[clamav-users] ClamAV 0.101.0 / HAVP

Mon Feb 4 21:14:01 UTC 2019

Micah,

This is great news! I will be trying it out soon.

HAVP's latest HAVP changelog shows various people already making
contributions, so I wonder how that would play with GitHub. 

Paul Kosinski

P.S. HAVP already seems to have a presence on SourceForge, but
with no code -- just old comments.

On Mon, 4 Feb 2019 15:24:42 +0000
"Micah Snyder (micasnyd)" <micasnyd at cisco.com> wrote:

> Paul,
> 
> Just heard back from Christian Hilgers.  He has just released HAVP
> v0.93 with support for ClamAV 0.101: http://www.havp.org/downloads/
> 
> He's also open to the idea of putting HAVP on GitHub.  I won't
> pressure him further, but if anyone else is keen to contribute to
> HAVP, you may wish to reach out to him.
> 
> Regards,
> -Micah
> 
> On Nov 20, 2018, at 10:01 AM, Micah Snyder (micasnyd)
> <micasnyd at cisco.com<mailto:micasnyd at cisco.com>> wrote:
> 
> I just took a peek at the HAVP source code. It looks like it has a
> "ClamdScanner" and a "ClamLibScanner".  The ClamLibScanner code is
> only built if you configure with --enable-clamav, else I _think_ it
> falls back to the ClamdScanner variant.
> 
> To get HAVP's ClamLibScanner class to build with libclamav 9.0.0
> (from ClamAV 0.101.0), it will need some minor changes to set the
> scanning options the new way, and the ClamLibScanner's "Scan()"
> method will need a small change to include the filename (or NULL, if
> a descriptive name is not available).  Some additional work would be
> needed to make these changes only if the libclamav version number is
> 9 or higher in order to support both versions, though that shouldn't
> be too difficult.
> 
> I just reached out to Christian Hilgers (HAVP author) to tell him
> about the API changes and ask if he'd be interested in putting HAVP's
> source code on Github so the open source community may contribute
> pull-requests to the project, as it presently appears to only be
> available via download from their website). I don't know if he
> actively uses that email address though.  It is listed in the source
> code, so it may see a fair amount of spam. *shrugs*.
> 
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> 
> 
> On Nov 19, 2018, at 8:54 PM, Paul Kosinski
> <clamav-users at iment.com<mailto:clamav-users at iment.com>> wrote:
> 
> I have long been using HAVP with ClamAV to scan HTTP traffic
> (inbound). HAVP uses libclamav directly (rather than e.g., clamd) so
> it doesn't have an excessive performance impact. (Cf.
> http://www.havp.org/)
> 
> Unfortunately, HAVP hasn't seen any development for a bit over 2
> years. In the past, simply symlinking the old libclamav.so.x to the
> new one has worked. Now, since the libclamav interface is changing, I
> worry that HAVP might need major modification to work.
> 
> Are there any other users of HAVP in conjunction with ClamAV? (HAVP
> was originally written to work with ClamAV as well as other AV
> packages, such as Kaspersky, Sophos and F-Prot.)
> 
> 
> 
> On Mon, 19 Nov 2018 19:40:30 +0000
> "Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>>
> wrote:
> 
> https://blog.clamav.net/2018/11/the-clamav-01010-release-candidate-is.html
> 
> The ClamAV 0.101.0 release candidate is here!
> The ClamAV 0.101.0 release candidate is
> here<http://www.clamav.net/downloads>!
> 
> We have also made significant improvements to our User
> Manual<https://github.com/Cisco-Talos/clamav-devel/blob/dev/0.101/docs/UserManual.md>
> (the user manual will be moved to
> clamav.net<http://clamav.net><http://clamav.net> soon) and to the
> inline Doxygen documentation in clamav.h for libclamav users. Please
> take a peek, and consider submitting your own recommendations via
> GitHub pull-request. In particular, we'd love to expand the Usage
> section with details on how to integrate ClamAV with other software.
> Your input would be greatly appreciated.
> 
> A short summary of the improvements found in 0.101:
> 
> 
>  *   Changes to the libclamav API:
>     *   Those who build applications around our shared library will
> need to change how they declare and pass scanning options to
> libclamav. Please take a look at the change to our example code for
> details.
>     *   Scanning functions now have a filename argument. The
> argument is optional, but improves the efficiency when parsing
> certain types that require a file on disk to open and read, and will
> allow for additional improvements in the future.
>     *   Many of the scanning option #defines have changed. These can
> be found in our clamav.h header.
>     *   The libclamav version number has changed.
>  *   Some of the clamd config and clamscan command line option names
> have changed. The original versions will still work for a time, but
> eventually they will be deprecated. These options in question are
> detailed in the NEWS document.
>  *   A new sub-signature type called "Byte Compare". Byte Compare
> sub-signatures can be used to evaluate a numeric value at a given
> offset from the start of another (matched) sub-signature within the
> same logical signature. That numerical value may be interpreted from
> signed ascii decimal, unsigned ascii hex, or unsigned binary data
> relative to a match offset. For details, see the signature writing
> documentation.
>  *   Changes to our documentation. Documentation is now in Markdown
> and should be easier to navigate and easier to contribute to.
>  *   Support for extraction/scanning of RAR v5.x archives.