[Clamav-devel] Basics of ClamAV: developing for Win8 and dist thru app store

Brandon Perry bperry.volatile at gmail.com
Tue Feb 18 15:34:27 EST 2014


I would also like to mention that i have written C# bindings for both libclamav and clamd over tcp if that helps IRT windows.

https://github.com/brandonprry/clam-sharp

Sent from a computer

> On Feb 18, 2014, at 2:20 PM, Steven Morgan <smorgan at sourcefire.com> wrote:
> 
> James,
> 
> Some comments inline:
> 
> 
> On Mon, Feb 17, 2014 at 9:13 PM, Northern Technical
> <northtech.au at gmail.com>wrote:
> 
>> Hello,
>> 
>> From what I can see so far, ClamAV provides a shared library which does the
>> scanning and provides tools, e.g. unpacking archives for scanning, updating
>> the malware databases.  So perhaps providing a ClamAV app is not much more
>> than a UI which calls the library to scan and update.
>> 
> 
> Pretty much. clamscan and clamd link to libclamav. clamdscan uses clamd
> through tcp or unix socket. Other apps can use the clamd protocols as well,
> or link to libclamav and use its api. Then there are also several utilities
> such as freshclam and sigtool,
> 
> 
>> 
>> Is that an oversimplification?  I'm a little lost since I'm still learning
>> how AV programs work generally.  I've got the idea with virus signatures
>> which AV programs look for, and they probably go through the entire FS
>> looking inside files for those signatures.  I don't know about how
>> heuristics work, and what might be done for specific platforms, e.g.
>> scanning the Windows registry for entries like login notify and other areas
>> malware might hook into.  Same for browser malware, e.g. scanning JS or
>> whatever is done there.
>> 
>> I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be
>> fetched from the Windows App Store.  If it's "simple" like providing a good
>> UI and using the shared library, would it make sense to fork the ClamAV
>> sources and, since it's originally written for UNIX-like platforms, provide
>> a Windows-specific AV engine?  I know Windows can support POSIX programs,
>> but would a Windows AV engine using native Windows calls, threading, etc.,
>> be a good idea if there's the time and patience to develop it?
>> 
> 
> Sounds good. There is windows support currently, see clamav/win32 and also
> http://sourceforge.net/projects/clamav/files/clamav/win32/. There are some
> other third party windows projects, and also our Immunet.
> 
> 
>> Is there any documentation which gives me a good overall picture of how it
>> works, linking to the shared library, launching scans, updating, what it
>> does (if anything; would a user of the library do it?) with malware that it
>> finds?  On Windows, would a user of the ClamAV library do anything such as
>> keep a list of hashes of known Windows system DLLs and check those, if
>> that's a good idea?  What about scanning the boot area?
>> 
> 
> clamav/docs. Also google around to find some presentations and papers on
> clamav topics.
> 
> 
>> 
>> Thanks for any guidance or tips.
>> 
>> James
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>> 
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net


More information about the clamav-devel mailing list