The ClamAV® Bytecode Compiler is a tool to build cross-platform advanced malware detection plugins for the ClamAV® open source antivirus engine. We call these plugins "bytecode signatures". Bytecode signatures are are executed by a ClamAV using either an LLVM JIT runtime or an interpreter runtime. These signatures extend ClamAV's file format support and provide detection capabilities above and beyond the limitations of content-based logical signatures.
At present the pdf documentation is dated. Specifically, the instructions for building the compiler or no longer correct. The documentation will be updated as time permits.
The PDF documentation still provides valuable instructions for writing and compiling signatures, and documents features of the bytecode signature API.
git clone git://github.com/Cisco-Talos/clamav-bytecode-compiler
-
LLVM and Clang, version 8 or newer
- LLVM and Clang versions must match.
- Version 8 is preferred, tested. Newer versions are not guaranteed to work correctly.
- LLVM is required to build the bytecode compiler.
- Clang is required to run the bytecode compiler.
-
Python 3.6 or newer.
- Python is required to run the unit tests, and to run the bytecode compiler.
Configure:
mkdir build && cd build
cmake .. \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_INSTALL_PREFIX=<install path>
Build:
cmake --build .
Test:
ctest -V
Install:
cmake --build . --target install
Build with a specific LLVM version and specific ClamAV install that installs to local directory:
cmake .. \
-D CMAKE_INSTALL_PREFIX=install \
-D ENABLE_TESTS=ON \
-D LLVM_ROOT=/usr/lib/llvm-8 \
-D ClamAV_HOME=$HOME/clams/0.105.0
make -j12
ctest -V
make install
For information about the features in this and prior releases, read the news.
The best way to get in touch with the ClamAV community is to join our mailing lists and to join us on Discord.
The ClamAV development team welcomes code contributions. Thanks for joining us!
ClamAV is licensed for public/open source use under the GNU General Public License, Version 2 (GPLv2).
See COPYING/COPYING.txt
for a copy of the license.
ClamAV contains a number of components that include code copied in part or in whole from 3rd party projects and whose code is not owned by Cisco and which are licensed differently than ClamAV. These include:
- LLVM, Clang:
- < 9.0.0: Illinois Open Source License (BSD-like)
-
= 9.0.0: Apache License 2.0 with LLVM Exceptions
See the COPYING
directory for a copy of the 3rd party project licenses.