mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-06-10 00:38:26 -04:00
f90fcf0fb7
ClamAV did not previously detect or decompress zstd-compressed files. This adds full support in Rust using the ruzstd crate. A few special cases: - Concatenated frames: the decoder is recreated per frame until the input is exhausted (ruzstd's StreamingDecoder decodes a single frame). - Skippable frames: handled via the SkipFrame header error. - Partial output is always scanned: on decode error, scan-limit hit, or even a decoder panic (caught so it cannot unwind across the FFI boundary), whatever was decompressed so far is still scanned, avoiding evasion gaps. - Scan limits are enforced between and within frames. - It is per zstd spec possible that a file starts with a skippable frame