readme

一个使用诺顿病毒库的病毒扫描的例子程序

--- Version 1.06

--- Introduction

    REMEMBER: YOU NEED TrendMicro product in order to use this package!

    Trophie is a daemon which uses 'libvsapi' library from TrendMicro
    antivirus vendor ( http://www.antivirus.com ).

    On startup, Trophie initializes VSAPI (Virus Scanning API, I guess)
    loads virus patterns into memory, opens local UNIX domain socket,
    and waits for someone to connect and instructs it which path to
    scan.

    Since it is loaded in RAM, scanning is very fast. Of course, speed
    of scanning also depends on VSAPI settings and size of the file.

--- Requirements

    You must have libvsapi installed on your system, and virus patterns.
    
    You will also probably need some application that will be able to
    send request(s) to Trophie, and do something with the result.

    Sample applications are included with Trophie.
    
    Trophie has been compiled/tested on:

    Linux (kernel 2.2.x and 2.4.x - various distros) with gcc
    HP-UX 10.20 with gcc
    Solaris 2.7 (Sparc) with gcc
    
    Engines/virus patterns tested:
    
    engine v5.450-0723 / pattern v921
    engine v2.062-0402 / pattern v921 (some options were not available)
    engine v2.062-0402 / pattern v851 (some options were not available)

--- Details
    
    Trophie is fast, and it also tries not to kill the system if many
    requests are sent to it, or if very big files are scanned. On each
    fork() of new child that handless scans, Trophie sets priority to 20
    which prevents (hopefully) it from using all system resources (and
    trust me, virus scanning can take a lot of resources :)
    
    NOTE: If you have older version of the engine, Trophie might not
    compile. If Trophie compilation fails, edit "trophie.h" file and
    set:

    #define NEWER_VSAPI             0
    (this is set to '1' by default)

    You can set 2 options by editing "trophie_init.h" file:

    #define VS_PROCESS_ALL_FILES_IN_ARCHIVE     1

    This tells Trophie if it should scan all files in the archive. By
    default, I have set this to '1'. However, this will probably take
    more time and resources. Change to '0' if you want only default
    list of extensions to be scanned.

    #define VS_PROCESS_ALL_FILES                1

    Similar to previous option, but this applies to files on the
    filesystem. If set to '1', Trophie will scan all files - if set
    to '0', Trophie will only scan files that are in default extension
    list.

--- Installation

    Part of the installation is managed by configure script, but some
    settings need to be changed directly in trophie.h. I might make
    these options be available from configure script, or from config
    file (if I ever get to create a configuration file for Trophie -
    does anyone need it? :)
    
    Settings:
    - You might need to change TROPHIE_SOCKET_NAME in order to set the
      location where socket should be created
    - You might want to change TROPHIE_SOCKET_GROUP (default value is
      'mail') - right now, socket gets created with root as an owner,
      and group set to the TROPHIE_SOCKET_GROUP. Socket is only readable
      and/or writable by owner and the group.
    - You might want to change SYSLOG_NAME - this is what the program
      name will be reported as, in syslog entries
    - You might want to change MAX_PROC - that defines how many
      requests (scans) will be allowed/handled at the same time - 
      default is '10'

    Btw - I have just started playing with autoconf (and 'relatives' :),
    so please let me know if you find any nonense in configure.in or
    Makefile.in. Thanks :)
    
    Type
    
    ./configure
    
    in order to configure the software. If libvsapi is not in the path,
    use
    
    ./configure --with-vsapilib=/path/to/libvsapi/dir

    Then type
    
    make
    
    If compilation was fine, copy the binary somewhere and use it :)

--- Problems/Bugs

    You might get a message like this on startup:

    ld.so.1: ./trophie: fatal: libvsapi.so: open failed: No such file
    or directory

    Make sure libvsapi.so is in LD_LIBRARY_PATH

    I did not test the Trophie if virus patterns are missing or there is
    some similar 'unexpected' error. I don't have time to do this, but
    I would like to hear if anyone else has problems.

--- Usage

    To get brief help, use:

    ./trophie -h

    To see version of VSAPI engine and patterns, use:

    ./trophie -v

    To see current (compiled-in) VSAPI configuration, use:

    ./trophie -c

    To check Trophie and scan a *file* (not a directory) on a local hard
    disk, use:

    ./trophie -f <path_to_infected_or_some_other_file>

    To check Trophie and scan a *directory* (and subdirectories) on a
    local hard disk, use:

    ./trophie -s <path_to_directory>

    To send Trophie into background, use:

    ./trophie -D

    Trophie will reload patterns (re-init) if it receives HUP signal.
    
    eicar.com test file is also available, to make testing easier.
    
--- Sample applications

    You can find some sample applications (C and Perl) in 'sample_apps'
    directory.
    
--- Availability

    Releases of Trophie are (should be) available at:
    
    http://www.vanja.com/tools/

--- Author

    Comments/patches send to: vanja@pobox.com

--- Acknowledgments

    Many thanks to Vladimir Pudar <vlada@beethoven.com> for his help
    and support during development of this tool.

--- License

    This program is released under the GPL license