diff --git a/unit_tests/clamscan_test.py b/unit_tests/clamscan_test.py index 089bac492..2164a5e20 100644 --- a/unit_tests/clamscan_test.py +++ b/unit_tests/clamscan_test.py @@ -500,3 +500,61 @@ rule regex 'has_png_and_jpeg.xls: logo.png.good.UNOFFICIAL FOUND', ] self.verify_output(output.out, expected=expected_stdout) + + def test_clamscan_15_container(self): + self.step_name('Test that clamav can successfully alert on jpeg image extracted from XLS documents') + # Note: we aren't testing PNG because the attached PNG is not properly fuzzy-hashed by clamav, yet. + + os.mkdir(str(TC.path_db / '7z_zip_container')) + + (TC.path_db / '7z_zip_container' / 'test.ldb').write_text( + "7z_zip_container_good;Engine:81-255,Container:CL_TYPE_7Z,Target:0;0;0:7631727573\n" + "7z_zip_container_bad;Engine:81-255,Container:CL_TYPE_ZIP,Target:0;0;0:7631727573\n" + ) + + testfiles = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'v1rusv1rus.7z.zip' + command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --gen-json --debug --allmatch'.format( + valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, + path_db=TC.path_db / '7z_zip_container' / 'test.ldb', + testfiles=testfiles, + ) + output = self.execute_command(command) + + assert output.ec == 1 # no virus, no failures + + expected_stdout = [ + 'v1rusv1rus.7z.zip: 7z_zip_container_good.UNOFFICIAL FOUND', + ] + unexpected_stdout = [ + 'v1rusv1rus.7z.zip: 7z_zip_container_bad.UNOFFICIAL FOUND', + ] + self.verify_output(output.out, expected=expected_stdout, unexpected=unexpected_stdout) + + def test_clamscan_16_intermediates(self): + self.step_name('Test that clamav can successfully alert on jpeg image extracted from XLS documents') + # Note: we aren't testing PNG because the attached PNG is not properly fuzzy-hashed by clamav, yet. + + os.mkdir(str(TC.path_db / '7z_zip_intermediates')) + + (TC.path_db / '7z_zip_intermediates' / 'test.ldb').write_text( + "7z_zip_intermediates_good;Engine:81-255,Intermediates:CL_TYPE_ZIP>CL_TYPE_7Z,Target:0;0;0:7631727573\n" + "7z_zip_intermediates;Engine:81-255,Intermediates:CL_TYPE_7Z>CL_TYPE_TEXT_ASCII,Target:0;0;0:7631727573\n" + ) + + testfiles = TC.path_source / 'unit_tests' / 'input' / 'other_scanfiles' / 'v1rusv1rus.7z.zip' + command = '{valgrind} {valgrind_args} {clamscan} -d {path_db} {testfiles} --gen-json --debug --allmatch'.format( + valgrind=TC.valgrind, valgrind_args=TC.valgrind_args, clamscan=TC.clamscan, + path_db=TC.path_db / '7z_zip_intermediates' / 'test.ldb', + testfiles=testfiles, + ) + output = self.execute_command(command) + + assert output.ec == 1 # no virus, no failures + + expected_stdout = [ + 'v1rusv1rus.7z.zip: 7z_zip_intermediates_good.UNOFFICIAL FOUND', + ] + unexpected_stdout = [ + 'v1rusv1rus.7z.zip: 7z_zip_intermediates_bad.UNOFFICIAL FOUND', + ] + self.verify_output(output.out, expected=expected_stdout, unexpected=unexpected_stdout) diff --git a/unit_tests/input/other_scanfiles/v1rusv1rus.7z.zip b/unit_tests/input/other_scanfiles/v1rusv1rus.7z.zip new file mode 100644 index 000000000..437f710e7 Binary files /dev/null and b/unit_tests/input/other_scanfiles/v1rusv1rus.7z.zip differ