clamav-devel February 2014 archive
Main Archive Page > Month Archives  > clamav-devel archives
clamav-devel: Re: [Clamav-devel] Basics of ClamAV: developing fo

Re: [Clamav-devel] Basics of ClamAV: developing for Win8 and dist thru app store

From: Brandon Perry <bperry.volatile_at_nospam>
Date: Tue Feb 18 2014 - 20:34:27 GMT
To: ClamAV Development <clamav-devel@lists.clamav.net>

I would also like to mention that i have written C# bindings for both libclamav and clamd over tcp if that helps IRT windows.

https://github.com/brandonprry/clam-sharp

Sent from a computer

> On Feb 18, 2014, at 2:20 PM, Steven Morgan <smorgan@sourcefire.com> wrote:
>
> James,
>
> Some comments inline:
>
>
> On Mon, Feb 17, 2014 at 9:13 PM, Northern Technical
> <northtech.au@gmail.com>wrote:
>
>> Hello,
>>
>> From what I can see so far, ClamAV provides a shared library which does the
>> scanning and provides tools, e.g. unpacking archives for scanning, updating
>> the malware databases. So perhaps providing a ClamAV app is not much more
>> than a UI which calls the library to scan and update.
>>
>
> Pretty much. clamscan and clamd link to libclamav. clamdscan uses clamd
> through tcp or unix socket. Other apps can use the clamd protocols as well,
> or link to libclamav and use its api. Then there are also several utilities
> such as freshclam and sigtool,
>
>
>>
>> Is that an oversimplification? I'm a little lost since I'm still learning
>> how AV programs work generally. I've got the idea with virus signatures
>> which AV programs look for, and they probably go through the entire FS
>> looking inside files for those signatures. I don't know about how
>> heuristics work, and what might be done for specific platforms, e.g.
>> scanning the Windows registry for entries like login notify and other areas
>> malware might hook into. Same for browser malware, e.g. scanning JS or
>> whatever is done there.
>>
>> I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be
>> fetched from the Windows App Store. If it's "simple" like providing a good
>> UI and using the shared library, would it make sense to fork the ClamAV
>> sources and, since it's originally written for UNIX-like platforms, provide
>> a Windows-specific AV engine? I know Windows can support POSIX programs,
>> but would a Windows AV engine using native Windows calls, threading, etc.,
>> be a good idea if there's the time and patience to develop it?
>>
>
> Sounds good. There is windows support currently, see clamav/win32 and also
> http://sourceforge.net/projects/clamav/files/clamav/win32/. There are some
> other third party windows projects, and also our Immunet.
>
>
>> Is there any documentation which gives me a good overall picture of how it
>> works, linking to the shared library, launching scans, updating, what it
>> does (if anything; would a user of the library do it?) with malware that it
>> finds? On Windows, would a user of the ClamAV library do anything such as
>> keep a list of hashes of known Windows system DLLs and check those, if
>> that's a good idea? What about scanning the boot area?
>>
>
> clamav/docs. Also google around to find some presentations and papers on
> clamav topics.
>
>
>>
>> Thanks for any guidance or tips.
>>
>> James
>> _______________________________________________
>> http://lurker.clamav.net/list/clamav-devel.html
>> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net