Thanks for your assistance. I've gotten streaming working for uninfected files. I can now successfully stream bytes to the clamav server and then close the stream. At that point it seems I have to wait a little while, about 500ms at max, to read the result. This makes sense to me, that there's some processing that has to be done at the close of the stream to make a final determination.
Now for my next questions: You knew there was going to be one, didn't you? Question #1: So far on a 10Meg file, which seems to be the limit I can stream, if I wait 500ms, I'm good to read the control stream and get a status result of OK. The question is, how do I know how long to wait, or should I just sit on the stream reading till it closes on the server side? Question #2 How do I increase the size of the file that the server will scan? Is there a configuration parameter? I saw one for max archive size, that's set to 10Meg, but I'm not sending an archive. Question #3 All is fine and dandy with streaming uninfected files and these are, thank goodness, the only files I have. So now I want to test what happens when an "infected" file is submitted through streaming. Now, obviously I don't want to have real infected files on my system. To solve this problem, my first thought was to stream random data to the port, and in the stream of data, insert a virus signature. My first attempt was to send the Darth Vader signature as the first 6 bytes of the file. This doesn't seem to work. Should it? Can someone provide me with a method of generating data that will set of clamav's detection system? Tony Giaccone _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
