CLAMAV流检查接口

网络安全 专栏收录该内容
14 篇文章 0 订阅

可使用clamdscan工具进行文件流的检查,核心处理函数为send_stream。如下分为四个步骤:

  • 首先,发送流检查命令字:"zINSTREAM"到clamd守护进程;
  • 发送文件内容,注意存放文件数据的缓存,其头部4个字节存放的是缓存中数据长度,网络字节序;
  • 发送4个字节的空数据到clamd,表示文件流发送完成;
  • 读取clamd的检测结果。
static int send_stream(int sockd, const char *filename)
{
    uint32_t buf[BUFSIZ / sizeof(uint32_t)];
    int fd, len;
    unsigned long int todo = maxstream;

    if (filename) {
        if ((fd = safe_open(filename, O_RDONLY | O_BINARY)) < 0) {
            logg("~%s: Failed to open file. ERROR\n", filename);
            return 0;
        }
    } else {
        /* Read stream from STDIN */
        fd = 0;
    }

    if (sendln(sockd, "zINSTREAM", 10)) {
        close(fd);
        return -1;
    }

    while ((len = read(fd, &buf[1], sizeof(buf) - sizeof(uint32_t))) > 0) {
        if ((unsigned int)len > todo) len = todo;
        buf[0] = htonl(len);
        if (sendln(sockd, (const char *)buf, len + sizeof(uint32_t))) {
            close(fd);
            return -1;
        }
        todo -= len;
        if (!todo) {
            len = 0;
            break;
        }
    }
    close(fd);
    if (len) {
        logg("!Failed to read from %s.\n", filename ? filename : "STDIN");
        return 0;
    }
                
    *buf = 0;
    sendln(sockd, (const char *)buf, 4);
    return 1;
}

以下代码完整的实现文件流的检测:

头文件部分

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/uio.h>

初始化与clamd通信的本地套接口

static int sock_init(void)
{
        int sockd;
        struct sockaddr_un un;

        memset((void *)&un, 0, sizeof(un));

        un.sun_family = AF_UNIX;
        strncpy(un.sun_path, "/tmp/clamd.socket", sizeof(un.sun_path)-1);

        if ((sockd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0)
                return -1;

        if (connect(sockd, (struct sockaddr *)&un, sizeof(un)) < 0) {
                printf("Could not connect to clamd on LocalSocket: %s\n", strerror(errno));
                close(sockd);
                return -1;
        }

        return sockd;
}

主函数如下。

int main(int argc, void *argv[])
{
        int sockd = 0;
        int fd = 0, len;
        char *filename;
        unsigned long int todo = 2000000; //stream_max_length;
        uint32_t buf[1024 / sizeof(uint32_t)];

        if (argc == 1) {
                printf("need absolute file name\n");
                return 0;
        }

        filename = argv[1];

        if ((sockd = sock_init()) < 0)
                return -1;

        /* Send STREAM command */
        if (sendln(sockd, "zINSTREAM", 10)) 
				goto out;

        if ((fd = open(filename, O_RDONLY)) < 0) {
                printf("%s: Failed to open file\n", filename);
                goto out;
        }

        while ((len = read(fd, &buf[1], sizeof(buf) - sizeof(uint32_t))) > 0) {
                if ((unsigned int)len > todo)
                        len = todo;

                buf[0] = htonl(len);
                if (sendln(sockd, (const char *)buf, len + sizeof(uint32_t))) {
                        printf("stream checking failed\n");
                        goto out;
                }
                todo -= len;
                if (!todo) {
                        len = 0;
                        break;
                }
        }
        if (len) {
                printf("Failed to read from %s\n", filename);
                goto out;
        }

        /* Send Finish */
        *buf = 0;
        if (sendln(sockd, (const char *)buf, 4)) {
                printf("Failed to send finish\n");
                goto out;
        }

        memset(buf, 0, sizeof(buf));
        /* Get result */
        len = recv(sockd, buf, sizeof(buf)-1, 0);
        if (len)
                printf("result: %s\n", (char *)buf);

out:
        if (fd) close(fd);
        if (sockd) close(sockd);
        return 0;
}                                

发送函数

static int sendln(int sockd, const char *line, unsigned int len)
{
        while (len) {
                int sent = send(sockd, line, len, 0);
                if (sent <= 0) {
                        if (sent && errno == EINTR) continue;
                        printf("Can't send to clamd: %s\n", strerror(errno));
                        return 1;
                }
                line += sent;
                len -= sent;
        }
        return 0;
}

clamav版本: 0.103.1

  • 0
    点赞
  • 1
    评论
  • 0
    收藏
  • 一键三连
    一键三连
  • 扫一扫,分享海报

相关推荐
©️2020 CSDN 皮肤主题: 编程工作室 设计师:CSDN官方博客 返回首页
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值