On Thu, 8 Jun 2023, Micah Snyder (micasnyd) wrote:
I agree with you. I suspect the majority of cases today is when
people have a large archive of files to scan.
I think best case scenario for people with a need to scan files
larger than the present internal 2GB limit is that archives larger
than 2GB are decompressed and then the files inside are scanned, but
without actually scanning the very large outer archive.
The way to do this as things work today is to script something
around clamscan or clamdscan that if the file is too large, handle
some assorted file types:
1. if file is a tar.gz, un-tar.gz it and then scan the files within.
2. if file is a zip, un-zip it and then scan the files within.
3. etc.
I think everyone would like if clamav could do this automatically
for select archive types. And I think the advantage would be that we
would perhaps keep the extracted files in memory, or else at least
delete the temp files as we go without extracting all of it to disk
before starting to scan.
However, it would be far easier to make a shell script or a python
script that wraps clamscan/clamdscan and uses native tools like
"tar", "unzip", etc.
Good idea.
Simply untarring or unzipping into a pipe does not separate the packed files.
However at least tar does have an option which allow us to write a one-liner:
(tar xf ~/viruses.tar --to-command='clamdscan -v - || echo " found in
$TAR_REALNAME\n\n---"' ) |& egrep -i found
stream: Eicar-Signature FOUND
found in viruses/EICAR.COM.TAR
stream: Eicar-Signature FOUND
found in viruses/eicar.com.txt
stream: Eicar-Signature FOUND
found in viruses/URLEICAR.COM.TAR
stream: Eicar-Signature FOUND
found in viruses/4DOSBOX/EICAR.COM
stream: Eicar-Signature FOUND
found in viruses/EICAR.COM
The echo is needed to show the name of the file inside the archive.
This appears not to write the unpacked files to disk.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
