>
> Thanks for your assistance. I've gotten streaming working for
> uninfected
> files. I can now successfully stream bytes to the clamav
> server and then
> close the stream. At that point it seems I have to wait a
> little while,
> about 500ms at max, to read the result. This makes sense to me, that
> there's some processing that has to be done at the close of the stream
> to make a final determination.
>
> Now for my next questions: You knew there was going to be one, didn't
> you?
>
>
> Question #1:
>
> So far on a 10Meg file, which seems to be the limit I can stream, if I
> wait 500ms, I'm good to read the control stream and get a
> status result
> of OK.
>
> The question is, how do I know how long to wait, or should I
> just sit on
> the stream reading till it closes on the server side?
Just sit and wait (until you get data or some application defined
timeout occurs).
>
>
> Question #2
>
> How do I increase the size of the file that the server will scan? Is
> there a configuration parameter? I saw one for max archive
> size, that's
> set to 10Meg, but I'm not sending an archive.
man 5 clamd.conf:
StreamMaxLength SIZE
Close the connection when this limit is exceeded.
Default: disabled.
Perhaps your installation has some limits set here, else there may be a
bug.
>
> Question #3
>
> All is fine and dandy with streaming uninfected files and these are,
> thank goodness, the only files I have. So now I want to test what
> happens when an "infected" file is submitted through streaming. Now,
> obviously I don't want to have real infected files on my system. To
> solve this problem, my first thought was to stream random data to the
> port, and in the stream of data, insert a virus signature. My first
> attempt was to send the Darth Vader signature as the first 6 bytes of
> the file. This doesn't seem to work. Should it? Can someone provide me
> with a method of generating data that will set of clamav's detection
> system?
There are some test files in the source distribution. They are there for
a reason ;-)
>
>
> Tony Giaccone
>
Thomas
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
