Overview

File 80-check-malware-scan-clamav of Package post-build-checks-malwarescan.22501

#!/bin/bash

TARGET=/usr/src/packages
SCANSCRIPT=/var/lib/clamav/.script
export TARGET
export BUILD_ROOT
export SCANSCRIPT

# Current known misdetections:
EXCLUDELIST=""
# Fixed misdetections:
# bsc#1172626 - lvm2 unit-test gets misdetected as Unix.Exploit.Lotoor-7768640-0
#EXCLUDELIST="usr.share.lvm2-testsuite.unit.unit-test"
export EXCLUDELIST

echo '
#!/bin/bash

mkdir /usr/src/packages/BUILD/scan

for r in $( find /.build.packages/{RPMS,SRPMS,OTHER}/ -type f -name "*.rpm" ); do
  F=$(file --brief "$r")
  case $F in
	RPM\ *) ;;
	*) echo "skipping non RPM file $r: $F" ; continue ;;
  esac
  f=${r##*/}
  case "$f" in
	kiwi-test-dummy*) echo "skipping known broken rpm $f" ; continue ;;
  esac
  for script in postin posttrans postun prein pretrans verifyscript; do
	  body=$(rpm -qp --qf "%{$script}" "$r")
	  if test "$body" = "(none)" -o -z "$body"; then
		  continue
	  fi
	  rpm -qp --qf "#!%{${script}prog}\\n" "$r" >"/usr/src/packages/BUILD/scan/$f.$script"
	  echo "$body" >>"/usr/src/packages/BUILD/scan/$f.$script"
  done
  rpm -qp --qf "[#!%{triggerscriptprog}\\n%{triggerscripts}\\n]" "$r" >"/usr/src/packages/BUILD/scan/$f.triggers"
  mkdir -p /usr/src/packages/BUILD/scan/"$f.d"
  pushd . > /dev/null 
  cd /usr/src/packages/BUILD/scan/"$f.d"
  echo "unpacking $r"
  rpm2cpio "$r" | cpio --quiet -i -u -m -d > /dev/null
  if [ "$?" -gt 0 ]; then
	echo "unpacking RPM packages does not work on this host.
Is the filesystem is full?

Please have a look.
"
  exit 42
  fi
  popd > /dev/null
done

jobs="$(getconf _NPROCESSORS_ONLN)"
if test -n "$jobs"; then
  jobm=$(($(sed -n -e "s/MemTotal:\ *\([0-9]*\).*/\1/p" /proc/meminfo)/1024/1536))
  jobm=$((jobm>0?jobm:1))
  jobs=$((jobs>jobm?jobm:jobs))
fi
if grep --help 2>&1 | grep -qi busybox || xargs --help 2>&1 | grep -qi busybox ; then
  jobs=""
fi
if test -n "$jobs"; then
  jobs="-P $jobs -L256"
fi
if test -n "$jobs" ; then
if test -n "$EXCLUDELIST" ; then
  echo "find /usr/src/packages/BUILD/scan -type f -print0 | grep -vEzZ \"$EXCLUDELIST \" | xargs -0 $jobs /usr/bin/clamscan -i --no-summary"
  find /usr/src/packages/BUILD/scan -type f -print0 | grep -vEzZ "$EXCLUDELIST " | xargs -0 $jobs /usr/bin/clamscan -i --no-summary
  ret=$?
else
  echo "find /usr/src/packages/BUILD/scan -type f -print0 | xargs -0 $jobs /usr/bin/clamscan -i --no-summary"
  find /usr/src/packages/BUILD/scan -type f -print0 | xargs -0 $jobs /usr/bin/clamscan -i --no-summary
  ret=$?
fi
else
  echo "clamscan -ir --exclude $EXCLUDELIST /usr/src/packages/BUILD/scan:"
  /usr/bin/clamscan -ir --exclude "$EXCLUDELIST " /usr/src/packages/BUILD/scan
  ret=$?
fi
rm -rf /usr/src/packages/BUILD/scan 
exit $ret
' > $BUILD_ROOT/$SCANSCRIPT

( cd $BUILD_ROOT ; chroot . bash $SCANSCRIPT 2>&1 )
ret=$?
rm -f $BUILD_ROOT/$SCANSCRIPT


if [ "$ret" != 0 ]; then
  echo "clamav: positive result about one or more files in the system.
return value: $ret"
  echo "

The test has failed. Please check the files mentioned above!

"
  exit 1
else
  echo "clamav: negative malware scan result."
  echo test passed.
fi
exit 0
openSUSE Build Service is sponsored by
Places