程序员达达

Tag Archive for ClamAV

ClamAV source code analysis (3) — Key Data Structure

First, let’s have a look at what does the matcher engine look like. The name of the structure is “cl_engine” and it’s in “./libclamav/others” struct cl_engine { uint32_t refcount; /* reference counter */ uint32_t sdb; uint32_t dboptions; uint32_t dbversion[2]; uint32_t ac_only; uint32_t ac_mindepth; uint32_t ac_maxdepth; char *tmpdir; uint32_t keeptmp;   /* Limits */ uint64_t maxscansize;…

ClamAV source code analysis (3) — debug info analysis

By using “–debug” option, you can get the clamscan to output all the debug information. I scanned a small text file with the size of 0.02MB and the attachment is the output file. LibClamAV debug: Loading databases from /home/daniel/clamav/share/clamav Indicate which database is using. LibClamAV debug: in cli_tgzload() LibClamAV debug: daily.info loaded LibClamAV debug: in…

ClamAV source code analysis (0)

I use the version 0.97.4 Let’s read clamscan.c under ~/clamscan first. int main(int argc, char **argv) { int ds, dms, ret; double mb, rmb; struct timeval t1, t2; #ifndef _WIN32 sigset_t sigset; #endif struct optstruct *opts; const struct optstruct *opt;   if(check_flevel()) exit(2);   #if !defined(_WIN32) && !defined(C_BEOS) sigemptyset(&sigset); sigaddset(&sigset, SIGXFSZ); sigprocmask(SIG_SETMASK, &sigset, NULL); #endif…