Tomasz Kojm wrote:
>>>>First, I think that even very conservative approach (return "need
>>>>file
>>>>scanning" if there is a slightest doubt) would be useful anyway,
>>>>eliminating large portion of unnecessary temp file operations.
>>>>
>>>>For a start, what about adding something along these lines to
>>>>libclamav:
>>>>
>>>>/* return true (1) if file scanning is recommended */
>>>>int
>>>>cl_needfilescan(char *buf, size_t buflen)
>>>>{
>>>> int rc=1;
>>>> cli_file_t filetype;
>>>>
>>>> filetype=cli_filetype(buf,buflen);
>>>> switch (filetype) {
>>>> case CL_TYPE_UNKNOWN_TEXT:
>>>> case CL_TYPE_UNKNOWN_DATA:
>>>> /* case CL_TYPE_MSEXE: not all exe's need filescan
>>>> but how to tell?? */
>>>> case CL_TYPE_DATA:
>>>> case CL_TYPE_GRAPHICS:
>>>> case CL_TYPE_RIFF:
>>>> case CL_TYPE_HTML:
>>>> rc=0;
>>>> break;
>>>> default:
>>>> rc=1;
>>>> break;
>>>> }
>>>> return rc;
>>>>}
>>>
>>>
>>>This function would produce a large number of false negatives.
>>
>>Maybe it's possible to specify a smaller set of "negative" file types,
>>that would produce a possibly large number of false positives instead,
>>without false negatives? Or no way?
>
>
> Only CL_TYPE_DATA can be safely ignored.I don't have a feeling that it covers any significant percentage of data... So, no hope for me? (text body parts typically are CL_TYPE_UNKNOWN_TEXT; although they can be skipped anyway based on the content-type...) Eugene
signature.asc
Description: OpenPGP digital signature
_______________________________________________ http://lurker.clamav.net/list/clamav-devel.html
