Tomasz and gents, this issue has been discussed and explained a few times before, and still I'll dare to repoen it, and propose a somewhat different approach.
The problem: sometimes(*) you may have an existing memory area (e.g.
segment of an mmap()ed file, or chunk of data got from the network) that
you want to scan for virii. As of now, you have two options:
1 - scan it with cl_scanbuf() and *not* detect zipped, OLE and some
other types of virii, or
2 - create a temporary file (maybe on ramfs), write you data there and
scan it with cl_scandesc(), then remove the file.
I understand that implementing in scanbuf all of the features that are
present in scandesc is too cumbersome. On the other hand, if you have
random mix on input, such as incoming messages on a mail server, only
small portion of data contains archievs and OLE objects that may need
cl_scandesc to detect virii inside. And creating temporary files for
*all* data can be rather expensive (even on ramfs) (**).
I wonder if it could be feasible to have another API function in
libclamav that would check a memory buffer for "potentially harmful"
data, and return non-zero if the buffer has things that *may* need
file-based scanning. Then, the scanner (pseudo)code may be like this:
int
scan_mem_data(char *data,int datasize)
{
int rc;
if (cl_needfilescan(data,datasize,...)) {
int tempfd=make_tempfile();
jumbo_write(tempfd,data,datasize);
rc=cl_scandesc(tempfd,...);
remove_tempfile(tempfd);
} else {
rc=cl_scanbuff(data,datasize,...);
}
return rc;
}
What do you think? Is it possible?
(*) I have this situation in zmscanner http://www.average.org/zmscanner/
(**) On many systems, filesystem operations are expensive even if they
are not disk-bound. Apparently because they require kernel locks, large
list lookups/updates etc.
Eugene
P.S. could the webmaster please put a reference to zmscanner on the
"3rdparty" page on www.clamav.net?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
