Re: [Clamav-devel] Plz help me!!
Hi there, On Sun, 12 Feb 2012, infant deepak wrote: I am doing project on clamAV . I have chosen from http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 4. DOCX Add support for parsing docx based MS Office files. Main purpose is extracting embedded files. You will need to parse the XML, locate the embedded data, then decode(base64/OLE?) / and decompress (deflate?) it. Your teacher asked YOU to do this. Not us. -- 73, Ged. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
[Clamav-devel] Plz help me!!
Hi, I am doing project on clamAV . I have chosen from http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 4. DOCX Add support for parsing docx based MS Office files. Main purpose is extracting embedded files. You will need to parse the XML, locate the embedded data, then decode(base64/OLE?) / and decompress (deflate?) it. So I did analysis of how clamAV currently scanning a .DOCX file . From my understanding it treats as a ZIP file and extracts to a temporary folder, and scanning each xml file and inserted media files such pictures,video etc.(If I am not correct, kindly explain me). After that, I tried embedding a EICAR test virus in a picture file by using Steghide tool. Then I scanned that picture file ,but clamav didnt recognize it. Reason may be steghide encrypts the virus file. So I like to know following things, 1. Why clamav didnt recognize encrypted virus? 2.Anyone help me to start my project?(Still now I gone through the source code using gdb, so I have little knowledge about code) Awaiting for response. Regards, Infant Deepak. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Plz help me!!
On 02/11/2012 06:16 PM, infant deepak wrote: Hi, I am doing project on clamAV . I have chosen from http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 4. DOCX Add support for parsing docx based MS Office files. Main purpose is extracting embedded files. You will need to parse the XML, locate the embedded data, then decode(base64/OLE?) / and decompress (deflate?) it. So I did analysis of how clamAV currently scanning a .DOCX file . From my understanding it treats as a ZIP file and extracts to a temporary folder, and scanning each xml file and inserted media files such pictures,video etc.(If I am not correct, kindly explain me). After that, I tried embedding a EICAR test virus in a picture file by using Steghide tool. Then I scanned that picture file ,but clamav didnt recognize it. Reason may be steghide encrypts the virus file. So I like to know following things, 1. Why clamav didnt recognize encrypted virus? Because once you've hidden it inside an image with steghide it is no longer executable, and no longer capable of infecting. You should embed/insert the EICAR as is inside a .DOCX, not hide it inside a picture! i.e. when you double click on the EICAR inside the DOCX you should get the eicar executed. Best regards, --Edwin ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] Plz help me!!
On Sat, Feb 11, 2012 at 11:16 PM, infant deepak deeeps@gmail.comwrote: Hi, I am doing project on clamAV . I have chosen from http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 4. DOCX Add support for parsing docx based MS Office files. Main purpose is extracting embedded files. You will need to parse the XML, locate the embedded data, then decode(base64/OLE?) / and decompress (deflate?) it. So I did analysis of how clamAV currently scanning a .DOCX file . From my understanding it treats as a ZIP file and extracts to a temporary folder, and scanning each xml file and inserted media files such pictures,video etc.(If I am not correct, kindly explain me). After that, I tried embedding a EICAR test virus in a picture file by using Steghide tool. Then I scanned that picture file ,but clamav didnt recognize it. Reason may be steghide encrypts the virus file. So I like to know following things, 1. Why clamav didnt recognize encrypted virus? 2.Anyone help me to start my project?(Still now I gone through the source code using gdb, so I have little knowledge about code) You should set parameter type ( ac mode, bm mode,etc) for scanning only one file( Read more at clamav document). Parameter define on Clamscan is good example for debug programs. If you run Clamav in full scan mode,It will give you cannot gain or concentrate with break point debug a code. Best Regards, Chatsiri Rattana. Awaiting for response. Regards, Infant Deepak. ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net -- : http://about.me/chatsiri.ratana ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] plz help me!!
On Tue, 31 Jan 2012 14:51:19 +0530 infant deepak deeeps@gmail.com wrote: Hi everyone, I am pursuing masters degree. I am doing my project in enhancing clamav application . can anyone state me, list of enhancement that can be added in clamav . I will be grateful to you if you can help me as early as possible. Thanks in advance. You can find some ideas here: http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 -- oo. Tomasz Kojm tk...@clamav.net (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Tue Jan 31 13:33:01 CET 2012 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: [Clamav-devel] plz help me!!
On 31/01/2012 19:34, Tomasz Kojm wrote: On Tue, 31 Jan 2012 14:51:19 +0530 infant deepakdeeeps@gmail.com wrote: Hi everyone, I am pursuing masters degree. I am doing my project in enhancing clamav application . can anyone state me, list of enhancement that can be added in clamav . I will be grateful to you if you can help me as early as possible. Thanks in advance. Hello All, If you need start up project with clamav, You should download code and setting up projects in Visual Studio ( M$) or GCC ( Linux ). Debug mode of the VSC++ available for newbie user because you can use the mouse set break points in line of codes and It's can see stack trace of call function when you debug clamav programs. GDB debug tool runs on Linux suitable of some experience of developing project in Linux based. I attach link of setting project of clamav in Linux. Please see at link [http://www.agents.chatsiri.com/conculsion-on-init-step-of-clamav]. It's hope can help you :D Chatsiri Rattana You can find some ideas here: http://wiki.clamav.net/bin/view/Main/GoogleSummerOfCode2011 ___ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
