[Avcheck] patch
Michael Tokarev
mjt at tls.msk.ru
Tue Feb 24 15:15:50 MSK 2004
[Replying to an old post...]
Ilya Kiselyov wrote:
> Hello!
>
> Recently, I've tought avcheck to work with clamav, for my own needs.
> Anyhow, here is a patch. You can apply it to the distrubution, if you like it.
#define CLAMAV_RETURN_OK "OK"
#define CLAMAV_RETURN_ERROR "ERROR"
if ((q = strstr(p, CLAMAV_RETURN_OK)) != NULL)
return 0;
if ((q = strstr(p, CLAMAV_RETURN_ERROR)) != NULL) {
*(q - 1) = '\0';
err(0, "%s daemon returned error: %s", avname, p);
return 1;
}
How does clamav return message looks like?
It seems unsafe to
a) search for "OK" (it may be part of virus name for example)
b) assume that "ERROR" (and the like) is placed AFTER the
beginning of message buffer, not exactly AT the beginning
*(q-1)='\0' assumes that there's some text BEFORE "ERROR").
If the message looks like:
filename: OK\n
filename: foobar virus FOUND\n
then the code should strip out the "filename: " part
and return the rest of the line, together with " FOUND"
etc.
So, how does clamav messages looks like?
/mjt
More information about the Avcheck
mailing list