 |
 | name of the source file which arefor obtaining the modulname |  |
|
dvechamb
|
|
hello
I guess clamwin suspend each new process, list the modules loaded by theses processes, and then resume them. I'd want to know the name of the source code files which are for : 1) obtaining the name of the module loaded by each new process including the hidden ones. 2) suspending the process Thanking you in advance |
|||||||||||
|
|||||||||||||
 |
| |
|
sherpya
|
|
clamav does not suspend processes
there are two versions of the function one using toolhelp32 and another using psapi for platform not supporting it the source you are searching for is here https://clamwin.git.sourceforge.net/git/gitweb.cgi?p=clamwin/clamav-win32.git;a=blob;f=contrib/msvc/src/helpers/scanmem.c;h=55e49e273bd9892884e0623b6921f87b9ea53d3c;hb=HEAD https://clamwin.git.sourceforge.net/git/gitweb.cgi?p=clamwin/clamav-win32.git;a=blob;f=contrib/msvc/src/helpers/scanmem.c;h=55e49e273bd9892884e0623b6921f87b9ea53d3c;hb=HEAD you can find a sample code to suspend a process here (you can suspend a thread) https://social.msdn.microsoft.com/Forums/en/windowssdk/thread/d7e17919-40b7-4fa4-9694-83aff214ef17 https://social.msdn.microsoft.com/Forums/en/windowssdk/thread/d7e17919-40b7-4fa4-9694-83aff214ef17 |
|||||||||||
|
|||||||||||||
|
| |
|
dvechamb
|
|
ok thanks you
but i don't understand: clamwin is just a scan ? there is no guard like the other antivirus? if a virus come suddenly , clamwin is not gonna suspend the process and alert the user? if clamwin can do it, he must detect each new process and in this case I would want to know the name of the web page where there is the code which are for getting the PID of each new process. |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
there is no realtime scanner (yet) but there are some projects with some realtime facilities support
|
|||||||||||
|
|||||||||||||
|
| |
|
GuitarBob
|
|
ClamWin uses the scanning engine and signature database from ClamAV, which is a scanner for Linux email servers, which don't need real-time support.
The Clam Sentinel Project at https://sourceforge.net/projects/clamsentinel/ on the web adds some real-time scanning ability to ClamWin. It is designed for Win98/ME/2000 but can be used on XP/Vista/maybe Win7 also and is the real-time project that is farthest along at this time. Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
aru
|
|
It is designed for Win98/ME/2000/XP (has two different engines: one for Win98/ME and another for the newer systems) and works also on Vista or Win7 (I don't have tested it on this two systems but some users have reported that works). bye, aru |
|||||||||||||
|
|||||||||||||||
|
 | name of the source file which arefor obtaining the modulname | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.