clamav patch

For the second time in two weeks, an executable (!) Windows virus inside a .zip file has made it past ClamAV because signatures had not yet made it to the database. (What I mean is, the file extension alone was enough to show it was an executable.) The first time it happened, I came up with a very quick and dirty patch for ClamAV; now I'm applying it.

I think it should work...all it does is use ClamAV's own code for detecting a Windows executable and return a bit early when scanning a file. I wanted to use ClamAV rather than MIMEDefang because Clam has code built-in for safely scanning ZIP files, and I wanted to avoid having to code something like that on my own in MDF. But if someone out there knows a good way of doing this, please let me know; Google didn't turn up anything I was happy with.

I've not yet submitted this to the ClamAV mailing list, but I'm sure that there are many good reasons it should be laughed out of town. If this is useful to you, great, but I promise nothing. I do NOT recommend applying it. It will probably break everything, refuse to run, and end up hiding WMD in your bedroom. It's your responsibility to make sure it works for you. But hey, if you like playing with patches to important software by people who don't know what they're doing, enjoy! (Just to be explicit: released under the GPL.)

(BTW, the patch is suitable for dropping into FreeBSD's ports at /usr/ports/security/clamav/files. At least, it works for me...)

UPDATE: The patch now covers clamd, not just clamscan, and also updates the man pages. Whee!