Re: Addressing the recent zlib issue
* Mark Brown:
>> If you've got a reasonable complete copy of the Debian package pool
>> and you are willing to run Clamav across it, please respond to this
> Oh, I was actually just working on some other approaches to checking for
> people doing this sort of stuff and right now I've got access to a very
> nice mirror - I think I may just give it a go.
I'd be especially interested in a test run against dpkg*.deb (across
many architectures). You need to supply the --deb parameter,
otherwise it won't work, and you should use the CAN-2005-2096.db
Running clamscan across the whole package pool will take some time,
though. Decompressing and scanning are both quite CPU-intensive
operations. Unfortunately, we have to check all architectures
individually because spurious buildd configuration changes might
trigger static linking of zlib.