Tomasz and gents, this issue has been discussed and explained a few times before, and still I'll dare to repoen it, and propose a somewhat different approach.
The problem: sometimes(*) you may have an existing memory area (e.g. segment of an mmap()ed file, or chunk of data got from the network) that you want to scan for virii. As of now, you have two options: 1 - scan it with cl_scanbuf() and *not* detect zipped, OLE and some other types of virii, or 2 - create a temporary file (maybe on ramfs), write you data there and scan it with cl_scandesc(), then remove the file. I understand that implementing in scanbuf all of the features that are present in scandesc is too cumbersome. On the other hand, if you have random mix on input, such as incoming messages on a mail server, only small portion of data contains archievs and OLE objects that may need cl_scandesc to detect virii inside. And creating temporary files for *all* data can be rather expensive (even on ramfs) (**). I wonder if it could be feasible to have another API function in libclamav that would check a memory buffer for "potentially harmful" data, and return non-zero if the buffer has things that *may* need file-based scanning. Then, the scanner (pseudo)code may be like this: int scan_mem_data(char *data,int datasize) { int rc; if (cl_needfilescan(data,datasize,...)) { int tempfd=make_tempfile(); jumbo_write(tempfd,data,datasize); rc=cl_scandesc(tempfd,...); remove_tempfile(tempfd); } else { rc=cl_scanbuff(data,datasize,...); } return rc; } What do you think? Is it possible? (*) I have this situation in zmscanner http://www.average.org/zmscanner/ (**) On many systems, filesystem operations are expensive even if they are not disk-bound. Apparently because they require kernel locks, large list lookups/updates etc. Eugene P.S. could the webmaster please put a reference to zmscanner on the "3rdparty" page on www.clamav.net?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html