/usr/share/doc/clamav-docs/html/node58.html is in clamav-docs 0.99.2+addedllvm-0ubuntu0.12.04.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--Converted with LaTeX2HTML 2008 (1.71)
original version by: Nikos Drakos, CBLU, University of Leeds
* revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan
* with significant contributions from:
Jens Lippmann, Marek Rouchal, Martin Wilck and others -->
<HTML>
<HEAD>
<TITLE>Data scan functions</TITLE>
<META NAME="description" CONTENT="Data scan functions">
<META NAME="keywords" CONTENT="clamdoc">
<META NAME="resource-type" CONTENT="document">
<META NAME="distribution" CONTENT="global">
<META NAME="Generator" CONTENT="LaTeX2HTML v2008">
<META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css">
<LINK REL="STYLESHEET" HREF="clamdoc.css">
<LINK REL="next" HREF="node59.html">
<LINK REL="previous" HREF="node57.html">
<LINK REL="up" HREF="node50.html">
<LINK REL="next" HREF="node59.html">
</HEAD>
<BODY >
<DIV CLASS="navigation"><!--Navigation Panel-->
<A NAME="tex2html986"
HREF="node59.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html982"
HREF="node50.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html976"
HREF="node57.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html984"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html987"
HREF="node59.html">Memory</A>
<B> Up:</B> <A NAME="tex2html983"
HREF="node50.html">API</A>
<B> Previous:</B> <A NAME="tex2html977"
HREF="node57.html">Database checks</A>
<B> <A NAME="tex2html985"
HREF="node1.html">Contents</A></B>
<BR>
<BR></DIV>
<!--End of Navigation Panel-->
<H3><A NAME="SECTION00073800000000000000">
Data scan functions</A>
</H3>
It's possible to scan a file or descriptor using:
<PRE>
int cl_scanfile(const char *filename, const char **virname,
unsigned long int *scanned, const struct cl_engine *engine,
unsigned int options);
int cl_scandesc(int desc, const char **virname, unsigned
long int *scanned, const struct cl_engine *engine,
unsigned int options);
</PRE>
Both functions will store a virus name under the pointer <code>virname</code>,
the virus name is part of the engine structure and must not be released
directly. If the third argument (<code>scanned</code>) is not NULL, the
functions will increase its value with the size of scanned data (in
<code>CL_COUNT_PRECISION</code> units).
The last argument (<code>options</code>) specified the scan options and supports
the following flags (which can be combined using bit operators):
<UL>
<LI><SPAN CLASS="textbf">CL_SCAN_STDOPT</SPAN>
<BR>
This is an alias for a recommended set of scan options. You
should use it to make your software ready for new features
in the future versions of libclamav.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_RAW</SPAN>
<BR>
Use it alone if you want to disable support for special files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ARCHIVE</SPAN>
<BR>
This flag enables transparent scanning of various archive formats.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKENCRYPTED</SPAN>
<BR>
With this flag the library will mark encrypted archives as viruses
(Encrypted.Zip, Encrypted.RAR).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_MAIL</SPAN>
<BR>
Enable support for mail files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_OLE2</SPAN>
<BR>
Enables support for OLE2 containers (used by MS Office and .msi
files).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PDF</SPAN>
<BR>
Enables scanning within PDF files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_SWF</SPAN>
<BR>
Enables scanning within SWF files, notably compressed SWF.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PE</SPAN>
<BR>
This flag enables deep scanning of Portable Executable files and
allows libclamav to unpack executables compressed with run-time
unpackers.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ELF</SPAN>
<BR>
Enable support for ELF files.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKBROKEN</SPAN>
<BR>
libclamav will try to detect broken executables and mark them as
Broken.Executable.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_HTML</SPAN>
<BR>
This flag enables HTML normalisation (including ScrEnc
decryption).
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_ALGORITHMIC</SPAN>
<BR>
Enable algorithmic detection of viruses.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKSSL</SPAN>
<BR>
Phishing module: always block SSL mismatches in URLs.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PHISHING_BLOCKCLOAK</SPAN>
<BR>
Phishing module: always block cloaked URLs.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED</SPAN>
<BR>
Enable the DLP module which scans for credit card and SSN
numbers.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_NORMAL</SPAN>
<BR>
Search for SSNs formatted as xx-yy-zzzz.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_STRUCTURED_SSN_STRIPPED</SPAN>
<BR>
Search for SSNs formatted as xxyyzzzz.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_PARTIAL_MESSAGE</SPAN>
<BR>
Scan RFC1341 messages split over many emails. You will need to
periodically clean up <code>$TemporaryDirectory/clamav-partial</code>
directory.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_HEURISTIC_PRECEDENCE</SPAN>
<BR>
Allow heuristic match to take precedence. When enabled, if
a heuristic scan (such as phishingScan) detects a possible
virus/phish it will stop scan immediately. Recommended, saves CPU
scan-time. When disabled, virus/phish detected by heuristic scans
will be reported only at the end of a scan. If an archive
contains both a heuristically detected virus/phishing, and a real
malware, the real malware will be reported.
</LI>
<LI><SPAN CLASS="textbf">CL_SCAN_BLOCKMACROS</SPAN>
<BR>
OLE2 containers, which contain VBA macros will be marked infected
(Heuristics.OLE2.ContainsMacros).
</LI>
</UL>
All functions return <code>CL_CLEAN</code> when the file seems clean,
<code>CL_VIRUS</code> when a virus is detected and another value on failure.
<PRE>
...
const char *virname;
if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
CL_SCAN_STDOPT)) == CL_VIRUS) {
printf("Virus detected: %s\n", virname);
} else {
printf("No virus detected.\n");
if(ret != CL_CLEAN)
printf("Error: %s\n", cl_strerror(ret));
}
</PRE>
<P>
<DIV CLASS="navigation"><HR>
<!--Navigation Panel-->
<A NAME="tex2html986"
HREF="node59.html">
<IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="next.png"></A>
<A NAME="tex2html982"
HREF="node50.html">
<IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="up.png"></A>
<A NAME="tex2html976"
HREF="node57.html">
<IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="prev.png"></A>
<A NAME="tex2html984"
HREF="node1.html">
<IMG WIDTH="65" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="contents" SRC="contents.png"></A>
<BR>
<B> Next:</B> <A NAME="tex2html987"
HREF="node59.html">Memory</A>
<B> Up:</B> <A NAME="tex2html983"
HREF="node50.html">API</A>
<B> Previous:</B> <A NAME="tex2html977"
HREF="node57.html">Database checks</A>
<B> <A NAME="tex2html985"
HREF="node1.html">Contents</A></B> </DIV>
<!--End of Navigation Panel-->
<ADDRESS>
Cisco 2016-04-21
</ADDRESS>
</BODY>
</HTML>
|