From 84a9df6a5832d7d9a849095b6e9a11e5daa93bda Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Fri, 12 Jun 2020 17:29:47 +0200
Subject: [PATCH] Block executable files inside zip/rar/tar archives in ClamAV

---
 src/deb/vesta/postinst | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/deb/vesta/postinst b/src/deb/vesta/postinst
index 20b13bd1..7947ce06 100755
--- a/src/deb/vesta/postinst
+++ b/src/deb/vesta/postinst
@@ -125,6 +125,23 @@ if [ ! -f "/usr/local/vesta/data/upgrades/fix_ssl_directive_in_templates" ]; the
     bash /usr/local/vesta/upd/fix_ssl_directive_in_templates.sh
 fi
 
+# Block executable files inside zip/rar/tar archives in ClamAV
+if [ ! -f "/usr/local/vesta/data/upgrades/clamav_block_exe_in_archives" ]; then
+    touch /usr/local/vesta/data/upgrades/clamav_block_exe_in_archives
+    if [ -f "/etc/exim4/exim4.conf.template" ]; then
+        check_grep=$(grep -c '#CLAMD' /etc/exim4/exim4.conf.template)
+        if [ "$check_grep" -eq 0 ]; then
+            folder="/var/lib/clamav"
+            if [ -d "$folder" ]; then
+                echo "=== Blocking executable files inside zip/rar/tar archives in ClamAV"
+                wget -nv -O $folder/foxhole_all.cdb http://c.myvestacp.com/tools/clamav/foxhole_all.cdb
+                chown clamav:clamav $folder/foxhole_all.cdb
+                service clamav-daemon restart
+            fi
+        fi
+    fi
+fi
+
 # Run custom triggers
 if [ -x "/root/vesta-patch.sh" ]; then
     /root/vesta-patch.sh