ClamAV ISO 9660 built-in support

| | Comments ()

Some people asked me about the last ClamAV patch supporting ISO 9660 and its installation details. Building the source is easy although some people reported problems patching different versions. This post contains some information covering the process and version numbers

The first step is downloading the source. You must download and patch the repository version, engine version devel-20060419, and not the last stable version ClamAV 0.88.2 or previous versions. This is a VERY important step ;)

Check out the unstable repository source ...

cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/clamav co clamav-devel

When you own the source you'll want to customize it with this patch. It will add transparent ISO 9660 built-in support for ClamAV (libclamav & clamscan) providing transparent scanning and better performance for ISO files.

jmunhoz@devel:~/clamav-devel$ patch -p0 < clamav_iso9660_bs.patch
patching file clamscan/clamscan.c
patching file clamscan/manager.c
patching file clamscan/options.c
patching file libclamav/Makefile.am
patching file libclamav/clamav.h
patching file libclamav/filetypes.c
patching file libclamav/filetypes.h
patching file libclamav/others.c
patching file libclamav/others.h
patching file libclamav/scanners.c
patching file libclamav/iso9660/iso9660.c
patching file libclamav/iso9660/iso9660.h

Compile and install the patched version ...

jmunhoz@devel:~/clamav-devel$ aclocal
jmunhoz@devel:~/clamav-devel$ automake
jmunhoz@devel:~/clamav-devel$./configure --prefix=/home/jmunhoz/clamav \
> --disable-clamav
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
...
jmunhoz@devel:~/clamav-devel$make;make install

Test the new (patched) version ...

Without ISO 9660 support ...

jmunhoz@devel:~/clamav/bin$ ./clamscan image.iso
image.iso: OK

----------- SCAN SUMMARY -----------
Known viruses: 51884
Engine version: devel-20060419
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Time: 0.879 sec (0 m 0 s)

With ISO 9660 support ...

jmunhoz@devel:~/clamav/bin$ ./clamscan --iso9660 image.iso
image.iso: Trojan.Hortiga.Cli FOUND

----------- SCAN SUMMARY -----------
Known viruses: 51884
Engine version: devel-20060419
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.04 MB
Time: 0.885 sec (0 m 0 s)

jmunhoz@devel:~/clamav/bin$

Another minor change for this new version is the switch --exclude-dir. It implements a quick hack to support directory exclusion. Options --include, --include-dir and --exclude are not implemented.

To enable the previous option you have to add the switch --exclude-dir

jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 \
> --exclude-dir='DIR1|DIR2' image.iso

The previous example doesn't scan paths containing 'DIR1' or 'DIR2' strings. Another regular expressions will work fine too.

For the record, another combination example is switching off archive support (zip, gz, etc.) with the --no-archive option.

jmunhoz@devel:~/clamav/bin$./clamscan --iso9660 \
> --exclude-dir='DIR1|DIR2' --no-archive image.iso

Remember, this patch is alpha code. Apply it on your own risk.

Happy hacking!

Comments

comments powered by Disqus

Recent Entries