Hi! The ClamAV bytecode compiler version 0.10 is now available.
You can get it by using one of these commands: $ git clone git://git.clamav.net/git/clamav-bytecode-compiler $ git clone http://git.clamav.net/clamav-bytecode-compiler.git The repository can be browsed online here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=summary You can checkout the clambc-0.10 version using: $ git checkout clambc-0.10 The README for the compiler, including build instructions can be found here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=README The User manual can be found here: http://git.clamav.net/gitweb?p=clamav-bytecode-compiler.git;a=blob_plain;f=docs/user/clambc-user.pdf Bugs for the compiler should be filed using the clambc-compiler component in bugzilla. Here is an example of using the compiler (example source code available in repository) $ clambc-compiler examples/in/match_with_read.o1.c -o test.cbc To load it into clamscan [1] $ clamscan --debug --trust -dtest.cbc test/clam.exe .... LibClamAV debug: bytecode debug: EP: LibClamAV debug: bytecode debug: 64 LibClamAV debug: bytecode debug: VA of cyphertext is LibClamAV debug: bytecode debug: 4198513 LibClamAV debug: bytecode debug: RVA of cyphertext is LibClamAV debug: bytecode debug: 4209 LibClamAV debug: bytecode debug: Cyphertext starts at LibClamAV debug: bytecode debug: 113 LibClamAV debug: bytecode debug: HELLO WORM LibClamAV debug: Bytecode found virus: ClamAV-Test-File-detected-via-bytecode .... test/clam.exe: ClamAV-Test-File-detected-via-bytecode FOUND To see information about the bytecode run: $ clambc -i test.cbc Bytecode format functionality level: 6 Bytecode metadata: compiler version: clambc-0.10 compiled on: Fri Mar 12 23:59:52 2010 compiled by: edwin target exclude: 0 bytecode type: PE hook bytecode logical signature: .{ClamAV-Test-File-detected-via-bytecode};Target:1;(2&1&0);0:4d5a50000200000004000f00ffff0000;EOF-544:4d5a50000200000004000f00ffff0000;S0+0:4d5a50000200000004000f00ffff0000 virusname prefix: (null) virusnames: 0 bytecode triggered on: PE files matching logical signature number of functions: 2 number of types: 51 number of global constants: 39 number of debug nodes: 0 bytecode APIs used: read, seek, setvirusname, debug_print_str, debug_print_uint, pe_rawaddr To see the sourcecode of a bytecode run: $ clambc -p test.cbc [1] You will need to build the git version of clamscan with --enable-debug, and use the --trust commandline parameter to load it. This is just a temporary situation that will be solved before the final 0.96 release. The RC release only loads signed bytecode from bytecode.cvd. For 0.96 you will have the possibility to create your own bytecode using this compiler (more on this later). P.S.: This version was tested on Linux/x86-64, if you encounter problems on other systems please open a bugreport. Note that regardless of what system you build the compiler on, the compiler creates the same bytecode. Best regards, --Edwin _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
