> Due to my university project in my lab, I want to utilize unpacking function > of clamav. > So, is there anyway to only unpack binary files without any other analysis? > Because performance of my project is very important, other unnecessary > analysis steps degrade performance.
I've done this. Start by initializing: cl_init(CL_INIT_DEFAULT); Create a new engine: engine = cl_engine_new(); Set the directory you want it to be parsed into, and tell it to keep the temp files: cl_engine_set_str(engine, CL_ENGINE_TMPDIR, tmpdir); cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1); Create a dummy database of only one line and load it: cl_load(dummy_db_file, engine, &sigs, CL_DB_STDOPT); Compile the engine: cl_engine_compile(engine); Finally scan the file you want to parse: cl_scanfile(filename, &matchname, NULL, engine, CL_SCAN_STDOPT); The file's components will be in the tmp dir you specified and you can check them at your leisure. When you're done, make sure to call cl_engine_free() to free the engine, and then you need to remove the files in the tmp dir. Check the Clamav docs for the arguments in the routines called, and add your own error checking. ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
