On Thu, 26 May 2005 17:12:30 +0400 Eugene Crosser <[EMAIL PROTECTED]> wrote:
> Tomasz Kojm wrote:
>
> >>First, I think that even very conservative approach (return "need
> >>file
> >>scanning" if there is a slightest doubt) would be useful anyway,
> >>eliminating large portion of unnecessary temp file operations.
> >>
> >>For a start, what about adding something along these lines to
> >>libclamav:
> >>
> >>/* return true (1) if file scanning is recommended */
> >>int
> >>cl_needfilescan(char *buf, size_t buflen)
> >>{
> >> int rc=1;
> >> cli_file_t filetype;
> >>
> >> filetype=cli_filetype(buf,buflen);
> >> switch (filetype) {
> >> case CL_TYPE_UNKNOWN_TEXT:
> >> case CL_TYPE_UNKNOWN_DATA:
> >> /* case CL_TYPE_MSEXE: not all exe's need filescan
> >> but how to tell?? */
> >> case CL_TYPE_DATA:
> >> case CL_TYPE_GRAPHICS:
> >> case CL_TYPE_RIFF:
> >> case CL_TYPE_HTML:
> >> rc=0;
> >> break;
> >> default:
> >> rc=1;
> >> break;
> >> }
> >> return rc;
> >>}
> >
> >
> > This function would produce a large number of false negatives.
>
> Maybe it's possible to specify a smaller set of "negative" file types,
> that would produce a possibly large number of false positives instead,
> without false negatives? Or no way?
Only CL_TYPE_DATA can be safely ignored.
--
oo ..... Tomasz Kojm <[EMAIL PROTECTED]>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Thu May 26 16:06:02 CEST 2005
pgpNBGMVNceRd.pgp
Description: PGP signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
