On Sat, Feb 11, 2012 at 11:16 PM, infant deepak <deeeps....@gmail.com>wrote:
> Hi, > > I am doing project on clamAV . I have chosen from > > http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 > 4. DOCX > > Add support for parsing docx based MS Office files. > > Main purpose is extracting embedded files. You will need to parse the XML, > locate the embedded data, then decode(base64/OLE?) / and decompress > (deflate?) it. > > So I did analysis of how clamAV currently scanning a .DOCX file . From my > understanding it treats as a ZIP file and extracts to a temporary folder, > and scanning each xml file and inserted media files such pictures,video > etc.(If I am not correct, kindly explain me). > > After that, I tried embedding a EICAR test virus in a picture file by using > Steghide tool. Then I scanned that picture file ,but clamav didnt recognize > it. Reason may be steghide encrypts the virus file. > > So I like to know following things, > > 1. Why clamav didnt recognize encrypted virus? 2.Anyone help me to start my project?(Still now I gone through the source > code using gdb, so I have little knowledge about code) > You should set parameter type ( ac mode, bm mode,etc) for scanning only one file( Read more at clamav document). Parameter define on Clamscan is good example for debug programs. If you run Clamav in full scan mode,It will give you cannot gain or concentrate with break point debug a code. Best Regards, Chatsiri Rattana. > > Awaiting for response. > > Regards, > > Infant Deepak. > _______________________________________________ > http://lurker.clamav.net/list/clamav-devel.html > Please submit your patches to our Bugzilla: http://bugs.clamav.net > -- :-------------------------------------------------------- http://about.me/chatsiri.ratana _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
