clamav-0.99.2的编译

前言

看到clamav是开源的, 拿来玩玩.
第一步就是编译了, 今天搞定了.

试验材料

clamav_build_stuff.zip

2017/04/08  13:28    <DIR>          .2017/04/08  13:28    <DIR>          ..2017/04/08  13:28    <DIR>          av_database2017/04/08  08:06        16,067,497 clamav-0.99.2.tar.gz2017/04/08  12:56             1,703 cpy_openssl_inc_lib.bat2017/04/08  13:06            79,360 debug_note_clamav.doc2017/04/08  11:41        21,725,155 src_openssl_1.0.1h_was_build.zip               4 个文件     37,873,715 字节               3 个目录 63,417,401,344 可用字节

记录

编译环境

Win7X64SP1
vs2010sp1
nasm
perl
git for windows

下载clamav

https://github.com/vrtadmin/clamav-devel.git
checkout to : D:\3rd\clamav-devel\

这个版本是vs2015 + openSSL1.1.1
手头没有vs2015, 只有vs2013和vs2010, 放弃这个版本, 向下找一个版本玩.
clamav-0.99.2.tar.gz
https://s3.amazonaws.com/clamav-site/production/release_files/files/000/000/301/original/clamav-0.99.2.tar.gz?AWSAccessKeyId=AKIAIY6OSGQFGUNJQ7GQ&Expires=1491613544&Signature=%2BPUIw5rH7HtITz1yayVp%2BbNUoUQ%3D

编译openssl

参考文档
http://blog.clamav.net/2014/07/compiling-openssl-for-windows.html
用vs2010编译的openSSL版本为1.0.1h, 要不编译不过, openSSL新版中数据结构改了

下载openSSL1.0.1h

只能用openSSL1.0.1h
https://www.openssl.org/source/old/1.0.1/openssl-1.0.1h.tar.gz

迁出到D:\3rd\openssl

下载activeperl

http://www.activestate.com/activeperl
下载x64版 :
http://downloads.activestate.com/ActivePerl/releases/5.24.1.2402/ActivePerl-5.24.1.2402-MSWin32-x64-401627.exe

安装ActivePerl-5.24.1.2402-MSWin32-x64-401627.exe到D:\Perl64, 安装时跳过新版本检测,全部安装.

openSSL1.0.1h的编译

编译指南 : D:\3rd\openssl-1.0.1h\INSTALL.W32
因为前面做过openSSL1.1.1的编译, 环境全了(nasm, perl)
打开vs2010命令行Visual Studio Command Prompt (2010)
cd D:\3rd\openssl-1.0.1h
d:
perl Configure VC-WIN32 –prefix=c:\some\openssl\dir
ms\do_nasm
nmake -f ms\ntdll.mak
nmake -f ms\ntdll.mak install
编译完成后, C:\some\openssl\dir为编译好的openSSL头文件和库文件
编译速度还挺快的

运行configure.bat

打开Git Bash, 进入D:\3rd\clamav-0.99.2\win32, configure.bat

LostSpeed@LostSpeed-PC MINGW64 /d/3rd/clamav-0.99.2/win32
$ ./configure.bat

D:\3rd\clamav-0.99.2\win32>cscript //NoLogo configure.js
Generating version.h
WARNING: git describe returned 128
WARNING: unable to determine repository revision
Work complete

编译ClamAV.sln

必须用vs2010sp1编译.
先编译一遍, 看编译错误, 将openSSL库位置摆正.
摆正头和库后, 一次就编译过.
直接编译过了,并打好了安装包.
D:\3rd\clamav-0.99.2\win32\Setup-x86\Debug\Setup-x86.msi

将开始编译好的openSSL库位置摆正

写了一个脚本,将编译好的openSSL1.0.1h拷贝到clamav需要的包含位置.
摆正clamav需要的openSSL库时,好烦,写了一个脚本干这活.

echo offrem filename cpy_openssl_inc_lib.batclstitle copy openssl lib for clamavecho ==========================================================================echo copy openSSL include files for clamav...echo ==========================================================================if not exist C:\clamdeps mkdir C:\clamdepsif not exist C:\clamdeps\win32 mkdir C:\clamdeps\win32if not exist C:\clamdeps\win32\openssl mkdir C:\clamdeps\win32\opensslif not exist C:\clamdeps\win32\openssl\include mkdir C:\clamdeps\win32\openssl\includeif exist C:\clamdeps\win32\openssl\include goto L_MKDIR_OPENSSL_INC_DIR_OKecho openSSL include dir create errorgoto :EOF:L_MKDIR_OPENSSL_INC_DIR_OKxcopy C:\some\openssl\dir\include C:\clamdeps\win32\openssl\include /Y /E /F /H /K /Jecho ==========================================================================echo copy openSSL library files for clamav...echo ==========================================================================if not exist C:\clamdeps\win32\openssl\lib mkdir C:\clamdeps\win32\openssl\libxcopy C:\some\openssl\dir\lib C:\clamdeps\win32\openssl\lib /Y /E /F /H /K /Jecho ==========================================================================echo copy openSSL dll files for clamav...echo ==========================================================================xcopy C:\some\openssl\dir\bin C:\clamdeps\win32\openssl\lib /Y /E /F /H /K /Jecho ==========================================================================echo END, please build "D:\3rd\clamav-0.99.2\win32\ClamAV.sln"echo ==========================================================================pauseecho on

安装

运行Setup-x86.msi, 安装后, 下载病毒库, 摆到安装目录下的database目录下.
http://database.clamav.net/bytecode.cvd
http://database.clamav.net/daily.cvd
http://database.clamav.net/main.cvd

样本扫描测试

如果要扫描速度快些, 要clamd.exe + clamdscan.exe配合, 采用c/s方式扫描.
如果要测试扫描单个样本, 用clamscan.exe + filename扫描.
扫描单个样本时间蛮长的(将近60S), 有点受不了.