[nw22panda]

Hi. I am creating an anti-malware program in C#, that uses the .cvd databases of ClamWin and Clam AV for its detection rules. How can I code and/or patch my program so that it can interpret and use the CVD file?

[Skydiver]

Unless the file format is publicly available, you'll probably have to contact the makers of software to find out how the file is laid out. Then you'll have to make sure that you have at least read access to file while the file actively being used by their software. Some programs put an exclusive lock preventing others from opening the file at the same time.

After that, it's a matter of opening the file and navigating through their file structures to get to the definitions that you need. Most basic file I/O operations will work unless their file is actually managed by a database system. In that case, it maybe easier if you use the same database engine they are using to access the data in the file.

[nw22panda]

I do know that ClamWin is open source. Does this change anything?

Also, ClamWin is built off of ClamAV, which is also open-source.

[Skydiver]

Then crack open the source code see how they access the files. If they applied good engineering practices, then I/O routines that deal with the .CVD files should be in only 1 or 2 files. If its a simple format, you can probably just include the header files that define the structures on disk. If it's more complicated, then you may need to copy or port to code over into your program.

If it uses a database engine that publicly available, even better then. All you need is to also use the same engine and point it at the file. Of course, you'll need to know the database schema instead of the file structures, but in theory it should be easier.

[nw22panda]

I have ClamWin on my flash drive, from PortableApps.com. So, that being said, could I just copy the engines from my flash drive over to the debug folder?

[Skydiver]

Looking in the docs directory of the GIT repository, it looks like the .CVD file is a text file that you can just read using any old file I/O:
http://clamwin.git.s...res.pdf;hb=HEAD

You can probably get by just using StreamReader.ReadLine(). Chances are you've seen this MSDN micro tutorial on how to read a text file: http://msdn.microsof...y/db5x7c0d.aspx

[nw22panda]

So this code should work?

class Test
        {
            public static void Main()
            {
                try
                {
                    // Create an instance of StreamReader to read from a file.
                    // The using statement also closes the StreamReader.
                    using (StreamReader sr = new StreamReader("main.cvd"))
                    {
                        String line;
                        // Read and display lines from the file until the end of 
                        // the file is reached.
                        while ((line = sr.ReadLine()) != null)
                        {
                            Console.WriteLine(line);
                        }
                    }
                }
                catch (Exception e)
                {
                    // Let the user know what went wrong.
                    Console.WriteLine("ERROR WHILE LOADING DATABASE!:");
                    Console.WriteLine(e.Message);
                }
            }
        }

[Skydiver]

That'll let you read the file. Parsing the contents will be another matter, but the PDF seemed to document things well.

[nw22panda]

So how should I go along parsing the contents?

[Skydiver]

Sorry to be blunt, but if you can't even parse a text file, are you sure you want to be dealing with antivirus software?

[nw22panda]

I understand your point, but I have created a few advanced programs in C#, but have never had to parse the contents of anything.

[Skydiver]

Post #6 links to a MSDN sample for reading lines out of a file. You'll have to read the lines and try to match that up with the format documented the CVD documentation to extract the information that you need.