On Wed, Nov 20, 2013 at 2:45 PM, Erik Aigner <aigner.e...@gmail.com> wrote:
> "No difference between a file handle to something in memory and to a file > on the FS.” > > Apparently there is, otherwise it would work with a memory file handle. > > -- > Erik Aigner > > > On Wednesday 20 November 2013 at 20:15, Brandon Perry wrote: > > > Why would you *have* to write to the disk? No difference between a file > handle to something in memory and to a file on the FS. > > > > That being said, i actually used a ramdisk when building my clamav > bindings (https://github.com/brandonprry/clam-sharp/). > > > > Sent from a computer > > > > > On Nov 20, 2013, at 12:42, Erik Aigner <aigner.e...@gmail.com (mailto: > aigner.e...@gmail.com)> wrote: > > > > > > Helo! > > > > > > The clamav daemon has an INSTREAM feature for scanning a stream of > data. > > > I’m developing Go bindings for libclamav ( > https://github.com/eaigner/clam) and was > > > wondering why there isn’t such a feature in libclamav? > > > > > > I searched the libclamav headers for something equal but didn’t find > anything similar. > > > It seems I can only scan by file handle. If I use a pipe handle, it > will fail. > > > > > > Is that correct? Do I really have to write (potentially huge) files to > disk to scan for clamav? > > > > > > Cheers, > > > > > > -- > > > Erik Aigner > > > > > > > > > _______________________________________________ > > > http://lurker.clamav.net/list/clamav-devel.html > > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > > > _______________________________________________ > > http://lurker.clamav.net/list/clamav-devel.html > > Please submit your patches to our Bugzilla: http://bugs.clamav.net > > > > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > Based on the operations ClamAV performs and the way it does them, ClamAV needs to be able to seek and rewind. Not every "stream" supports that. Sockets cannot. There are also certain features, like some of the callbacks, that were designed for file-based access and pass descriptors. So right now libclamav does not expose functions for scanning blocks of memory. ClamAV only uses maps that it created and makes sure it releases them. Under the hood, a lot of the code has been switched over to using maps ... so perhaps with the right setup call and symbols ... you might be able to write code to what you are looking to do. Just be aware that you may want to avoid or turn off certain features. Things like filetyping will give much different results when dealing with memory blocks instead of discrete files. Good luck, Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net