Data scan functions

It's possible to scan a file or descriptor using:

	int cl_scanfile(const char *filename, const char **virname,
	unsigned long int *scanned, const struct cl_engine *engine,
	unsigned int options);

	int cl_scandesc(int desc, const char **virname, unsigned
	long int *scanned, const struct cl_engine *engine,
	unsigned int options);

Both functions will store a virus name under the pointer virname, the virus name is part of the engine structure and must not be released directly. If the third argument (scanned) is not NULL, the functions will increase its value with the size of scanned data (in CL_COUNT_PRECISION units). The last argument (options) specified the scan options and supports the following flags (which can be combined using bit operators):

• CL_SCAN_STDOPT
  This is an alias for a recommended set of scan options. You should use it to make your software ready for new features in the future versions of libclamav.
• CL_SCAN_RAW
  Use it alone if you want to disable support for special files.
• CL_SCAN_ARCHIVE
  This flag enables transparent scanning of various archive formats.
• CL_SCAN_BLOCKENCRYPTED
  With this flag the library will mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
• CL_SCAN_MAIL
  Enable support for mail files.
• CL_SCAN_OLE2
  Enables support for OLE2 containers (used by MS Office and .msi files).
• CL_SCAN_PDF
  Enables scanning within PDF files.
• CL_SCAN_SWF
  Enables scanning within SWF files, notably compressed SWF.
• CL_SCAN_PE
  This flag enables deep scanning of Portable Executable files and allows libclamav to unpack executables compressed with run-time unpackers.
• CL_SCAN_ELF
  Enable support for ELF files.
• CL_SCAN_BLOCKBROKEN
  libclamav will try to detect broken executables and mark them as Broken.Executable.
• CL_SCAN_HTML
  This flag enables HTML normalisation (including ScrEnc decryption).
• CL_SCAN_ALGORITHMIC
  Enable algorithmic detection of viruses.
• CL_SCAN_PHISHING_BLOCKSSL
  Phishing module: always block SSL mismatches in URLs.
• CL_SCAN_PHISHING_BLOCKCLOAK
  Phishing module: always block cloaked URLs.
• CL_SCAN_STRUCTURED
  Enable the DLP module which scans for credit card and SSN numbers.
• CL_SCAN_STRUCTURED_SSN_NORMAL
  Search for SSNs formatted as xx-yy-zzzz.
• CL_SCAN_STRUCTURED_SSN_STRIPPED
  Search for SSNs formatted as xxyyzzzz.
• CL_SCAN_PARTIAL_MESSAGE
  Scan RFC1341 messages split over many emails. You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
• CL_SCAN_HEURISTIC_PRECEDENCE
  Allow heuristic match to take precedence. When enabled, if a heuristic scan (such as phishingScan) detects a possible virus/phish it will stop scan immediately. Recommended, saves CPU scan-time. When disabled, virus/phish detected by heuristic scans will be reported only at the end of a scan. If an archive contains both a heuristically detected virus/phishing, and a real malware, the real malware will be reported.
• CL_SCAN_BLOCKMACROS
  OLE2 containers, which contain VBA macros will be marked infected (Heuristics.OLE2.ContainsMacros).

All functions return CL_CLEAN when the file seems clean, CL_VIRUS when a virus is detected and another value on failure.

	    ...
	    const char *virname;

	if((ret = cl_scanfile("/tmp/test.exe", &virname, NULL, engine,
	CL_SCAN_STDOPT)) == CL_VIRUS) {
	    printf("Virus detected: %s\n", virname);
	} else {
	    printf("No virus detected.\n");
	    if(ret != CL_CLEAN)
	        printf("Error: %s\n", cl_strerror(ret));
	}