[Clamav-devel] Basics of ClamAV: developing for Win8 and dist thru app store
bperry.volatile at gmail.com
Tue Feb 18 15:34:27 EST 2014
I would also like to mention that i have written C# bindings for both libclamav and clamd over tcp if that helps IRT windows.
Sent from a computer
> On Feb 18, 2014, at 2:20 PM, Steven Morgan <smorgan at sourcefire.com> wrote:
> Some comments inline:
> On Mon, Feb 17, 2014 at 9:13 PM, Northern Technical
> <northtech.au at gmail.com>wrote:
>> From what I can see so far, ClamAV provides a shared library which does the
>> scanning and provides tools, e.g. unpacking archives for scanning, updating
>> the malware databases. So perhaps providing a ClamAV app is not much more
>> than a UI which calls the library to scan and update.
> Pretty much. clamscan and clamd link to libclamav. clamdscan uses clamd
> through tcp or unix socket. Other apps can use the clamd protocols as well,
> or link to libclamav and use its api. Then there are also several utilities
> such as freshclam and sigtool,
>> Is that an oversimplification? I'm a little lost since I'm still learning
>> how AV programs work generally. I've got the idea with virus signatures
>> which AV programs look for, and they probably go through the entire FS
>> looking inside files for those signatures. I don't know about how
>> heuristics work, and what might be done for specific platforms, e.g.
>> scanning the Windows registry for entries like login notify and other areas
>> malware might hook into. Same for browser malware, e.g. scanning JS or
>> whatever is done there.
>> I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be
>> fetched from the Windows App Store. If it's "simple" like providing a good
>> UI and using the shared library, would it make sense to fork the ClamAV
>> sources and, since it's originally written for UNIX-like platforms, provide
>> a Windows-specific AV engine? I know Windows can support POSIX programs,
>> but would a Windows AV engine using native Windows calls, threading, etc.,
>> be a good idea if there's the time and patience to develop it?
> Sounds good. There is windows support currently, see clamav/win32 and also
> http://sourceforge.net/projects/clamav/files/clamav/win32/. There are some
> other third party windows projects, and also our Immunet.
>> Is there any documentation which gives me a good overall picture of how it
>> works, linking to the shared library, launching scans, updating, what it
>> does (if anything; would a user of the library do it?) with malware that it
>> finds? On Windows, would a user of the ClamAV library do anything such as
>> keep a list of hashes of known Windows system DLLs and check those, if
>> that's a good idea? What about scanning the boot area?
> clamav/docs. Also google around to find some presentations and papers on
> clamav topics.
>> Thanks for any guidance or tips.
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
More information about the clamav-devel