post-build-checks-malwarescan/80-check-malware-scan-clamav

#!/bin/bash

TARGET=/usr/src/packages
SCANSCRIPT=/var/lib/clamav/.script
export TARGET
export BUILD_ROOT
export SCANSCRIPT

# Fixed misdetections:
# bsc#1172626 - lvm2 unit-test gets misdetected as Unix.Exploit.Lotoor-7768640-0
# bsc#1199055 qemu-system-tricore|qemu-system-ppc64
# bsc#1222509 python tarballs: Win.Virus.Expiro-10026576-0
#EXCLUDELIST="usr.share.lvm2-testsuite.unit.unit-test"
#EXCLUDELIST="(Python-3.*tar.xz|pip-.*-py3-none-any.whl)"
#
# Current known misdetections:
EXCLUDELIST="(pdfium-6425.tar.bz2)"
export EXCLUDELIST

echo '
#!/bin/bash

mkdir /usr/src/packages/BUILD/scan

for r in $( find /.build.packages/{SRPMS,RPMS,OTHER}/ -type f -name "*.rpm" ); do
    F=$(file --brief "$r")
    case $F in
        RPM\ *) ;;
        *) echo "skipping non RPM file $r: $F" ; continue ;;
    esac
    RPM_NAME=$(env LC_ALL=C rpm --nodigest --nosignature -qp --qf "%{NAME}" "$r")
    case $RPM_NAME in
        *-debuginfo|*-debugsource)
            echo "Skipping unpack $r"
            continue
            ;;
    esac
    f=${r##*/}
    case "$f" in
        kiwi-test-dummy*) echo "skipping known broken rpm $f" ; continue ;;
    esac
    for script in postin posttrans postun prein pretrans verifyscript; do
        body=$(rpm -qp --qf "%{$script}" "$r")
        if test "$body" = "(none)" -o -z "$body"; then
            continue
        fi
        rpm -qp --qf "#!%{${script}prog}\\n" "$r" >"/usr/src/packages/BUILD/scan/$f.$script"
        echo "$body" >>"/usr/src/packages/BUILD/scan/$f.$script"
    done
    rpm -qp --qf "[#!%{triggerscriptprog}\\n%{triggerscripts}\\n]" "$r" >"/usr/src/packages/BUILD/scan/$f.triggers"
    mkdir -p /usr/src/packages/BUILD/scan/"$f.d"
    pushd . > /dev/null
    cd /usr/src/packages/BUILD/scan/"$f.d"
    echo "unpacking $r"
    rpm2cpio "$r" | cpio --quiet -i -u -m -d > /dev/null
    if [ "$?" -gt 0 ]; then
        echo "unpacking RPM packages does not work on this host.
Is the filesystem is full?

Please have a look.
"
       exit 42
    fi
  popd > /dev/null
done

echo "clamscan --archive-verbose -ir ${EXCLUDELIST:+--exclude $EXCLUDELIST} /usr/src/packages/BUILD/scan:"
/usr/bin/clamscan --archive-verbose  -ir ${EXCLUDELIST:+--exclude "$EXCLUDELIST"}  /usr/src/packages/BUILD/scan
ret=$?
rm -rf /usr/src/packages/BUILD/scan
exit $ret
' > $BUILD_ROOT/$SCANSCRIPT

( cd $BUILD_ROOT ; chroot . bash $SCANSCRIPT 2>&1 )
ret=$?
rm -f $BUILD_ROOT/$SCANSCRIPT


if [ "$ret" != 0 ]; then
  echo "clamav: positive result about one or more files in the system.
return value: $ret"
  echo "

The test has failed. Please check the files mentioned above!

"
  exit 1
else
  echo "clamav: negative malware scan result."
  echo test passed.
fi
exit 0
Sync from SUSE:SLFO:Main post-build-checks-malwarescan revision df0ed4879af643365539eed60d8a9c28 2025-07-16 11:08:59 +02:00			`#!/bin/bash`

			`TARGET=/usr/src/packages`
			`SCANSCRIPT=/var/lib/clamav/.script`
			`export TARGET`
			`export BUILD_ROOT`
			`export SCANSCRIPT`

			`# Fixed misdetections:`
			`# bsc#1172626 - lvm2 unit-test gets misdetected as Unix.Exploit.Lotoor-7768640-0`
			`# bsc#1199055 qemu-system-tricore\|qemu-system-ppc64`
			`# bsc#1222509 python tarballs: Win.Virus.Expiro-10026576-0`
			`#EXCLUDELIST="usr.share.lvm2-testsuite.unit.unit-test"`
			`#EXCLUDELIST="(Python-3.tar.xz\|pip-.-py3-none-any.whl)"`
			`#`
			`# Current known misdetections:`
Sync from SUSE:SLFO:Main post-build-checks-malwarescan revision 3469c1f9d0a0d165e8f4d519ea34feef 2025-07-25 23:02:30 +02:00			`EXCLUDELIST="(pdfium-6425.tar.bz2)"`
Sync from SUSE:SLFO:Main post-build-checks-malwarescan revision df0ed4879af643365539eed60d8a9c28 2025-07-16 11:08:59 +02:00			`export EXCLUDELIST`

			`echo '`
			`#!/bin/bash`

			`mkdir /usr/src/packages/BUILD/scan`

			`for r in $( find /.build.packages/{SRPMS,RPMS,OTHER}/ -type f -name "*.rpm" ); do`
			`F=$(file --brief "$r")`
			`case $F in`
			`RPM\ *) ;;`
			`*) echo "skipping non RPM file $r: $F" ; continue ;;`
			`esac`
			`RPM_NAME=$(env LC_ALL=C rpm --nodigest --nosignature -qp --qf "%{NAME}" "$r")`
			`case $RPM_NAME in`
			`-debuginfo\|-debugsource)`
			`echo "Skipping unpack $r"`
			`continue`
			`;;`
			`esac`
			`f=${r##*/}`
			`case "$f" in`
			`kiwi-test-dummy*) echo "skipping known broken rpm $f" ; continue ;;`
			`esac`
			`for script in postin posttrans postun prein pretrans verifyscript; do`
			`body=$(rpm -qp --qf "%{$script}" "$r")`
			`if test "$body" = "(none)" -o -z "$body"; then`
			`continue`
			`fi`
			`rpm -qp --qf "#!%{${script}prog}\\n" "$r" >"/usr/src/packages/BUILD/scan/$f.$script"`
			`echo "$body" >>"/usr/src/packages/BUILD/scan/$f.$script"`
			`done`
			`rpm -qp --qf "[#!%{triggerscriptprog}\\n%{triggerscripts}\\n]" "$r" >"/usr/src/packages/BUILD/scan/$f.triggers"`
			`mkdir -p /usr/src/packages/BUILD/scan/"$f.d"`
			`pushd . > /dev/null`
			`cd /usr/src/packages/BUILD/scan/"$f.d"`
			`echo "unpacking $r"`
			`rpm2cpio "$r" \| cpio --quiet -i -u -m -d > /dev/null`
			`if [ "$?" -gt 0 ]; then`
			`echo "unpacking RPM packages does not work on this host.`
			`Is the filesystem is full?`

			`Please have a look.`
			`"`
			`exit 42`
			`fi`
			`popd > /dev/null`
			`done`

Sync from SUSE:SLFO:Main post-build-checks-malwarescan revision 3469c1f9d0a0d165e8f4d519ea34feef 2025-07-25 23:02:30 +02:00			`echo "clamscan --archive-verbose -ir ${EXCLUDELIST:+--exclude $EXCLUDELIST} /usr/src/packages/BUILD/scan:"`
			`/usr/bin/clamscan --archive-verbose -ir ${EXCLUDELIST:+--exclude "$EXCLUDELIST"} /usr/src/packages/BUILD/scan`
Sync from SUSE:SLFO:Main post-build-checks-malwarescan revision df0ed4879af643365539eed60d8a9c28 2025-07-16 11:08:59 +02:00			`ret=$?`
			`rm -rf /usr/src/packages/BUILD/scan`
			`exit $ret`
			`' > $BUILD_ROOT/$SCANSCRIPT`

			`( cd $BUILD_ROOT ; chroot . bash $SCANSCRIPT 2>&1 )`
			`ret=$?`
			`rm -f $BUILD_ROOT/$SCANSCRIPT`


			`if [ "$ret" != 0 ]; then`
			`echo "clamav: positive result about one or more files in the system.`
			`return value: $ret"`
			`echo "`

			`The test has failed. Please check the files mentioned above!`

			`"`
			`exit 1`
			`else`
			`echo "clamav: negative malware scan result."`
			`echo test passed.`
			`fi`
			`exit 0`