Skip to content

Cisco-Talos/clamav-bytecode-compiler

ClamAV Bytecode Compiler

Maeve, the ClamAV mascot

The ClamAV® Bytecode Compiler is a tool to build cross-platform advanced malware detection plugins for the ClamAV® open source antivirus engine. We call these plugins "bytecode signatures". Bytecode signatures are are executed by a ClamAV using either an LLVM JIT runtime or an interpreter runtime. These signatures extend ClamAV's file format support and provide detection capabilities above and beyond the limitations of content-based logical signatures.

Documentation

At present the pdf documentation is dated. Specifically, the instructions for building the compiler or no longer correct. The documentation will be updated as time permits.

The PDF documentation still provides valuable instructions for writing and compiling signatures, and documents features of the bytecode signature API.

Quick Start

Getting the bytecode compiler repository

git clone git://github.com/Cisco-Talos/clamav-bytecode-compiler

Quick start for building & installing

Requirements

  • LLVM and Clang, version 8 or newer

    • LLVM and Clang versions must match.
    • Version 8 is preferred, tested. Newer versions are not guaranteed to work correctly.
    • LLVM is required to build the bytecode compiler.
    • Clang is required to run the bytecode compiler.
  • Python 3.6 or newer.

    • Python is required to run the unit tests, and to run the bytecode compiler.

Build & Install

Configure:

mkdir build && cd build

cmake .. \
    -D CMAKE_BUILD_TYPE=Release \
    -D CMAKE_INSTALL_PREFIX=<install path>

Build:

cmake --build .

Test:

ctest -V

Install:

cmake --build . --target install

Additional Build Examples

Build with a specific LLVM version and specific ClamAV install that installs to local directory:

cmake .. \
  -D CMAKE_INSTALL_PREFIX=install \
  -D ENABLE_TESTS=ON \
  -D LLVM_ROOT=/usr/lib/llvm-8 \
  -D ClamAV_HOME=$HOME/clams/0.105.0

make -j12

ctest -V

make install

Change Log

For information about the features in this and prior releases, read the news.

Join the ClamAV Community

The best way to get in touch with the ClamAV community is to join our mailing lists and to join us on Discord.

Want to make a contribution?

The ClamAV development team welcomes code contributions. Thanks for joining us!

Licensing

ClamAV is licensed for public/open source use under the GNU General Public License, Version 2 (GPLv2).

See COPYING/COPYING.txt for a copy of the license.

3rd Party Code

ClamAV contains a number of components that include code copied in part or in whole from 3rd party projects and whose code is not owned by Cisco and which are licensed differently than ClamAV. These include:

  • LLVM, Clang:
    • < 9.0.0: Illinois Open Source License (BSD-like)
    • = 9.0.0: Apache License 2.0 with LLVM Exceptions

See the COPYING directory for a copy of the 3rd party project licenses.