Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
post-build-checks-malwarescan.22501
80-check-malware-scan-clamav
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 80-check-malware-scan-clamav of Package post-build-checks-malwarescan.22501
#!/bin/bash TARGET=/usr/src/packages SCANSCRIPT=/var/lib/clamav/.script export TARGET export BUILD_ROOT export SCANSCRIPT # Current known misdetections: EXCLUDELIST="" # Fixed misdetections: # bsc#1172626 - lvm2 unit-test gets misdetected as Unix.Exploit.Lotoor-7768640-0 #EXCLUDELIST="usr.share.lvm2-testsuite.unit.unit-test" export EXCLUDELIST echo ' #!/bin/bash mkdir /usr/src/packages/BUILD/scan for r in $( find /.build.packages/{RPMS,SRPMS,OTHER}/ -type f -name "*.rpm" ); do F=$(file --brief "$r") case $F in RPM\ *) ;; *) echo "skipping non RPM file $r: $F" ; continue ;; esac f=${r##*/} case "$f" in kiwi-test-dummy*) echo "skipping known broken rpm $f" ; continue ;; esac for script in postin posttrans postun prein pretrans verifyscript; do body=$(rpm -qp --qf "%{$script}" "$r") if test "$body" = "(none)" -o -z "$body"; then continue fi rpm -qp --qf "#!%{${script}prog}\\n" "$r" >"/usr/src/packages/BUILD/scan/$f.$script" echo "$body" >>"/usr/src/packages/BUILD/scan/$f.$script" done rpm -qp --qf "[#!%{triggerscriptprog}\\n%{triggerscripts}\\n]" "$r" >"/usr/src/packages/BUILD/scan/$f.triggers" mkdir -p /usr/src/packages/BUILD/scan/"$f.d" pushd . > /dev/null cd /usr/src/packages/BUILD/scan/"$f.d" echo "unpacking $r" rpm2cpio "$r" | cpio --quiet -i -u -m -d > /dev/null if [ "$?" -gt 0 ]; then echo "unpacking RPM packages does not work on this host. Is the filesystem is full? Please have a look. " exit 42 fi popd > /dev/null done jobs="$(getconf _NPROCESSORS_ONLN)" if test -n "$jobs"; then jobm=$(($(sed -n -e "s/MemTotal:\ *\([0-9]*\).*/\1/p" /proc/meminfo)/1024/1536)) jobm=$((jobm>0?jobm:1)) jobs=$((jobs>jobm?jobm:jobs)) fi if grep --help 2>&1 | grep -qi busybox || xargs --help 2>&1 | grep -qi busybox ; then jobs="" fi if test -n "$jobs"; then jobs="-P $jobs -L256" fi if test -n "$jobs" ; then if test -n "$EXCLUDELIST" ; then echo "find /usr/src/packages/BUILD/scan -type f -print0 | grep -vEzZ \"$EXCLUDELIST \" | xargs -0 $jobs /usr/bin/clamscan -i --no-summary" find /usr/src/packages/BUILD/scan -type f -print0 | grep -vEzZ "$EXCLUDELIST " | xargs -0 $jobs /usr/bin/clamscan -i --no-summary ret=$? else echo "find /usr/src/packages/BUILD/scan -type f -print0 | xargs -0 $jobs /usr/bin/clamscan -i --no-summary" find /usr/src/packages/BUILD/scan -type f -print0 | xargs -0 $jobs /usr/bin/clamscan -i --no-summary ret=$? fi else echo "clamscan -ir --exclude $EXCLUDELIST /usr/src/packages/BUILD/scan:" /usr/bin/clamscan -ir --exclude "$EXCLUDELIST " /usr/src/packages/BUILD/scan ret=$? fi rm -rf /usr/src/packages/BUILD/scan exit $ret ' > $BUILD_ROOT/$SCANSCRIPT ( cd $BUILD_ROOT ; chroot . bash $SCANSCRIPT 2>&1 ) ret=$? rm -f $BUILD_ROOT/$SCANSCRIPT if [ "$ret" != 0 ]; then echo "clamav: positive result about one or more files in the system. return value: $ret" echo " The test has failed. Please check the files mentioned above! " exit 1 else echo "clamav: negative malware scan result." echo test passed. fi exit 0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor