[Clamav-devel] [clamav-users] Incompatible clamav.h changes

Thu Feb 28 21:34:10 EST 2019

Alessandro,

Your attachment is correct. I will also note that the following macros enable the same feature.  The name "collect metadata" seemed to be more intelligible than simply "properties":

-#define CL_SCAN_FILE_PROPERTIES                     0x10000000
+#define CL_SCAN_GENERAL_COLLECT_METADATA            0x2 /* collect metadata (--gen-json) */

To be clear about how the new scan options defines work... Instead of one bit-flag variable, we now have 5 bitflags variables to select options using the cl_scan_options structure. They are categorized by feature, like this:

struct cl_scan_options {
    uint32_t general;   // <-- CL_SCAN_GENERAL_...
    uint32_t parse;   // <-- CL_SCAN_PARSE_...
    uint32_t heuristic;   // <-- CL_SCAN_HEURISTIC_...
    uint32_t mail;   // <-- CL_SCAN_MAIL_...
    uint32_t dev;   // <-- CL_SCAN_DEV_...
};

Come to think of it, I'm not sure why we don't include a macro in clamav.h to define the libclamav version number.  I will have to discuss it with the team.  To programmatically query a string of the version number, you can use `cl_retver()`. 

Let me know if you have any other questions, and my apologies for the confusion.

Regards,
Micah

On 2/28/19, 1:56 PM, "Alessandro Vesely" <vesely at tana.it> wrote:

    Hi Micah,

    Thank you so much for your prompt reply.

    On Wed 27/Feb/2019 20:48:44 +0100 Micah Snyder \(micasnyd\) via clamav-users wrote:
    > 
    > You're correct, there are non-backwards compatible changes in clamav.h in version 0.101.  The libclamav major version number as also increased to highlight the incompatibility.  
    > 
    > The changes are mentioned somewhat briefly in the release notes:
    > https://blog.clamav.net/2018/12/clamav-01010-has-been-released.html
    > https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.101.1/NEWS.md#some-of-the-more-obvious-changes 

    That doc is rather brief about #define's.  I attach my attempt at matching them.  Besides having different values and going to different variables, CL_SCAN_* have new names.

    > CL_SCAN_STDOPT previously enabled all parsers, plus heuristic alerts (which were sometimes/inconsistently referred to as algorithmic detection): 
    > https://github.com/Cisco-Talos/clamav-devel/blob/clamav-0.100.2/libclamav/clamav.h#L181
    > 
    > In 0.101, CL_SCAN_STDOPT has gone away.  Instead, you can get the same functionality by setting the following, as shown in the example (https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/examples/ex1.c#L93):

    I see.  I think I'll code #ifdef CL_SCAN_STDOPT for compile time switching, trying to be compatible with v100.

    >     options.parse |= ~0; /* enable all parsers */
    >     options.general |= CL_SCAN_GENERAL_HEURISTICS; /* enable heuristic alert options */

    The docs suggest AlgorithmicDetection becomes HeuristicAlerts, I'm not clear if that implies CL_SCAN_ALGORITHMIC becomes CL_SCAN_GENERAL_HEURISTICS (as claimed in my attachment).

    Best
    Ale
    -- 