html">Database reloading</A>
47
<B> Previous:</B> <A NAME="tex2html837"
48
HREF="node48.html">Database reloading</A>
49
<B> <A NAME="tex2html845"
43
<B> Next:</B> <A NAME="tex2html858"
44
HREF="node50.html">Database checks</A>
45
<B> Up:</B> <A NAME="tex2html854"
46
HREF="node43.html">API</A>
47
<B> Previous:</B> <A NAME="tex2html848"
48
HREF="node48.html">Engine structure</A>
49
<B> <A NAME="tex2html856"
50
50
HREF="node1.html">Contents</A></B>
53
53
<!--End of Navigation Panel-->
55
<H3><A NAME="SECTION00076100000000000000">
56
Data scan functions</A>
55
<H3><A NAME="SECTION00073600000000000000">
58
It's possible to scan a file or descriptor using:
60
int cl_scanfile(const char *filename, const char **virname,
61
unsigned long int *scanned, const struct cl_engine *engine,
62
unsigned int options);
64
int cl_scandesc(int desc, const char **virname, unsigned
65
long int *scanned, const struct cl_engine *engine,
66
unsigned int options);
68
Both functions will store a virus name under the pointer <code>virname</code>,
69
the virus name is part of the engine structure and must not be released
70
directly. If the third argument (<code>scanned</code>) is not NULL, the
71
functions will increase its value with the size of scanned data (in
72
<code>CL_COUNT_PRECISION</code> units).
73
The last argument (<code>options</code>) specified the scan options and supports
74
the following flags (which can be combined using bit operators):
77
<LI><SPAN CLASS="textbf">CL_SCAN_STDOPT</SPAN>
79
This is an alias for a recommended set of scan options. You
80
should use it to make your software ready for new features
81
in the future versions of libclamav.
83
<LI><SPAN CLASS="textbf">CL_SCAN_RAW</SPAN>
85
Use it alone if you want to disable support for special files.
87
<LI><SPAN CLASS="textbf">CL_SCAN_ARCHIVE</SPAN>
89
This flag enables transparent scanning of various archive formats.
91
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKENCRYPTED</SPAN>
93
With this flag the library will mark encrypted archives as viruses
94
(Encrypted.Zip, Encrypted.RAR).
96
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
98
Enable support for mail files.
100
<LI><SPAN CLASS="textbf">CL_SCAN_MAILURL</SPAN>
102
The mail scanner will download and scan URLs listed in a mail
103
body. This flag should not be used on loaded servers. Due to
104
potential problems please do not enable it by default but make
107
<LI><SPAN CLASS="textbf">CL_SCAN_OLE2</SPAN>
109
Enables support for OLE2 containers (used by MS Office and .msi
112
<LI><SPAN CLASS="textbf">CL_SCAN_PDF</SPAN>
114
Enables scanning within PDF files.
116
<LI><SPAN CLASS="textbf">CL_SCAN_PE</SPAN>
118
This flag enables deep scanning of Portable Executable files and
119
allows libclamav to unpack executables compressed with run-time
122
<LI><SPAN CLASS="textbf">CL_SCAN_ELF</SPAN>
124
Enable support for ELF files.
126
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKBROKEN</SPAN>
128
libclamav will try to detect broken executables and mark them as
131
<LI><SPAN CLASS="textbf">CL_SCAN_HTML</SPAN>
133
This flag enables HTML normalisation (including ScrEnc
136
<LI><SPAN CLASS="textbf">CL_SCAN_ALGORITHMIC</SPAN>
138
Enable algorithmic detection of viruses.
140
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
142
Phishing module: always block SSL mismatches in URLs.
144
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKCLOAK</SPAN>
146
Phishing module: always block cloaked URLs.
148
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED</SPAN>
150
Enable the DLP module which scans for credit card and SSN
153
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_NORMAL</SPAN>
155
Search for SSNs formatted as xx-yy-zzzz.
157
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_STRIPPED</SPAN>
159
Search for SSNs formatted as xxyyzzzz.
161
<LI><SPAN CLASS="textbf">CL_SCAN_PARTIAL_MESSAGE</SPAN>
163
Scan RFC1341 messages split over many emails. You will need to
164
periodically clean up <code>$TemporaryDirectory/clamav-partial</code>
167
<LI><SPAN CLASS="textbf">CL_SCAN_HEURISTIC_PRECEDENCE</SPAN>
169
Allow heuristic match to take precedence. When enabled, if
170
a heuristic scan (such as phishingScan) detects a possible
171
virus/phish it will stop scan immediately. Recommended, saves CPU
172
scan-time. When disabled, virus/phish detected by heuristic scans
173
will be reported only at the end of a scan. If an archive
174
contains both a heuristically detected virus/phishing, and a real
175
malware, the real malware will be reported.
179
All functions return <code>CL_CLEAN</code> when the file seems clean,
180
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
185
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
186
CL_STDOPT)) == CL_VIRUS) {
187
printf("Virus detected: %s\n", virname);
189
printf("No virus detected.\n");
191
printf("Error: %s\n", cl_strerror(ret));
58
When you create a new engine with <code>cl_engine_new()</code>, it will have
59
all internal settings set to default values as recommended by the
60
ClamAV authors. It's possible to check and modify the values (numerical
61
and strings) using the following set of functions:
63
int cl_engine_set_num(struct cl_engine *engine,
64
enum cl_engine_field field, long long num);
66
long long cl_engine_get_num(const struct cl_engine *engine,
67
enum cl_engine_field field, int *err);
69
int cl_engine_set_str(struct cl_engine *engine,
70
enum cl_engine_field field, const char *str);
72
const char *cl_engine_get_str(const struct cl_engine *engine,
73
enum cl_engine_field field, int *err);
75
Please don't modify the default values unless you know what you're doing.
76
Refer to the ClamAV sources (clamscan, clamd) for examples.
197
<DIV CLASS="navigation"><HR>
198
<!--Navigation Panel-->
199
<A NAME="tex2html846"
201
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
202
<A NAME="tex2html842"
204
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
205
<A NAME="tex2html836"
207
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
208
<A NAME="tex2html844"
210
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
212
<B> Next:</B> <A NAME="tex2html847"
213
HREF="node50.html">Memory</A>
214
<B> Up:</B> <A NAME="tex2html843"
215
HREF="node48.html">Database reloading</A>
216
<B> Previous:</B> <A NAME="tex2html837"
217
HREF="node48.html">Database reloading</A>
218
<B> <A NAME="tex2html845"
219
HREF="node1.html">Contents</A></B> </DIV>
220
<!--End of Navigation Panel-->