Discussion:
scanning RPMs with clamav
ScrumpyJack
2013-09-25 14:57:02 UTC
Permalink
I have been trying to scan RPM files with clamav without success.
clamscan file.rpm shows nothing.
If I unpack the cpio from the RPM and scan the extracted cpio, I get a
hit on a virus (as expected).

Is clamav capable to "unpacking" RPM files to scan them?



_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
David Raynor
2013-09-25 16:36:41 UTC
Permalink
Post by ScrumpyJack
I have been trying to scan RPM files with clamav without success.
clamscan file.rpm shows nothing.
If I unpack the cpio from the RPM and scan the extracted cpio, I get a
hit on a virus (as expected).
Is clamav capable to "unpacking" RPM files to scan them?
_______________________________________________
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
ClamAV does not currently have that functionality, though as you found in
your testing it does have support for cpio if you unpack the contents. We
are working on a bunch of things for upcoming releases, but as always I
cannot make any promises about future release contents or timetables.

Dave R.
--
---
Dave Raynor
Sourcefire Vulnerability Research Team
***@sourcefire.com
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
Dennis Peterson
2013-09-25 18:48:20 UTC
Permalink
Post by David Raynor
ClamAV does not currently have that functionality, though as you found in
your testing it does have support for cpio if you unpack the contents. We
are working on a bunch of things for upcoming releases, but as always I
cannot make any promises about future release contents or timetables.
Dave R.
You can easily script rpm2cpio to deal with scanning RPM files.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml

Loading...