int cl_scanfile(const char *filename, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options); int cl_scandesc(int desc, const char **virname, unsigned long int *scanned, const struct cl_engine *engine, const struct cl_limits *limits, unsigned int options);Both functions will store a virus name under the pointer
virname
,
the virus name is part of the engine structure and must not be released
directly. If the third argument (scanned
) is not NULL, the
functions will increase its value with the size of scanned data (in
CL_COUNT_PRECISION
units). Both functions have support for archive
limits in order to protect against Denial of Service attacks.
struct cl_limits { unsigned long int maxscansize; /* during the scanning of archives this * size will never be exceeded */ unsigned long int maxfilesize; /* compressed files will only be * decompressed and scanned up to this size */ unsigned int maxreclevel; /* maximum recursion level for archives */ unsigned int maxfiles; /* maximum number of files to be scanned * within a single archive */ unsigned short archivememlim; /* limit memory usage for some unpackers */ };The last argument (
options
) configures the scan engine and supports
the following flags (that can be combined using bit operators):
CL_CLEAN
) when the file seems clean,
CL_VIRUS
when a virus is detected and another value on failure.
... struct cl_limits limits; const char *virname; memset(&limits, 0, sizeof(struct cl_limits)); limits.maxfiles = 10000; limits.maxscansize = 100 * 1048576; /* 100 MB */ limits.maxfilesize = 10 * 1048576; /* 10 MB */ limits.maxreclevel = 16; if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine, &limits, CL_STDOPT)) == CL_VIRUS) { printf("Virus detected: %s\n", virname); } else { printf("No virus detected.\n"); if(ret != CL_CLEAN) printf("Error: %s\n", cl_strerror(ret)); }