headers
Lars Roland | 1 Mar 2004 02:29
Picon
Favicon

Initial port of clam to windows

Hi all clamav people.

My boss (Diego the clamav db dude) gave me the idea to port clam to windows, 
this way we could hopefully expand our user base and also clam would make 
a nice exchange plugin (clam scanning on all incomming mail on a MS
exchange mail server). 

I have started a port of clamav to windows. The plan is to use 
a set of patches to the vanilla clamav source and only make changes to 
the code when there is no alternative. 

It was a bit of a hack to make it play nicly with cygwin - but I did make
it work only to discover that making a COM addin to MS outlook using cygwin 
dll's was almost impossible so i have dicided to make a native port.
I have started looking at the core clam functionalty, such as db files, 
scanner libary and other things, to see how unix depending these is and
it looks easy to port (most) them and then make a clam scanner process that 
can be called via MS sockets. 

I do not have much time this week but hopefully i can make some more progress 
next weekend.

Regards.

Lars Roland. 

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
(Continue reading)

Permalink | Reply | 1 comment |
headers
Nigel Horne | 1 Mar 2004 02:39
Picon
Gravatar

Re: Initial port of clam to windows

On Monday 01 Mar 2004 1:29 am, Lars Roland wrote:

> it looks easy to port (most) them and then make a clam scanner process that
> can be called via MS sockets.

That's the method that is used in contrib/Windows/clamav.exe (current version is 0.14)

> Regards.
>
> Lars Roland.

-Nigel

--

-- 
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
njh <at> despammed.com http://www.bandsman.co.uk

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
Permalink | Reply | 0 comments |
headers
Lars Roland | 1 Mar 2004 13:11
Picon
Favicon

RE: Initial port of clam to windows

Yep - i know had some dificulties makeing it run/compile though. Will look at it again this weekend.

________________________________

From: clamav-devel-admin <at> lists.sourceforge.net on behalf of Nigel Horne
Sent: Mon 3/1/2004 2:39 AM
To: clamav-devel <at> lists.sourceforge.net
Subject: Re: [Clamav-devel] Initial port of clam to windows

On Monday 01 Mar 2004 1:29 am, Lars Roland wrote:

> it looks easy to port (most) them and then make a clam scanner process that
> can be called via MS sockets.

That's the method that is used in contrib/Windows/clamav.exe (current version is 0.14)

> Regards.
>
> Lars Roland.

-Nigel

--
Nigel Horne. Arranger, Composer, Typesetter.
NJH Music, Barnsley, UK.  ICQ#20252325
njh <at> despammed.com http://www.bandsman.co.uk

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
(Continue reading)

Permalink | Reply | 503 comments |
headers
Ken Jones | 1 Mar 2004 16:28
Favicon

freshclam changes/new foreground feature

Hi,

Who should I submit changes to?

I added a small change to freshclam to let it run in
daemon mode but stay in the foreground. This helps
with running it under djb's daemontools and also for
sending the log output through multilog.

I also think I found a small typo in how it picks up
the count variable. 

This code:
        if(optc(opt, 'c')) {
            checks = atoi(getargc(opt, 'c'));
        } if((cpt = cfgopt(copt, "Checks"))) {
            checks = cpt->numarg;
        } else {
            checks = CL_DEFAULT_CHECKS;
        }

Seems like it should look like this:
        if(optc(opt, 'c')) {
            checks = atoi(getargc(opt, 'c'));
        } else if((cpt = cfgopt(copt, "Checks"))) {
          ^^^^ missing else?
            checks = cpt->numarg;
        } else {
            checks = CL_DEFAULT_CHECKS;
        }
(Continue reading)

Permalink | Reply | 1 comment |
headers
Nigel Horne | 1 Mar 2004 18:02
Picon
Gravatar

Re: Initial port of clam to windows

On Monday 01 Mar 2004 12:11 pm, Lars Roland wrote:
> Yep - i know had some dificulties makeing it run/compile though. Will look
> at it again this weekend.

What difficulties?

>
> ________________________________
>
> From: clamav-devel-admin <at> lists.sourceforge.net on behalf of Nigel Horne
> Sent: Mon 3/1/2004 2:39 AM
> To: clamav-devel <at> lists.sourceforge.net
> Subject: Re: [Clamav-devel] Initial port of clam to windows
>
> On Monday 01 Mar 2004 1:29 am, Lars Roland wrote:
> > it looks easy to port (most) them and then make a clam scanner process
> > that can be called via MS sockets.
>
> That's the method that is used in contrib/Windows/clamav.exe (current
> version is 0.14)
>
> > Regards.
> >
> > Lars Roland.
>
> -Nigel
>
> --
> Nigel Horne. Arranger, Composer, Typesetter.
> NJH Music, Barnsley, UK.  ICQ#20252325
(Continue reading)

Permalink | Reply | 503 comments |
headers
Dirk Mueller | 1 Mar 2004 18:32
Picon

de-UPX support?

Hi, 

has anybody already thought about adding a native de-UPX unpacker to ClamAV ? 
This would avoid the current problem that ClamAV does not detect viruses when 
de-UPX'ing them and then running UPX on it again with a different compression 
level. 

It seems to me that most popular virus scanners have native support for UPX 
since they're not "vulnerable" to this trick. 

It seems to me there is GPL'ed code for decompressing UPX executables availabe 
from www.oberhumer.com (which is currently down, but it might start to work 
again in a few days). 

Dirk

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
Permalink | Reply | 0 comments |
headers
Tomasz Kojm | 1 Mar 2004 20:53
Picon

Re: freshclam changes/new foreground feature

On Mon, 1 Mar 2004 09:28:43 -0600
Ken Jones <kbo <at> inter7.com> wrote:

> Hi,
> 
> Who should I submit changes to?
> 
> I added a small change to freshclam to let it run in
> daemon mode but stay in the foreground. This helps

Please send the patch to bugs <at> clamav.net

>             checks = atoi(getargc(opt, 'c'));
>         } else if((cpt = cfgopt(copt, "Checks"))) {
>           ^^^^ missing else?

That has been fixed some time ago in CVS.

--

-- 
   oo    .....         Tomasz Kojm <tkojm <at> clamav.net>
  (\/)\.........         http://www.ClamAV.net/gpg/tkojm.gpg
     \..........._         0DCA5A08407D5288279DB43454822DC8985A444B
       //\   /\              Mon Mar  1 20:53:03 CET 2004
Permalink | Reply | 0 comments |
headers
Andrey Cherezov | 2 Mar 2004 03:14
Picon

Re: Initial port of clam to windows

> From: Nigel Horne <njh <at> bandsman.co.uk>
>
> > it looks easy to port (most) them and then make a clam
> scanner process that
> > can be called via MS sockets.
>
> That's the method that is used in contrib/Windows/clamav.exe
> (current version is 0.14)

And in the ClamAV plugin for acSMTP Windows mail server
(acSMTP.sf.net).

There no need 'to port' ClamAV to Windows - it already
successfully compiled under cygwin and work w/o cygwin
(with some of cygwin dll). Just write plugin for your favorite
mail server or client that calls ClamD socket like
clamdscan.exe does.

-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
Permalink | Reply | 0 comments |
headers
Stephen Gran | 2 Mar 2004 07:39

Not quite 64-bit clean, it seems

Hello all,

Just FYI, I see this on Debian linux builds on the ia64:
source='ole2_extract.c' object='ole2_extract.lo' libtool=yes \
depfile='.deps/ole2_extract.Plo' tmpdepfile='.deps/ole2_extract.TPlo' \
depmode=gcc3 /bin/sh ../depcomp \
/bin/sh ../libtool --mode=compile ia64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib    -g -O2
-c -o ole2_extract.lo `test -f 'ole2_extract.c' || echo './'`ole2_extract.c
 ia64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c ole2_extract.c -MT
ole2_extract.lo -MD -MP -MF .deps/ole2_extract.TPlo  -fPIC -DPIC -o .libs/ole2_extract.o
ole2_extract.c: In function `handler_writefile':
ole2_extract.c:524: warning: cast from pointer to integer of different size
 ia64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c ole2_extract.c -MT
ole2_extract.lo -MD -MP -MF .deps/ole2_extract.TPlo -o ole2_extract.o >/dev/null 2>&1
source='vba_extract.c' object='vba_extract.lo' libtool=yes \
depfile='.deps/vba_extract.Plo' tmpdepfile='.deps/vba_extract.TPlo' \
depmode=gcc3 /bin/sh ../depcomp \
/bin/sh ../libtool --mode=compile ia64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib    -g -O2
-c -o vba_extract.lo `test -f 'vba_extract.c' || echo './'`vba_extract.c
 ia64-linux-gcc -DHAVE_CONFIG_H -I. -I. -I.. -I.. -I./zziplib -g -O2 -c vba_extract.c -MT
vba_extract.lo -MD -MP -MF .deps/vba_extract.TPlo  -fPIC -DPIC -o .libs/vba_extract.o
vba_extract.c: In function `get_unicode_name':
vba_extract.c:154: warning: cast to pointer from integer of different size
vba_extract.c: In function `vba56_dir_read':
vba_extract.c:242: warning: cast to pointer from integer of different size
vba_extract.c:378: warning: cast to pointer from integer of different size
vba_extract.c:398: warning: cast to pointer from integer of different size
vba_extract.c:409: warning: cast to pointer from integer of different size
vba_extract.c:451: warning: cast to pointer from integer of different size
vba_extract.c:504: warning: cast to pointer from integer of different size
(Continue reading)

Permalink | Reply | 0 comments |
headers
Trog | 2 Mar 2004 10:29

Re: select() versus poll()

(just catching up with this list)

> I saw a note in the changelog for clamd/session.c that said poll() had
> been changed to select(). Can anyone explain why ?

Yes. Some systems don't have poll(), such as MacOSX

>
> I thought that poll() was what people should be moving towards as a
> replacement for select() because it didn't suffer from the intrinsic limit
> of select()'s fd_set structure.
>
> FD_SETSIZE is set to 1024 so as soon as you open the 1025th file, you
> overwrite memory. The recommended (by Sun) workaround is to change
> select()
> calls to poll().

Thats irrelevant in this case, as we only ever select on one FD.

-trog
Permalink | Reply | 602 comments |

Gmane