Scan VMDK for Virus Signatures
One of the Use Cases for the Virtual Disk Library is to scan a VMDK for virus signatures. Using our sample program framework, this example function implements the -virus command-line option, using hypothetical library routine SecureVirusScan(), supplied by an antivirus software vendor. The library routine scans a buffer against the vendor’s latest pattern library, returning TRUE if it identifies a virus.
extern int SecureVirusScan(const uint8 *buf, size_t n); /* * DoVirusScan - Scan the content of a virtual disk for virus signatures. */ static void DoVirusScan(void) { VixDisk disk(appGlobals.connection, appGlobals.diskPath, appGlobals.openFlags); VixDiskLibDiskInfo info; uint8 buf[VIXDISKLIB_SECTOR_SIZE]; VixDiskLibSectorType sector; VixError vixError = VixDiskLib_GetInfo(disk.Handle(), &info); CHECK_AND_THROW(vixError); cout << "capacity = " << info.capacity << " sectors" << endl; // read all sectors even if not yet populated for (sector = 0; sector < info.capacity; sector++) { vixError = VixDiskLib_Read(disk.Handle(), sector, 1, buf); CHECK_AND_THROW(vixError); if (SecureVirusScan(buf, sizeof buf)) { printf("Virus detected in sector %d\n", sector); } } cout << info.capacity << " sectors scanned" << endl; }
This function calls VixDiskLib_GetInfo() to determine the number of sectors allocated in the virtual disk. The number of sectors is available in the VixDiskLibDiskInfo structure, but normally not in the metadata. With SPARSE type layout, data can occur in any sector, so this function reads all sectors, whether filled or not. VixDiskLib_Read() continues without error when it encounters an empty sector full of zeroes.
The following difference list shows the remaining code changes necessary for adding the -virus option to the vixDiskLibSample.cpp sample program:
43a44 > #define COMMAND_VIRUS_SCAN (1 << 10) 72a74 > static void DoVirusScan(void); 425a429 > printf(" -virus: scan source vmdk for virus signature \n"); 519a524,525 > } else if (appGlobals.command & COMMAND_VIRUS_SCAN) { > DoVirusScan(); 564a571,572 > } else if (!strcmp(argv[i], "-virus")) { > appGlobals.command |= COMMAND_VIRUS_SCAN;