trophie_core.c

一个使用诺顿病毒库的病毒扫描的例子程序

#include "trophie.h"

int trophie_scandir(char *scan_dir)
{
	int pattern_number_pointer;
	vs_ret = VSScanDir(vs_addr, scan_dir, &vs_virus_scan_file_callback_function, &scandir_handler, &pattern_number_pointer);

	/* Ouch - wish I have VSAPI docs... */
	
	/* Since I'm not 100% sure what gets (and why) returned from VSScanDir(), I'll use simple method */
	/* vs_ret will be -88 if virus is found (that's probably not right - but give me the docs please ;) */
	/* However, if VIR_NAME is set, we know virus is there. We'll ignore return codes from VSScanDir() */
	if (VIR_NAME[0] != '\0')
		return(1);

	return(vs_ret); /* This seems to be 0 - even vscan exit code is '0' when scanning dirs w/ infected files */
}

/* Useless for now - don't still understand if I really need it */
int scandir_handler(char *a)
{
	/* a seems to point to some other structure */
	return(0);
}

/* Scan a file */
int trophie_scanfile(char *scan_file)
{
	vs_ret = VSVirusScanFileWithoutFNFilter(vs_addr, scan_file, -1);
	
	/* Lame. Hopefully just a temporary thing */
	/* Returned for .bz2 archives, and some MPEG files - not sure why it's -89, but we're not missing viruses */
	if (vs_ret == -89)
		vs_ret = 0;
	
	return vs_ret;
}

/*
  If called with 'debug = 0', message will be printed always (used for errors)
  If called with 'debug = 1', message will be printed only if TROPHIE_DEBUG == 1
*/
void trophie_print(int debug, char *printMessage, ...)
{
	char printMsg[512];

	va_list argptr;
	va_start(argptr, printMessage);
	vsnprintf(printMsg, sizeof(printMsg)-1, printMessage, argptr);
	va_end(argptr);

	/* If running as a daemon, send messages to syslog */
	if (TROPHIE_DAEMON > 0)
	{
		if (debug == 0)
			trophie_syslog("%s", printMsg);
		else if (debug == 1 && TROPHIE_DEBUG == 1)
			trophie_syslog("[   debug   ] : %s", printMsg);
	}
	else
	{
		if (debug == 0)
			fprintf(stderr, "%s\n", printMsg);
		else if (debug == 1 && TROPHIE_DEBUG == 1)
			fprintf(stderr, "[   debug   ] : %s\n", printMsg);
	}
}

/*
  Logs a message to syslog
*/
void trophie_syslog(char *syslogMessage, ...)
{
	char logMsg[512];

	va_list argptr;
	va_start(argptr, syslogMessage);
	vsnprintf(logMsg, sizeof(logMsg)-1, syslogMessage, argptr);
	va_end(argptr);

	openlog(SYSLOG_NAME, LOG_PID | LOG_CONS, LOG_USER);
	syslog(SYSLOG_FACILITY, "%s\n", logMsg);
	closelog();
}

/* This is not used */
int pre_extract_arch_func_callback(char *a)
{
	/* still to figure out this one - I don't actually need it */
	return(0);
}

/* int callback_fn(char *a, char *b, int c, char *d) */
int vs_virus_scan_file_callback_function(char *a, struct callback_type *b, int c, char *d)
{
	char full_path_filename[1024];

	/* Only c == 1 needs to be processed = no idea what for 2nd run is used for (and don't want to know) */
	if (c == 1)
		trophie_print(1, "scanning file: '%s'", b->current_filename);

	if ( (c == 1) && (b->flag_infected > 0) )
	{
		char *virus_name = (char *)(b->vname+8);

		strncpy(VIR_NAME, virus_name, sizeof(VIR_NAME)-1);
		memset(full_path_filename, 0, sizeof(full_path_filename));
	
		if (b->flag_archive == 1)
		{
			char *infected_file = (char *)(b->current_filename);
			VSMergeDir(full_path_filename, working_dir, b->archive_being_scanned);
			trophie_print(0, "Scan result   : Archive '%s' contains file (%s) infected with '%s' virus", full_path_filename, infected_file, virus_name);
		}
		else
		{
			VSMergeDir(full_path_filename, working_dir, b->current_filename);
			trophie_print(0, "Scan result   : File '%s' infected with '%s' virus", full_path_filename, virus_name);
		}
	}

	return(0);
}