21
21
<LINK REL="next" HREF="node52.html">
22
22
<LINK REL="previous" HREF="node50.html">
23
<LINK REL="up" HREF="node43.html">
23
<LINK REL="up" HREF="node49.html">
24
24
<LINK REL="next" HREF="node52.html">
29
29
<DIV CLASS="navigation"><!--Navigation Panel-->
31
31
HREF="node52.html">
32
32
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
35
35
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
37
37
HREF="node50.html">
38
38
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
41
41
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
43
<B> Next:</B> <A NAME="tex2html883"
44
HREF="node52.html">Memory</A>
45
<B> Up:</B> <A NAME="tex2html879"
46
HREF="node43.html">API</A>
47
<B> Previous:</B> <A NAME="tex2html873"
48
HREF="node50.html">Database checks</A>
49
<B> <A NAME="tex2html881"
43
<B> Next:</B> <A NAME="tex2html900"
44
HREF="node52.html">Database loading</A>
45
<B> Up:</B> <A NAME="tex2html896"
46
HREF="node49.html">API</A>
47
<B> Previous:</B> <A NAME="tex2html890"
48
HREF="node50.html">Header file</A>
49
<B> <A NAME="tex2html898"
50
50
HREF="node1.html">Contents</A></B>
53
53
<!--End of Navigation Panel-->
55
<H3><A NAME="SECTION00073800000000000000">
56
Data scan functions</A>
55
<H3><A NAME="SECTION00073200000000000000">
58
It's possible to scan a file or descriptor using:
60
int cl_scanfile(const char *filename, const char **virname,
61
unsigned long int *scanned, const struct cl_engine *engine,
62
unsigned int options);
64
int cl_scandesc(int desc, const char **virname, unsigned
65
long int *scanned, const struct cl_engine *engine,
66
unsigned int options);
68
Both functions will store a virus name under the pointer <code>virname</code>,
69
the virus name is part of the engine structure and must not be released
70
directly. If the third argument (<code>scanned</code>) is not NULL, the
71
functions will increase its value with the size of scanned data (in
72
<code>CL_COUNT_PRECISION</code> units).
73
The last argument (<code>options</code>) specified the scan options and supports
74
the following flags (which can be combined using bit operators):
77
<LI><SPAN CLASS="textbf">CL_SCAN_STDOPT</SPAN>
79
This is an alias for a recommended set of scan options. You
80
should use it to make your software ready for new features
81
in the future versions of libclamav.
83
<LI><SPAN CLASS="textbf">CL_SCAN_RAW</SPAN>
85
Use it alone if you want to disable support for special files.
87
<LI><SPAN CLASS="textbf">CL_SCAN_ARCHIVE</SPAN>
89
This flag enables transparent scanning of various archive formats.
91
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKENCRYPTED</SPAN>
93
With this flag the library will mark encrypted archives as viruses
94
(Encrypted.Zip, Encrypted.RAR).
96
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
98
Enable support for mail files.
100
<LI><SPAN CLASS="textbf">CL_SCAN_OLE2</SPAN>
102
Enables support for OLE2 containers (used by MS Office and .msi
105
<LI><SPAN CLASS="textbf">CL_SCAN_PDF</SPAN>
107
Enables scanning within PDF files.
109
<LI><SPAN CLASS="textbf">CL_SCAN_PE</SPAN>
111
This flag enables deep scanning of Portable Executable files and
112
allows libclamav to unpack executables compressed with run-time
115
<LI><SPAN CLASS="textbf">CL_SCAN_ELF</SPAN>
117
Enable support for ELF files.
119
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKBROKEN</SPAN>
121
libclamav will try to detect broken executables and mark them as
124
<LI><SPAN CLASS="textbf">CL_SCAN_HTML</SPAN>
126
This flag enables HTML normalisation (including ScrEnc
129
<LI><SPAN CLASS="textbf">CL_SCAN_ALGORITHMIC</SPAN>
131
Enable algorithmic detection of viruses.
133
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
135
Phishing module: always block SSL mismatches in URLs.
137
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKCLOAK</SPAN>
139
Phishing module: always block cloaked URLs.
141
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED</SPAN>
143
Enable the DLP module which scans for credit card and SSN
146
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_NORMAL</SPAN>
148
Search for SSNs formatted as xx-yy-zzzz.
150
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_STRIPPED</SPAN>
152
Search for SSNs formatted as xxyyzzzz.
154
<LI><SPAN CLASS="textbf">CL_SCAN_PARTIAL_MESSAGE</SPAN>
156
Scan RFC1341 messages split over many emails. You will need to
157
periodically clean up <code>$TemporaryDirectory/clamav-partial</code>
160
<LI><SPAN CLASS="textbf">CL_SCAN_HEURISTIC_PRECEDENCE</SPAN>
162
Allow heuristic match to take precedence. When enabled, if
163
a heuristic scan (such as phishingScan) detects a possible
164
virus/phish it will stop scan immediately. Recommended, saves CPU
165
scan-time. When disabled, virus/phish detected by heuristic scans
166
will be reported only at the end of a scan. If an archive
167
contains both a heuristically detected virus/phishing, and a real
168
malware, the real malware will be reported.
170
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKMACROS</SPAN>
172
OLE2 containers, which contain VBA macros will be marked infected
173
(Heuristics.OLE2.ContainsMacros).
177
All functions return <code>CL_CLEAN</code> when the file seems clean,
178
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
183
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
184
CL_SCAN_STDOPT)) == CL_VIRUS) {
185
printf("Virus detected: %s\n", virname);
187
printf("No virus detected.\n");
189
printf("Error: %s\n", cl_strerror(ret));
58
Before using libclamav, you should call <code>cl_init()</code> to initialize
59
it. When it's done, you're ready to create a new scan engine by calling
60
<code>cl_engine_new()</code>. To free resources allocated by the engine use
61
<code>cl_engine_free()</code>. Function prototypes:
63
int cl_init(unsigned int options);
64
struct cl_engine *cl_engine_new(void);
65
int cl_engine_free(struct cl_engine *engine);
67
<code>cl_init()</code> and <code>cl_engine_free()</code> return <code>CL_SUCCESS</code>
68
on success or another code on error. <code>cl_engine_new()</code> return
69
a pointer or NULL if there's not enough memory to allocate a new
195
<DIV CLASS="navigation"><HR>
196
<!--Navigation Panel-->
197
<A NAME="tex2html882"
199
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
200
<A NAME="tex2html878"
202
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
203
<A NAME="tex2html872"
205
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
206
<A NAME="tex2html880"
208
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
210
<B> Next:</B> <A NAME="tex2html883"
211
HREF="node52.html">Memory</A>
212
<B> Up:</B> <A NAME="tex2html879"
213
HREF="node43.html">API</A>
214
<B> Previous:</B> <A NAME="tex2html873"
215
HREF="node50.html">Database checks</A>
216
<B> <A NAME="tex2html881"
217
HREF="node1.html">Contents</A></B> </DIV>
218
<!--End of Navigation Panel-->
220
SourceFire 2013-04-16