Interpreting check results
Prev Chapter 2. Programming with libkavclient Next

Interpreting check results

Once you have checked a file, group of files or a memory region with one of the checking functions, you obviously want to know if viruses were found in them. For this, use the following function.

int kav_result_get_status(kav_ctx ctx);

The kav_result_get_status function retrieves a status code indicating the result of KAVDaemon's check. Possible values returned by kav_result_get_status and their meanings are as follows:

KAV_STATUS_NOT_CHECKED

This is a special value - it means that kav_result_get_status is called in a context where no check has been previously performed.

KAV_STATUS_CLEAN

Checked objects are clean - they contain no viruses or suspicious objects.

KAV_STATUS_SCAN_NOT_COMPLETE

Checking is not complete. The most likely reason for this status is that you asked KAVDaemon to check a file that does not exist.

KAV_STATUS_CORRUPTED_VIRUSES_FOUND

Corrupted or mutated viruses were found in the checked objects.

KAV_STATUS_SUSPICIOUS_FOUND

Suspicious object were found. That is, KAVDaemon is not sure they really are viruses, but they looked suspicious to it.

KAV_STATUS_VIRUSES_FOUND

Viruses were found in the checked objects.

KAV_STATUS_CURED

Viruses were found in the checked objects, but KAVDaemon successfully cured them.

KAV_STATUS_INFECTED_DELETED

Viruses were found in the checked files, and KAVDaemon deleted them.

KAV_STATUS_CORRUPTED_FOUND

Corrupted objects (such as bad archives) were found.

You can also examine the textual report that KAVDaemon generates. For this, use the following functions:

const char *kav_result_get_report(kav_ctx ctx);

int kav_result_get_report_len(kav_ctx ctx);

The kav_result_get_report returns the report that KAVDaemon generated as a NULL-terminated string. You should not modify this tring. The kav_result_get_report_len returns the length of the report.

When you have examined the results of the check, you can delete the results from the session context to free up the memory allocated for them. For this, use the following function:

void kav_reset(kav_ctx ctx);

The kav_reset function deletes the results of the previous check from the session context ctx. It is safe (although redundant) to call it more than once in the same context in a row. Note that if you call another checking function in a context, kav_reset will be called automatically to delete the old results before obtaining new ones. Also, when you dispose of the context with kav_free, kav_reset is called automatically.

Prev Up Next
Advanced functions for memory checking Home Deallocating session context