Created
October 10, 2024 02:08
-
-
Save eichin/84dc2260b0d5b7f88d62d27e3227bc77 to your computer and use it in GitHub Desktop.
appimage-scan #awktober example, see https://mastodon.mit.edu/@eichin/113280660648013385
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash -eu | |
| appimage=$1 | |
| shift | |
| # credit to https://www.baeldung.com/linux/values-into-variable-from-pipe for the "read < <()" technique | |
| read start num size < <( | |
| readelf -h "$appimage" | sed -e 's/^ *//' | awk -F: ' | |
| {h[$1]=$2} | |
| END {print h["Start of section headers"], | |
| h["Number of section headers"], | |
| h["Size of section headers"] | |
| }' | sed -e 's/([ a-z]*)//g' | |
| ) | |
| offset=$(expr "$start" + "$num" \* "$size") | |
| # this would work: | |
| # sudo mount -o loop,offset=$offset $appimage /mnt | |
| tmpdir=$(mktemp -t -d appimage-scan-squashfs-XXXXX) | |
| scandir="$tmpdir"/scan | |
| echo "Unsquashing appimage into $scandir ..." | |
| # suppress the "created" counts and blank lines and progress bar but show *some* action | |
| unsquashfs -no-progress -o "$offset" -d "$scandir" "$appimage" |grep -v -e '^created '|grep -e . | |
| echo "Scanning with clamscan..." | |
| # minimize non-problem output | |
| if ! clamscan --infected --alert-encrypted=yes --cross-fs=no --recursive "$scandir"; then | |
| echo clamscan failed on "$appimage" - keeping evidence in "$scandir" | |
| exit 3 | |
| fi | |
| rm -rf "$tmpdir" | |
| echo "$appimage" clean |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
logseqappimage file