> Due to my university project in my lab, I want to utilize unpacking function
> of clamav.
> So, is there anyway to only unpack binary files without any other analysis?
> Because performance of my project is very important, other unnecessary
> analysis steps degrade performance.
I've done this. Start by initializing:
cl_init(CL_INIT_DEFAULT);
Create a new engine:
engine = cl_engine_new();
Set the directory you want it to be parsed into, and tell it to keep the temp
files:
cl_engine_set_str(engine, CL_ENGINE_TMPDIR, tmpdir);
cl_engine_set_num(engine, CL_ENGINE_KEEPTMP, 1);
Create a dummy database of only one line and load it:
cl_load(dummy_db_file, engine, &sigs, CL_DB_STDOPT);
Compile the engine:
cl_engine_compile(engine);
Finally scan the file you want to parse:
cl_scanfile(filename, &matchname, NULL, engine, CL_SCAN_STDOPT);
The file's components will be in the tmp dir you specified and you can check
them
at your leisure. When you're done, make sure to call cl_engine_free() to free
the engine,
and then you need to remove the files in the tmp dir. Check the Clamav docs for
the
arguments in the routines called, and add your own error checking.
This transmission may contain information that is privileged, confidential,
and/or exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any disclosure, copying, distribution,
or use of the information contained herein (including any reliance thereon) is
strictly prohibited. If you received this transmission in error, please
immediately contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format.
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
