使用file命令查看daily.cvd文件类型:
# file -b /var/lib/clamav/daily.cvd
Clam AntiVirus database 11 May 2022 04-06 -0400, version2653, gzipped
说明是压缩后的文件,但是使用unzip进行解压会失败。应该是clamav自定义的一种文件格式。可以再看一遍上面的输出结果。
然后参考博客ClamAV学习【9】——cvd文件解析及cli_untgz函数浏览
知道cli_untgz可以解压cvd压缩文件。
写了一个测试代码。clamd.c在这个文件中增加的。
static int unzip_daily_cvd()
{
const char * cvdfile = "/var/lib/clamav/daily.cvd";
const char * tmpdir = "/tmp/av/";
if (0 != mkdir(tmpdir, 0755)) {
logg("mkdir %s fail\n", tmpdir);
return -1;
}
if (-1 == cli_cvdunpack(cvdfile, tmpdir)) {
logg("!mkdir_and_chdir_for_cdiff_tmp: Can't unpack %s into %s\n", cvdfile, tmpdir);
cli_rmdirs(tmpdir);
return -1;
}
logg("%s succ\n", cvdfile);
return 0;
}
想查看解压日志,我把它添加到clamd.c的main函数中已经初始化好日志的后面。
如下:
int main(int argc, char **argv)
{
......
do { /* logger initialized */
if (optget(opts, "DevLiblog")->enabled)
cl_set_clcb_msg(msg_callback);
if ((ret = cl_init(CL_INIT_DEFAULT))) {
logg("!Can't initialize libclamav: %s\n", cl_strerror(ret));
ret = 1;
break;
}
if (optget(opts, "Debug")->enabled) {
/* enable debug messages in libclamav */
cl_debug();
logg_verbose = 2;
}
#if defined(USE_SYSLOG) && !defined(C_AIX)
if (optget(opts, "LogSyslog")->enabled) {
int fac = LOG_LOCAL6;
opt = optget(opts, "LogFacility");
if ((fac = logg_facility(opt->strarg)) == -1) {
logg("!LogFacility: %s: No such facility.\n", opt->strarg);
ret = 1;
break;
}
openlog("clamd", LOG_PID, fac);
logg_syslog = 1;
}
#endif
unzip_daily_cvd();
......
}
重新执行make操作,然后修改 /usr/local/etc/clamd.conf配置文件:
# Enable debug messages in libclamav.
# Default: no
Debug yes
# Path to the database directory.
# Default: hardcoded (depends on installation options), 病毒库的默认路径
DatabaseDirectory /var/lib/clamav
然后执行 ./clamd/clamd,输出如下:
# ./clamd/clamd
LibClamAV debug: in cli_untgz()
LibClamAV debug: cli_untgz: Unpacking /tmp/av//COPYING
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.info
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.cfg
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ign
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ign2
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ftm
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.hdb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.hdu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.hsb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.hsu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.mdb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.mdu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.msb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.msu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ndb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ndu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ldb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.ldu
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.idb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.fp
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.sfp
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.pdb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.wdb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.crb
LibClamAV debug: cli_untgz: Unpacking /tmp/av//daily.cdb
LibClamAV debug: in cli_untgz_cleanup()
/var/lib/clamav/daily.cvd succ
......
打印多了一个/, 将unzip_daily_cvd函数中的代码修改一下即可:
const char * tmpdir = "/tmp/av";
查看/tmp/av/目录下的文件:
# ls /tmp/av/ -alth
total 177M
drwxrwxrwt 18 root root 4.0K May 14 20:48 ..
drwxr-xr-x 2 root root 4.0K May 14 20:48 .
-rw-r--r-- 1 root root 491 May 14 20:48 daily.cdb
-rw-r--r-- 1 root root 11K May 14 20:48 daily.crb
-rw-r--r-- 1 root root 26K May 14 20:48 daily.fp
-rw-r--r-- 1 root root 36K May 14 20:48 daily.idb
-rw-r--r-- 1 root root 4.0K May 14 20:48 daily.pdb
-rw-r--r-- 1 root root 87 May 14 20:48 daily.sfp
-rw-r--r-- 1 root root 11K May 14 20:48 daily.wdb
-rw-r--r-- 1 root root 3.4M May 14 20:48 daily.ldu
-rw-r--r-- 1 root root 55M May 14 20:48 daily.ldb
-rw-r--r-- 1 root root 805K May 14 20:48 daily.ndu
-rw-r--r-- 1 root root 68K May 14 20:48 daily.mdu
-rw-r--r-- 1 root root 161 May 14 20:48 daily.msb
-rw-r--r-- 1 root root 92 May 14 20:48 daily.msu
-rw-r--r-- 1 root root 162K May 14 20:48 daily.ndb
-rw-r--r-- 1 root root 4.7M May 14 20:48 daily.mdb
-rw-r--r-- 1 root root 113M May 14 20:48 daily.hsb
-rw-r--r-- 1 root root 195 May 14 20:48 daily.hsu
-rw-r--r-- 1 root root 18K May 14 20:48 COPYING
-rw-r--r-- 1 root root 424 May 14 20:48 daily.cfg
-rw-r--r-- 1 root root 12K May 14 20:48 daily.ftm
-rw-r--r-- 1 root root 57 May 14 20:48 daily.hdb
-rw-r--r-- 1 root root 3.5K May 14 20:48 daily.hdu
-rw-r--r-- 1 root root 3.6K May 14 20:48 daily.ign
-rw-r--r-- 1 root root 2.8K May 14 20:48 daily.ign2
-rw-r--r-- 1 root root 2.3K May 14 20:48 daily.info
直接sigtool -u /var/lib/clamav/daily.cvd 就行了。