[Clamav-devel] Announcing ClamAV bytecode compiler 0.10
Hi!
The ClamAV bytecode compiler version 0.10 is now available.
You can get it by using one of these commands:
$ git clone git://git.clamav.net/git/clamav-bytecode-compiler
$ git clone http://git.clamav.net/clamav-bytecode-compiler.git
The repository can be browsed online here:
http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=summary
You can checkout the clambc-0.10 version using:
$ git checkout clambc-0.10
The README for the compiler, including build instructions can be found here:
http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=README
The User manual can be found here:
http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=docs/user/clambc-user.pdf
Bugs for the compiler should be filed using the clambc-compiler
component in bugzilla.
Here is an example of using the compiler (example source code available
in repository)
$ clambc-compiler examples/in/match_with_read.o1.c -o test.cbc
To load it into clamscan [1]
$ clamscan --debug --trust -dtest.cbc test/clam.exe
LibClamAV debug: bytecode debug: EP:
LibClamAV debug: bytecode debug: 64
LibClamAV debug: bytecode debug: VA of cyphertext is
LibClamAV debug: bytecode debug: 4198513
LibClamAV debug: bytecode debug: RVA of cyphertext is
LibClamAV debug: bytecode debug: 4209
LibClamAV debug: bytecode debug: Cyphertext starts at
LibClamAV debug: bytecode debug: 113
LibClamAV debug: bytecode debug: HELLO WORM
LibClamAV debug: Bytecode found virus:
ClamAV-Test-File-detected-via-bytecode
test/clam.exe: ClamAV-Test-File-detected-via-bytecode FOUND
To see information about the bytecode run:
$ clambc -i test.cbc
Bytecode format functionality level: 6
Bytecode metadata:
compiler version: clambc-0.10
compiled on: Fri Mar 12 23:59:52 2010
compiled by: edwin
target exclude: 0
bytecode type: PE hook
bytecode logical signature:
.{ClamAV-Test-File-detected-via-bytecode};Target:1;(2&1&0);0:4d5a520004000f00;EOF-544:4d5a520004000f00;S0+0:4d5a520004000f00
virusname prefix: (null)
virusnames: 0
bytecode triggered on: PE files matching logical signature
number of functions: 2
number of types: 51
number of global constants: 39
number of debug nodes: 0
bytecode APIs used:
read, seek, setvirusname, debug_print_str, debug_print_uint,
pe_rawaddr
To see the sourcecode of a bytecode run:
$ clambc -p test.cbc
[1] You will need to build the git version of clamscan with
--enable-debug, and use the --trust commandline parameter to load it.
This is just a temporary situation that will be solved before the final
0.96 release.
The RC release only loads signed bytecode from bytecode.cvd.
For 0.96 you will have the possibility to create your own bytecode using
this compiler (more on this later).
P.S.:
This version was tested on Linux/x86-64, if you encounter problems on
other systems please open a bugreport.
Note that regardless of what system you build the compiler on, the
compiler creates the same bytecode.
Best regards,
--Edwin
___
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
On 03/12/2010 06:54 PM, G.W. Haywood wrote: > Hi there, > > On Fri, 12 Mar 2010 Tomasz Kojm wrote: > >>> G.W. Haywood wrote: >>> I'd like to add my voice to those who want an easy way to disable >>> [the bytecode interpreter] - I can see nothing in the clamd.conf >>> man page for 0.96-rc1 which offers any solace. >> As Edwin already described, you just set the "Bytecode" option to "no" >> in freshclam.conf. > > I'm starting to wonder if you guys shouldn't get out more. > > Simply giving the bytecode interpreter nothing to interpret is not > acceptable. I don't want to just be able to give the interpreter > nothing to do; I would want to be able to disable it, so that it can't > do anything, even (especially!) if it is given something to do. How would you give it something to do if you didn't load any bytecodes? > > You'll understand why I didn't look in the freshclam.conf man page; I > was thinking more along the lines of an option to the daemon at the > time it is started, or perhaps - much better - a 'configure' option, so > that the interpreter code isn't even built into the, er, daemon binary. I think a configure option is possible, it would work the same way as --enable-llvm/--disable-llvm builds/links either libclamav/c++ or libclamav/bytecode_nojit.c: there could be a libclamav/bytecode_disabled.c Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
Hi there, On Fri, 12 Mar 2010 Tomasz Kojm wrote: > > G.W. Haywood wrote: > > I'd like to add my voice to those who want an easy way to disable > > [the bytecode interpreter] - I can see nothing in the clamd.conf > > man page for 0.96-rc1 which offers any solace. > > As Edwin already described, you just set the "Bytecode" option to "no" > in freshclam.conf. I'm starting to wonder if you guys shouldn't get out more. Simply giving the bytecode interpreter nothing to interpret is not acceptable. I don't want to just be able to give the interpreter nothing to do; I would want to be able to disable it, so that it can't do anything, even (especially!) if it is given something to do. You'll understand why I didn't look in the freshclam.conf man page; I was thinking more along the lines of an option to the daemon at the time it is started, or perhaps - much better - a 'configure' option, so that the interpreter code isn't even built into the, er, daemon binary. -- 73, Ged. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One more problem on unit tests at freebsd 9
2010/3/11 Török Edwin : > $ libclamav/c++/llc http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
