[clamav-users] Incompatible clamav.h changes

Alessandro Vesely vesely at tana.it
Fri Mar 1 14:14:22 EST 2019

Hi Micah,

On Fri 01/Mar/2019 03:34:10 +0100 Micah Snyder (micasnyd) wrote:
> Your attachment is correct. I will also note that the following macros enable the same feature.  The name "collect metadata" seemed to be more intelligible than simply "properties":
> -#define CL_SCAN_FILE_PROPERTIES                     0x10000000
> +#define CL_SCAN_GENERAL_COLLECT_METADATA            0x2 /* collect metadata (--gen-json) */

I suspected that, thank you for confirming.

> To be clear about how the new scan options defines work... Instead of one bit-flag variable, we now have 5 bitflags variables to select options using the cl_scan_options structure. They are categorized by feature, like this:
> struct cl_scan_options {
>     uint32_t general;   // <-- CL_SCAN_GENERAL_...
>     uint32_t parse;   // <-- CL_SCAN_PARSE_...
>     uint32_t heuristic;   // <-- CL_SCAN_HEURISTIC_...
>     uint32_t mail;   // <-- CL_SCAN_MAIL_...
>     uint32_t dev;   // <-- CL_SCAN_DEV_...
> };

Yeah, I got that.  After I slept on it, I dropped the idea of keeping compatibility with previous version.  The problem is user options to my client program.  Following the example, I coded something like so:

    if (load_options == 0)
        load_options = CL_DB_STDOPT;

    if (scan_options.general == 0 &&
        scan_options.parse == 0 &&
        scan_options.heuristic == 0 &&
        scan_options.mail == 0 &&
        scan_options.dev == 0)
        scan_options.parse |= ~0; /* enable all parsers */
        scan_options.general |= CL_SCAN_GENERAL_HEURISTICS; /* enable heuristic alert options */
        scan_options.mail |= CL_SCAN_MAIL_PARTIAL_MESSAGE; /* no easy attack paths... */

    if ((scan_options.parse & CL_SCAN_PARSE_MAIL) == 0) // no nonsense
        err = 1;
        filelog(logfile, LOG_ERR, "scan_mail disabled?!");

That snippet runs after user options are loaded from config file.  If it's all zeroes, the user configured no option —the most likely case.  Choosy users can set default options and then adjust them as needed.  Testing single fields separately would make it difficult to disable heuristics, say.

The client program is a mail filter, so I routinely enable CL_SCAN_MAIL_PARTIAL_MESSAGE, lest allow attachments like:

     Content-Type: Message/Partial; number=1; total=1; id="easy.attack at malware.example"

> Come to think of it, I'm not sure why we don't include a macro in clamav.h to define the libclamav version number.  I will have to discuss it with the team.  To programmatically query a string of the version number, you can use `cl_retver()`. 

Yup, I coded:

    if (strstr(cl_retver(), ".101.") == NULL)
        filelog(logfile, LOG_ALERT, "Need libclamav 101, found %s", cl_retver());
        return 1;

> Let me know if you have any other questions, and my apologies for the confusion.

You've got nothing to apologize for, your answers are crystal clear, and let me thank you for them once more.


More information about the clamav-users mailing list