[Clamav-devel] Announcing ClamAV bytecode compiler 0.10
Hi! The ClamAV bytecode compiler version 0.10 is now available. You can get it by using one of these commands: $ git clone git://git.clamav.net/git/clamav-bytecode-compiler $ git clone http://git.clamav.net/clamav-bytecode-compiler.git The repository can be browsed online here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=summary You can checkout the clambc-0.10 version using: $ git checkout clambc-0.10 The README for the compiler, including build instructions can be found here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=README The User manual can be found here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=docs/user/clambc-user.pdf Bugs for the compiler should be filed using the clambc-compiler component in bugzilla. Here is an example of using the compiler (example source code available in repository) $ clambc-compiler examples/in/match_with_read.o1.c -o test.cbc To load it into clamscan [1] $ clamscan --debug --trust -dtest.cbc test/clam.exe LibClamAV debug: bytecode debug: EP: LibClamAV debug: bytecode debug: 64 LibClamAV debug: bytecode debug: VA of cyphertext is LibClamAV debug: bytecode debug: 4198513 LibClamAV debug: bytecode debug: RVA of cyphertext is LibClamAV debug: bytecode debug: 4209 LibClamAV debug: bytecode debug: Cyphertext starts at LibClamAV debug: bytecode debug: 113 LibClamAV debug: bytecode debug: HELLO WORM LibClamAV debug: Bytecode found virus: ClamAV-Test-File-detected-via-bytecode test/clam.exe: ClamAV-Test-File-detected-via-bytecode FOUND To see information about the bytecode run: $ clambc -i test.cbc Bytecode format functionality level: 6 Bytecode metadata: compiler version: clambc-0.10 compiled on: Fri Mar 12 23:59:52 2010 compiled by: edwin target exclude: 0 bytecode type: PE hook bytecode logical signature: .{ClamAV-Test-File-detected-via-bytecode};Target:1;(2&1&0);0:4d5a520004000f00;EOF-544:4d5a520004000f00;S0+0:4d5a520004000f00 virusname prefix: (null) virusnames: 0 bytecode triggered on: PE files matching logical signature number of functions: 2 number of types: 51 number of global constants: 39 number of debug nodes: 0 bytecode APIs used: read, seek, setvirusname, debug_print_str, debug_print_uint, pe_rawaddr To see the sourcecode of a bytecode run: $ clambc -p test.cbc [1] You will need to build the git version of clamscan with --enable-debug, and use the --trust commandline parameter to load it. This is just a temporary situation that will be solved before the final 0.96 release. The RC release only loads signed bytecode from bytecode.cvd. For 0.96 you will have the possibility to create your own bytecode using this compiler (more on this later). P.S.: This version was tested on Linux/x86-64, if you encounter problems on other systems please open a bugreport. Note that regardless of what system you build the compiler on, the compiler creates the same bytecode. Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
On 03/12/2010 06:54 PM, G.W. Haywood wrote: > Hi there, > > On Fri, 12 Mar 2010 Tomasz Kojm wrote: > >>> G.W. Haywood wrote: >>> I'd like to add my voice to those who want an easy way to disable >>> [the bytecode interpreter] - I can see nothing in the clamd.conf >>> man page for 0.96-rc1 which offers any solace. >> As Edwin already described, you just set the "Bytecode" option to "no" >> in freshclam.conf. > > I'm starting to wonder if you guys shouldn't get out more. > > Simply giving the bytecode interpreter nothing to interpret is not > acceptable. I don't want to just be able to give the interpreter > nothing to do; I would want to be able to disable it, so that it can't > do anything, even (especially!) if it is given something to do. How would you give it something to do if you didn't load any bytecodes? > > You'll understand why I didn't look in the freshclam.conf man page; I > was thinking more along the lines of an option to the daemon at the > time it is started, or perhaps - much better - a 'configure' option, so > that the interpreter code isn't even built into the, er, daemon binary. I think a configure option is possible, it would work the same way as --enable-llvm/--disable-llvm builds/links either libclamav/c++ or libclamav/bytecode_nojit.c: there could be a libclamav/bytecode_disabled.c Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Bytecode interpreter
Hi there, On Fri, 12 Mar 2010 Tomasz Kojm wrote: > > G.W. Haywood wrote: > > I'd like to add my voice to those who want an easy way to disable > > [the bytecode interpreter] - I can see nothing in the clamd.conf > > man page for 0.96-rc1 which offers any solace. > > As Edwin already described, you just set the "Bytecode" option to "no" > in freshclam.conf. I'm starting to wonder if you guys shouldn't get out more. Simply giving the bytecode interpreter nothing to interpret is not acceptable. I don't want to just be able to give the interpreter nothing to do; I would want to be able to disable it, so that it can't do anything, even (especially!) if it is given something to do. You'll understand why I didn't look in the freshclam.conf man page; I was thinking more along the lines of an option to the daemon at the time it is started, or perhaps - much better - a 'configure' option, so that the interpreter code isn't even built into the, er, daemon binary. -- 73, Ged. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] One more problem on unit tests at freebsd 9
2010/3/11 Török Edwin : > $ libclamav/c++/llc http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net