Some people asked me about the last ClamAV patch supporting ISO 9660 and its installation details. Building the source is easy although some people reported problems patching different versions. This post contains some information covering the process and version numbers
The first step is downloading the source. You must download and patch the repository version, engine version devel-20060419, and not the last stable version ClamAV 0.88.2 or previous versions. This is a VERY important step ;)
Check out the unstable repository source ...
cvs -d:pserver:firstname.lastname@example.org:/cvsroot/clamav co clamav-devel
When you own the source you'll want to customize it with this patch. It will add transparent ISO 9660 built-in support for ClamAV (libclamav & clamscan) providing transparent scanning and better performance for ISO files.
jmunhoz@devel:~/clamav-devel$ patch -p0 < clamav_iso9660_bs.patch patching file clamscan/clamscan.c patching file clamscan/manager.c patching file clamscan/options.c patching file libclamav/Makefile.am patching file libclamav/clamav.h patching file libclamav/filetypes.c patching file libclamav/filetypes.h patching file libclamav/others.c patching file libclamav/others.h patching file libclamav/scanners.c patching file libclamav/iso9660/iso9660.c patching file libclamav/iso9660/iso9660.h
Compile and install the patched version ...
jmunhoz@devel:~/clamav-devel$ aclocal jmunhoz@devel:~/clamav-devel$ automake jmunhoz@devel:~/clamav-devel$./configure --prefix=/home/jmunhoz/clamav \ > --disable-clamav checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu ... jmunhoz@devel:~/clamav-devel$make;make install
Test the new (patched) version ...
Without ISO 9660 support ...
jmunhoz@devel:~/clamav/bin$ ./clamscan image.iso image.iso: OK ----------- SCAN SUMMARY ----------- Known viruses: 51884 Engine version: devel-20060419 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.00 MB Time: 0.879 sec (0 m 0 s) With ISO 9660 support ... jmunhoz@devel:~/clamav/bin$ ./clamscan --iso9660 image.iso image.iso: Trojan.Hortiga.Cli FOUND ----------- SCAN SUMMARY ----------- Known viruses: 51884 Engine version: devel-20060419 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.04 MB Time: 0.885 sec (0 m 0 s) jmunhoz@devel:~/clamav/bin$
Another minor change for this new version is the switch --exclude-dir. It implements a quick hack to support directory exclusion. Options --include, --include-dir and --exclude are not implemented.
To enable the previous option you have to add the switch --exclude-dir
jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 \ > --exclude-dir='DIR1|DIR2' image.iso
The previous example doesn't scan paths containing 'DIR1' or 'DIR2' strings. Another regular expressions will work fine too.
For the record, another combination example is switching off archive support (zip, gz, etc.) with the --no-archive option.
jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 \ > --exclude-dir='DIR1|DIR2' --no-archive image.iso
Remember, this patch is alpha code. Apply it on your own risk.