From c5ce09af9f6904931de9423f3422d488ab2d7d34 Mon Sep 17 00:00:00 2001
From: mboelen <michael@cisofy.com>
Date: Thu, 25 Sep 2014 19:08:47 +0200
Subject: [PATCH] Added ClamXav test

---
 include/tests_malware | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/include/tests_malware b/include/tests_malware
index 9d231b03..888835a6 100644
--- a/include/tests_malware
+++ b/include/tests_malware
@@ -5,8 +5,8 @@
 #   Lynis
 # ------------------
 #
-# Copyright 2007-2014, Michael Boelen (michael@rootkit.nl), The Netherlands
-# Web site: http://www.rootkit.nl
+# Copyright 2007-2014, Michael Boelen (michael.boelen@cisofy.com), The Netherlands
+# Web site: http://cisofy.com
 #
 # Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
@@ -38,7 +38,6 @@
             MALWARE_SCANNER_INSTALLED=1
             AddHP 2 2
           else
-            Display --indent 2 --text "- Checking chkrootkit" --result "NOT FOUND" --color WHITE
             logtext "Result: chkrootkit not found"
         fi
     fi
@@ -56,7 +55,6 @@
             MALWARE_SCANNER_INSTALLED=1
             AddHP 2 2
           else
-            Display --indent 2 --text "- Checking Rootkit Hunter" --result "NOT FOUND" --color WHITE
             logtext "Result: Rootkit Hunter not found"
         fi
     fi
@@ -87,7 +85,6 @@
             AddHP 2 2
         fi
         if [ ${FOUND} -eq 0 ]; then
-            Display --indent 2 --text "- Checking commercial anti-virus scanners" --result "NONE FOUND" --color WHITE
             logtext "Result: no commercial anti-virus tool found"
             AddHP 0 3
         fi
@@ -106,7 +103,6 @@
             MALWARE_SCANNER_INSTALLED=1
             AddHP 2 2
           else
-            Display --indent 2 --text "- Checking ClamAV scanner" --result "NOT FOUND" --color WHITE
             logtext "Result: clamscan couldn't be found"
         fi
     fi
@@ -126,7 +122,6 @@
             MALWARE_SCANNER_INSTALLED=1
             CLAMD_RUNNING=1
           else
-            Display --indent 2 --text "- Checking ClamAV daemon" --result "NOT FOUND" --color WHITE
             logtext "Result: clamd not running"
         fi
     fi
@@ -153,7 +148,32 @@
 #
 #################################################################################
 #
-    # Test        : MALW-3288
+#    Test        : MALW-3288
+#    Description : Check for ClamXav (Mac OS X)
+#
+#################################################################################
+#
+    Register --test-no MALW-3288 --weight L --network NO --description "Check for ClamXav"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        if [ -d /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ ]; then
+            CLAMSCANBINARY=`ls /Applications/ClamXav.app/Contents/Resources/ScanningEngine/bin/ 2> /dev/null | grep 'clamscan'`
+            if [ ! "${CLAMSCANBINARY}" = "" ]; then
+                logtext "Result: Found ClamXav clamscan installed"
+                Display --indent 2 --text "- Checking presence of ClamXav AV scanner" --result "FOUND" --color GREEN
+                MALWARE_SCANNER_INSTALLED=1
+                AddHP 3 3
+              else
+                logtext "Result: ClamXav malware scanner not found"
+                AddHP 0 3
+            fi
+          else
+            logtext "Result: could not find ClamXav location"
+        fi
+    fi
+#
+#################################################################################
+#
+    # Test        : MALW-3204
     # Description : Check for LMD
 #
 #################################################################################