[CentOS-devel] virusscan a RPM file?

Wed Jun 12 01:45:13 UTC 2019
Fred Smith <fredex at fcshome.stoneham.ma.us>

On Tue, Jun 11, 2019 at 07:00:03PM -0400, James Cassell wrote:
> 
> 
> On Tue, Jun 11, 2019, at 6:52 PM, Fred Smith wrote:
> > Hi all!
> > 
> > At work we've developed a package that we ship as an RPM. We also have
> > a requirement to virusscan everything we ship.
> > 
> > The company uses AVG antivirus on Windows. It can find and scan all
> > the files in a zip file, but it scans only the RPM itself, not its
> > contents.
> > 
> > Anybody out thre know if RH (or Centos) has any tools for scanning
> > contentss of files such as RPM that have other things embedded inside
> > them?
> > 
> 
> EPEL has clamav.  Red Hat maintains that anti-virus is unnecessary, so does not ship a solution.

Yeah, I don't disagree. Unfortunately someone up high in the company
has caved to customer pressure, and it's written into contracts. :( :( :(

Best thing we've been able to come up with is to do rpm-to-cpio then
virusscan the rpm and the cpio file on windows. Since I wasn't present
when that was done, I don't know if the scanner actually noticed the
files in the cpio archive.

Could move the entire tree of things that will become the rpm to windows
and run the scanner on that. but symbolic links will be a problem on 
Winders.

-- 
---- Fred Smith -- fredex at fcshome.stoneham.ma.us -----------------------------
   "For the word of God is living and active. Sharper than any double-edged 
   sword, it penetrates even to dividing soul and spirit, joints and marrow; 
              it judges the thoughts and attitudes of the heart."  
---------------------------- Hebrews 4:12 (niv) ------------------------------