Hi, I downloaded the Windows binary (self-installing exe).
Then I installed it in Wine. Results: The GUI thing needs
MFC30D.DLL which is luckily offered on the ClamAV.net site.
It also uses CTL3d2.DLL of which I seem to have only the NT
version, so I must use wine --winver nt40 ... The bineries
are: Windows GUI in contrib/Windows, a daemon, an interface
to the daemon, an database update downloader, a signature
checker, and the command line scanner.
I think I only need those files for command line scanning:
124416 Feb 14 05:16 bin/clamscan.exe
62464 Feb 14 05:16 bin/cygbz2-1.dll
170496 Feb 14 05:16 bin/cyggmp-3.dll
1054601 Feb 14 05:16 bin/cygwin1.dll
62464 Feb 14 05:16 bin/cygz.dll
58454 Feb 14 05:03 share/clamav/daily.cvd
1037239 Feb 14 05:03 share/clamav/main.cvd
(Note how small the gmp library is... the sources are 2 MB tgz
which untars to 10 MB :-/)
I guess the cygz and cygbz2 are only for gzip and bzip2 compression.
So you could go even further. Now if we hope that much of cygwin1.dll
is only for the GUI, I think chances for WDOSX are not too bad.
Where can I find it???
Project: Do updates manually. Only use (optional: -r for recursion)
CLAMSCAN -v --debug --stdout --database=c:\main.cvd *.exe
(ClamAV normally resides in c:\clamav-devel\ - bin\ and share\clamav\)
file tells:
bin/clamscan.exe: MS Windows PE 32-bit Intel 80386 console executable not
relocatable
bin/cygbz2-1.dll: MS Windows PE 32-bit Intel 80386 console DLL
bin/cyggmp-3.dll: MS Windows PE 32-bit Intel 80386 console DLL
bin/cygwin1.dll:MS Windows PE 32-bit Intel 80386 console DLL not relocatable
bin/cygz.dll: MS Windows PE 32-bit Intel 80386 console DLL
Not sure what not relocateable means here.
By the way, a c:\tmp\ is needed (unless you use --...=... to override).
DLL names contained in clamscan.exe are: cyggmp-3.dll cygbz2-1.dll cygwin1.dll
cygz.dll KERNEL32.DLL ...
You can use ./configure --disable-bzip2 --disable-pthreads --disable-cr
--disable-urandom --disable-clamav --disable-clamuko
--without-sigtool --without-clamd --without-clamdscan --without-clamav-milter
This leaves the command line scanner, zip, rar, the library, ...
... hm. Then freshclam (update downloader) fails to compile.
parsecfg and cfgopt undefined references. Ah. You must compile w/ clamd.
... LIBCLAMAV_LIBS = -lz -lgmp already is minimalistic enough thanks to
the above ./configure line.
Maybe I could reduce SUBDIRS...
SUBDIRS = libclamav clamscan clamd database docs etc
seems to be enough :-)
clamscan is a shell script which uses sed... aha...
clamscan/.libs/clamscan is the real thing. Uses libclamav, libz, libgmp, libc.
Evil cheat: Edit Makefile in clamscan/ before doing make -
clamscan$(EXEEXT): $(clamscan_OBJECTS) $(clamscan_DEPENDENCIES)
@rm -f clamscan$(EXEEXT)
$(LINK) -all-static $(clamscan_LDFLAGS) ...
Result: 1.7 MB, after strip 455k clamscan/clamscan Linux ELF :-).
After UPX, that is 199k only.
Hm... --debug shows MD5 check of CVD (which is tgz and contains COPYING and
viruses.db !? Whatever. I cannot unprotect it anyway...)
It tries to setrlimit. No other interesting things. Removing --debug.
~/clamscan -v --stdout --database=./main.cvd *.exe *.com
clamav-installer-win-devel.exe: OK
clamscan.exe: OK
gosh-upxed.com: OK
runbios.com: OK
--- SCAN SUMMARY ---
Known viruses: 19987
Scanned directories: 0
Scanned files: 4
Infected files: 0
Data scanned: 2.43 MB
I/O buffer size: 131072 bytes
Time: 3.704 sec (0 m 3 s)
Works. So far for the theory of stripping down ClamAV. Now if I only had
a stripped down gmp library! Then chances to compile ClamAV would be okay.
At least if I had Windows CYGWIN (gmp contains long filenames... libclamav
as well but not that many... clamscan itself not :-)) :-(.
libclamav/ and clamscan/ are together 14000 lines of C, of which we have
1000 getopt 1300 message 1700 mbox 2800 unrarlib...
Uhm... only libclamav/dsig.c uses gmp.h :-)).
mpz_t variables, mpz_init mpz_set_ui mpz_mul_2exp mpz_add mpz_powm
mpz_clear mpz_tdiv_qr_ui mpz_get_ui mpz_init_set_str ... only for
cli_versig ... Looks like 1024 bit public key signing of databases.
libclamav/cvd.c:if(cli_versig(md5, cvd-dsig)) {
Only line which really needs this. Great. So if I remove dsig.* and
that line in cvd.c, ClamAV will be more insecure (no longer able to
check for modified databases) but will no longer need GMP library :-).
You can even compile with #undef HAVE_GMP, even simpler.
Edit in clamav-config.h ...
Do not forget to remove -lgmp from the clamscan/Makefile if you are cheating:
LIBCLAMAV_LIBS = -lz
(removed: -lgmp)
Same in libclamav/Makefile ...
TWO occurances of -lgmp there ...
Oops, forgotten libclamav.la ...
... not to forget make clean ...
... and LIBCLAMAV_LIBS in the top level Makefile ...
... config.status ...??? Zapped some extra GMP references there ...
Touching config.status recreates the makefiles, sigh...
(- edit SUBDIRS again, force
