[clamav-users] ClamAV 0.101.0 / HAVP

Micah Snyder (micasnyd) micasnyd at cisco.com
Tue Nov 20 15:01:44 UTC 2018


I just took a peek at the HAVP source code. It looks like it has a "ClamdScanner" and a "ClamLibScanner".  The ClamLibScanner code is only built if you configure with --enable-clamav, else I _think_ it falls back to the ClamdScanner variant.

To get HAVP's ClamLibScanner class to build with libclamav 9.0.0 (from ClamAV 0.101.0), it will need some minor changes to set the scanning options the new way, and the ClamLibScanner's "Scan()" method will need a small change to include the filename (or NULL, if a descriptive name is not available).  Some additional work would be needed to make these changes only if the libclamav version number is 9 or higher in order to support both versions, though that shouldn't be too difficult.

I just reached out to Christian Hilgers (HAVP author) to tell him about the API changes and ask if he'd be interested in putting HAVP's source code on Github so the open source community may contribute pull-requests to the project, as it presently appears to only be available via download from their website). I don't know if he actively uses that email address though.  It is listed in the source code, so it may see a fair amount of spam. *shrugs*.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Nov 19, 2018, at 8:54 PM, Paul Kosinski <clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:

I have long been using HAVP with ClamAV to scan HTTP traffic (inbound).
HAVP uses libclamav directly (rather than e.g., clamd) so it doesn't
have an excessive performance impact. (Cf. http://www.havp.org/)

Unfortunately, HAVP hasn't seen any development for a bit over 2 years.
In the past, simply symlinking the old libclamav.so.x to the new one has
worked. Now, since the libclamav interface is changing, I worry that
HAVP might need major modification to work.

Are there any other users of HAVP in conjunction with ClamAV? (HAVP was
originally written to work with ClamAV as well as other AV packages,
such as Kaspersky, Sophos and F-Prot.)



On Mon, 19 Nov 2018 19:40:30 +0000
"Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>> wrote:

https://blog.clamav.net/2018/11/the-clamav-01010-release-candidate-is.html

The ClamAV 0.101.0 release candidate is here!
The ClamAV 0.101.0 release candidate is
here<http://www.clamav.net/downloads>!

We have also made significant improvements to our User
Manual<https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual.md>
(the user manual will be moved to clamav.net<http://clamav.net> soon)
and to the inline Doxygen documentation in clamav.h for libclamav
users. Please take a peek, and consider submitting your own
recommendations via GitHub pull-request. In particular, we'd love to
expand the Usage section with details on how to integrate ClamAV with
other software. Your input would be greatly appreciated.

A short summary of the improvements found in 0.101:


 *   Changes to the libclamav API:
    *   Those who build applications around our shared library will
need to change how they declare and pass scanning options to
libclamav. Please take a look at the change to our example code for
details.
    *   Scanning functions now have a filename argument. The
argument is optional, but improves the efficiency when parsing
certain types that require a file on disk to open and read, and will
allow for additional improvements in the future.
    *   Many of the scanning option #defines have changed. These can
be found in our clamav.h header.
    *   The libclamav version number has changed.
 *   Some of the clamd config and clamscan command line option names
have changed. The original versions will still work for a time, but
eventually they will be deprecated. These options in question are
detailed in the NEWS document.
 *   A new sub-signature type called "Byte Compare". Byte Compare
sub-signatures can be used to evaluate a numeric value at a given
offset from the start of another (matched) sub-signature within the
same logical signature. That numerical value may be interpreted from
signed ascii decimal, unsigned ascii hex, or unsigned binary data
relative to a match offset. For details, see the signature writing
documentation.
 *   Changes to our documentation. Documentation is now in Markdown
and should be easier to navigate and easier to contribute to.
 *   Support for extraction/scanning of RAR v5.x archives.


For additional details on changes in 0.101, please read the notes in
our NEWS document.

Thank you in advance for test-driving the ClamAV 0.101 release
candidate<http://www.clamav.net/downloads>! Bugs should be brought to
our attention via the clamav-devel mailing
list<http://www.clamav.net/contact#ml> or via
bugzilla<https://bugzilla.clamav.net/>.
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181120/edb60c55/attachment.htm>


More information about the clamav-users mailing list