So I'm writing in C# and I have a security problem - uploading of virii to my system, so I need to scan. I was hoping to use ClamWin and its libclamav.dll to scan the buffer, but I've met the following interesting quirks:

Yes, I know I could save the file to the disk and call clam as a process and look at its return value, but that's not very elegant is it? I also know that on the FAQ it says

Q: Does ClamWin scan BLOBs (Binary Large OBjects) in databases?

A: No, the only way to do this is export the object to a file and scan the exported file. Ideally, the objects should be scanned before they are entered into the database.

Erm ok - but in linux clamscan has the ability to scan from stdin - something like:

Echo ``something to be scanned'' | clamscan -someoptiontoscanforstdin

Is that not possible with clamwin? (Point 1)

The second thing is I can view the libclamav.dll file and see what functions are available in there, but I have no idea as to what order they need to be called in - at a guess (and looking at *some* documentation) I think I can get away with something similar to this:

using System;
using System.Runtime.InteropServices;
namespace ClamScanTest
{
    class Program
    {
        [DllImport("libclamav.dll")]
        static extern string cl_scanfile(string filename);
        
        public static void Main()
        {
            Console.WriteLine(cl_scanfile("test"));
            Console.ReadKey();
        }
    }
}

Apart from the obvious (if you where to run that) fact that it doesn't work - I get the error string:

The runtime has encountered a fatal error. The address of the error was at 0x79ef281a, on thread 0x8fc. The error code is 0xc0000005.

Now this may be related to point 1 - the nux version seems to have the function scanbuf(), although my dll inspector doesn't show that in windows. Presumably this is a problem with something to do with the (fundamental) differences between Windows and Posix file handling routines.

What should I try next? Is there an easier way of doing this (maybe not using clamscan)? Maybe I should learn more about running unmanaged dll's in .Net before trying something this complicated? Perhaps, but any aid would be appreciated.