ClamAV工作

来源：互联网发布：四川广电网络投诉电话编辑：程序博客网时间：2024/05/21 10:23

工作流程图

ClamAV工作流程图

引用库

zlib

bzlib

关键函数

int scanmanager(const struct optstruct *opts)

内容扫描入口

static void scanfile(const char filename, struct cl_engine engine, const struct optstruct *opts, unsigned int options)

内容扫描

int cl_scandesc_callback(int desc, const char **virname, unsigned long int scanned, const struct cl_engine engine, unsigned int scanoptions, void *context)

扫描封装函数

int cli_map_scandesc(cl_fmap_t map, off_t offset, size_t length, cli_ctx ctx, cli_file_t type)

扫描封装函数

static int magic_scandesc(cli_ctx *ctx, cli_file_t type)

扫描内容

cli_file_t cli_filetype2(fmap_t map, const struct cl_engine engine, cli_file_t basetype)

查找文件类型

扫描文件类型

DCONF_ARCH 压缩文件

#define ARCH_CONF_RAR       0x1#define ARCH_CONF_ZIP       0x2#define ARCH_CONF_GZ        0x4#define ARCH_CONF_BZ        0x8#define ARCH_CONF_SZDD      0x10#define ARCH_CONF_CAB       0x20#define ARCH_CONF_CHM       0x40#define ARCH_CONF_OLE2      0x80#define ARCH_CONF_TAR       0x100#define ARCH_CONF_BINHEX    0x200#define ARCH_CONF_SIS       0x400#define ARCH_CONF_NSIS      0x800#define ARCH_CONF_ARJ       0x1000#define ARCH_CONF_AUTOIT    0x2000#define ARCH_CONF_CPIO      0x4000#define ARCH_CONF_ISHIELD   0x8000#define ARCH_CONF_7Z        0x10000#define ARCH_CONF_ISO9660   0x20000#define ARCH_CONF_DMG       0x40000#define ARCH_CONF_XAR       0x80000#define ARCH_CONF_HFSPLUS   0x100000#define ARCH_CONF_XZ        0x200000#define ARCH_CONF_PASSWD    0x400000#define ARCH_CONF_MBR       0x800000#define ARCH_CONF_GPT       0x1000000#define ARCH_CONF_APM       0x2000000

DCONF_DOC 文档

#define DOC_CONF_HTML       0x1#define DOC_CONF_RTF        0x2#define DOC_CONF_PDF        0x4#define DOC_CONF_SCRIPT     0x8#define DOC_CONF_HTML_SKIPRAW   0x10#define DOC_CONF_JSNORM         0x20#define DOC_CONF_SWF        0x40#define DOC_CONF_MSXML      0x80#define DOC_CONF_OOXML      0x100#define DOC_CONF_HWP        0x200

DCONF_MAIL 邮件

#define MAIL_CONF_MBOX      0x1#define MAIL_CONF_TNEF      0x2

DCONF_OTHER 其他

#define OTHER_CONF_UUENC    0x1#define OTHER_CONF_SCRENC   0x2#define OTHER_CONF_RIFF     0x4#define OTHER_CONF_JPEG     0x8#define OTHER_CONF_CRYPTFF  0x10#define OTHER_CONF_DLP      0x20#define OTHER_CONF_MYDOOMLOG    0x40#define OTHER_CONF_PREFILTERING 0x80#define OTHER_CONF_PDFNAMEOBJ   0x100#define OTHER_CONF_PRTNINTXN    0x200

阅读全文

0 0

ClamAV工作

工作流程图

引用库

zlib

bzlib

关键函数

int scanmanager(const struct optstruct *opts)

static void scanfile(const char *filename, struct cl_engine *engine, const struct optstruct *opts, unsigned int options)

int cl_scandesc_callback(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, unsigned int scanoptions, void *context)

int cli_map_scandesc(cl_fmap_t *map, off_t offset, size_t length, cli_ctx *ctx, cli_file_t type)

static int magic_scandesc(cli_ctx *ctx, cli_file_t type)

cli_file_t cli_filetype2(fmap_t *map, const struct cl_engine *engine, cli_file_t basetype)

扫描文件类型

DCONF_ARCH 压缩文件

DCONF_DOC 文档

DCONF_MAIL 邮件

DCONF_OTHER 其他

static void scanfile(const char filename, struct cl_engine engine, const struct optstruct *opts, unsigned int options)

int cl_scandesc_callback(int desc, const char **virname, unsigned long int scanned, const struct cl_engine engine, unsigned int scanoptions, void *context)

int cli_map_scandesc(cl_fmap_t map, off_t offset, size_t length, cli_ctx ctx, cli_file_t type)

cli_file_t cli_filetype2(fmap_t map, const struct cl_engine engine, cli_file_t basetype)