Hi Micah, Thank you so much for your prompt reply.
On Wed 27/Feb/2019 20:48:44 +0100 Micah Snyder \(micasnyd\) via clamav-users wrote: > > You're correct, there are non-backwards compatible changes in clamav.h in > version 0.101. The libclamav major version number as also increased to > highlight the incompatibility. > > The changes are mentioned somewhat briefly in the release notes: > https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html > https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.1/NEWS.md#some-of-the-more-obvious-changes > That doc is rather brief about #define's. I attach my attempt at matching them. Besides having different values and going to different variables, CL_SCAN_* have new names. > CL_SCAN_STDOPT previously enabled all parsers, plus heuristic alerts (which > were sometimes/inconsistently referred to as algorithmic detection): > https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.100.2/libclamav/clamav.h#L181 > > In 0.101, CL_SCAN_STDOPT has gone away. Instead, you can get the same > functionality by setting the following, as shown in the example > (https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/examples/ex1.c#L93): I see. I think I'll code #ifdef CL_SCAN_STDOPT for compile time switching, trying to be compatible with v100. > options.parse |= ~0; /* enable all parsers */ > options.general |= CL_SCAN_GENERAL_HEURISTICS; /* enable heuristic alert > options */ The docs suggest AlgorithmicDetection becomes HeuristicAlerts, I'm not clear if that implies CL_SCAN_ALGORITHMIC becomes CL_SCAN_GENERAL_HEURISTICS (as claimed in my attachment). Best Ale --
CL_ENGINE_* and CL_DB_* defines are untouched. CL_SCAN_* migrated as follows(?): -#define CL_SCAN_RAW 0x0 -#define CL_SCAN_STDOPT (CL_SCAN_ARCHIVE | CL_SCAN_MAIL | CL_SCAN_OLE2 | CL_SCAN_PDF | CL_SCAN_HTML | CL_SCAN_PE | CL_SCAN_ALGORITHMIC | CL_SCAN_ELF | CL_SCAN_SWF | CL_SCAN_XMLDOCS | CL_SCAN_HWP3) -#define CL_SCAN_ARCHIVE 0x1 +#define CL_SCAN_PARSE_ARCHIVE 0x1 -#define CL_SCAN_MAIL 0x2 +#define CL_SCAN_PARSE_MAIL 0x40 -#define CL_SCAN_OLE2 0x4 +#define CL_SCAN_PARSE_OLE2 0x80 -#define CL_SCAN_BLOCKENCRYPTED 0x8 +#define CL_SCAN_HEURISTIC_ENCRYPTED_ARCHIVE 0x40 /* alert if archive is encrypted (rar, zip, etc) */ +#define CL_SCAN_HEURISTIC_ENCRYPTED_DOC 0x80 /* alert if a document is encrypted (pdf, docx, etc) */ -#define CL_SCAN_HTML 0x10 +#define CL_SCAN_PARSE_HTML 0x100 -#define CL_SCAN_PE 0x20 +#define CL_SCAN_PARSE_PE 0x200 -#define CL_SCAN_BLOCKBROKEN 0x40 +#define CL_SCAN_HEURISTIC_BROKEN 0x2 /* alert on broken PE and broken ELF files */ -#define CL_SCAN_MAILURL 0x80 /* ignored */ -#define CL_SCAN_BLOCKMAX 0x100 +#define CL_SCAN_HEURISTIC_EXCEEDS_MAX 0x4 /* alert when files exceed scan limits (filesize, max scansize, or max recursion depth) */ -#define CL_SCAN_ALGORITHMIC 0x200 +#define CL_SCAN_GENERAL_HEURISTICS 0x4 /* option to enable heuristic alerts */ -#define CL_SCAN_PHISHING_BLOCKSSL 0x800 /* ssl mismatches, not ssl by itself*/ +#define CL_SCAN_HEURISTIC_PHISHING_SSL_MISMATCH 0x8 /* alert on SSL mismatches */ -#define CL_SCAN_PHISHING_BLOCKCLOAK 0x1000 +#define CL_SCAN_HEURISTIC_PHISHING_CLOAK 0x10 /* alert on cloaked URLs in emails */ -#define CL_SCAN_ELF 0x2000 +#define CL_SCAN_PARSE_ELF 0x2 -#define CL_SCAN_PDF 0x4000 +#define CL_SCAN_PARSE_PDF 0x4 -#define CL_SCAN_STRUCTURED 0x8000 +#define CL_SCAN_HEURISTIC_STRUCTURED 0x200 /* data loss prevention options, i.e. alert when detecting personal information */ -#define CL_SCAN_STRUCTURED_SSN_NORMAL 0x10000 +#define CL_SCAN_HEURISTIC_STRUCTURED_SSN_NORMAL 0x400 /* alert when detecting social security numbers */ -#define CL_SCAN_STRUCTURED_SSN_STRIPPED 0x20000 +#define CL_SCAN_HEURISTIC_STRUCTURED_SSN_STRIPPED 0x800 /* alert when detecting stripped social security numbers */ -#define CL_SCAN_PARTIAL_MESSAGE 0x40000 +#define CL_SCAN_MAIL_PARTIAL_MESSAGE 0x1 -#define CL_SCAN_HEURISTIC_PRECEDENCE 0x80000 +#define CL_SCAN_GENERAL_HEURISTIC_PRECEDENCE 0x8 /* allow heuristic match to take precedence. */ -#define CL_SCAN_BLOCKMACROS 0x100000 +#define CL_SCAN_HEURISTIC_MACROS 0x20 /* alert on OLE2 files containing macros */ -#define CL_SCAN_ALLMATCHES 0x200000 +#define CL_SCAN_GENERAL_ALLMATCHES 0x1 /* scan in all-match mode */ -#define CL_SCAN_SWF 0x400000 +#define CL_SCAN_PARSE_SWF 0x8 -#define CL_SCAN_PARTITION_INTXN 0x800000 +#define CL_SCAN_HEURISTIC_PARTITION_INTXN 0x100 /* alert if partition table size doesn't make sense */ -#define CL_SCAN_XMLDOCS 0x1000000 +#define CL_SCAN_PARSE_XMLDOCS 0x20 -#define CL_SCAN_HWP3 0x2000000 +#define CL_SCAN_PARSE_HWP3 0x10 -#define CL_SCAN_PERFORMANCE_INFO 0x40000000 /* collect performance timings */ +#define CL_SCAN_DEV_COLLECT_PERFORMANCE_INFO 0x2 /* collect performance timings */ -#define CL_SCAN_INTERNAL_COLLECT_SHA 0x80000000 /* Enables hash output in sha-collect builds - for internal use only */ +#define CL_SCAN_DEV_COLLECT_SHA 0x1 /* Enables hash output in sha-collect builds - for internal use only */ -#define CL_SCAN_FILE_PROPERTIES 0x10000000 +#define CL_SCAN_GENERAL_COLLECT_METADATA 0x2 /* collect metadata (--gen-json) */
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
