5 Aug 2006 Chicago   » (Journeyer)

So I'm writing in C# and I have a security problem - uploading of virii to my system, so I need to scan. I was hoping to use ClamWin and its libclamav.dll to scan the buffer, but I've met the following interesting quirks:

Yes, I know I could save the file to the disk and call clam as a process and look at its return value, but that's not very elegant is it? I also know that on the FAQ it says

Q: Does ClamWin scan BLOBs (Binary Large OBjects) in databases?

A: No, the only way to do this is export the object to a file and scan the exported file. Ideally, the objects should be scanned before they are entered into the database.

Erm ok - but in linux clamscan has the ability to scan from stdin - something like: 

Echo ``something to be scanned'' | clamscan -someoptiontoscanforstdin

Is that not possible with clamwin? (Point 1)

The second thing is I can view the libclamav.dll file and see what functions are available in there, but I have no idea as to what order they need to be called in - at a guess (and looking at *some* documentation) I think I can get away with something similar to this: 

using System;
using System.Runtime.InteropServices;
namespace ClamScanTest
{
    class Program
    {
        [DllImport("libclamav.dll")]
        static extern string cl_scanfile(string filename);
        
        public static void Main()
        {
            Console.WriteLine(cl_scanfile("test"));
            Console.ReadKey();
        }
    }
}

Apart from the obvious (if you where to run that) fact that it doesn't work - I get the error string:

The runtime has encountered a fatal error. The address of the error was at 0x79ef281a, on thread 0x8fc. The error code is 0xc0000005.

Now this may be related to point 1 - the nux version seems to have the function scanbuf(), although my dll inspector doesn't show that in windows. Presumably this is a problem with something to do with the (fundamental) differences between Windows and Posix file handling routines.

What should I try next? Is there an easier way of doing this (maybe not using clamscan)? Maybe I should learn more about running unmanaged dll's in .Net before trying something this complicated? Perhaps, but any aid would be appreciated.

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!