'Clamd INSTREAM checking

I'm trying to check file by using clamd nINSTREAM.

struct clam_chunk {
    unsigned int fsize;
    char data[1024];    
    };

..............................................................................

st_data.fsize = __bswap_32(st_data.fsize); //big-endian format

do {
    ret = send(fd, "nINSTREAM\n", 11, MSG_NOSIGNAL);
    ret = send(fd, &st_data, sizeof(st_data), MSG_NOSIGNAL);
    ret = send (fd,"",0,MSG_NOSIGNAL);
} while (ret < 0 && errno == EINTR);

I have a response: "stream: OK", but it's wrong, because data contains Eicar-Test-Signature.

PING recive PONG, simple SCAN work too.

csocketsunixdaemonunix-socket


Solution 1:[1]

You're sending 11 characters which includes \0 end character. This is not necessary, because you're sending a 'n' command, which ends with \n. May be that character is responsible for the no detection. Try to send 10 characters, or zINSTREAM command, which also requires 10 characters because \0 end character is required.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Damini Suthar

Related Questions

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

Implicit declaration of functions srand, rand and system

hex code implementation for spawning a shell

hex code implementation for spawning a shell

hex code implementation for spawning a shell

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

warning: format ‘%s’ expects type ‘char *’, but argument 2 has type ‘char (*)’

Minimal implementation of sprintf or printf

How to hide helper functions from public API in c

VS Code C Error - Invalid Active Developer Path

In C is it faster to use the standard library or write your own function?

Finding consecutive bit string of 1 or 0

What is the simplest way of implementing bigint in C?