irt/docker_kaspersky
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
docker_kaspersky/test_smoke.sh
T
tobias 6357c08bf1 KESL 12.1.0-1297 image, Ubuntu 24.04 base, transparent UX 
- Pinned download URL for KESL 12.1.0-1297 (public Kaspersky CDN, 2024-07).
- answer.txt updated to v12 autoinstall format: GROUP_CLEAN required,
  LOCALE=en_US.utf8 (en_US alone is rejected), INTERCEPTOR_MODE.
- start.sh detects v10 (/etc/init.d/kesl-supervisor) vs v12
  (/etc/init.d/kesl) and polls kesl-control until the daemon answers,
  because v12's first start runs an integrity check (~30s).
- Modes (shell/version/scan/debug) and scan output format unchanged so
  existing parsers keep working.
- README + build script point to tabledevil/kaspersky12.
- test_smoke.sh validates image + version + EICAR; auto-skips on macOS
  (Rosetta blocks the daemon).

Validated end-to-end on amd64 Linux:
  - 46 known-malicious files (LS26 detections) all flagged again
  - DetectSource=Local with --network=none + USE_KSN=No, no KSN calls

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 13:58:27 +02:00

63 lines
2.0 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
# Smoke test for the Kaspersky scanner image.
# Build runs anywhere; runtime checks require a real Linux host
# (Docker Desktop on macOS blocks KESL via Rosetta path checks).
#
# Usage: TAG=ls-kaspersky:u24-test ./test_smoke.sh
# TAG=ls-kaspersky12:u24-test ./test_smoke.sh # for v12
set -u
TAG="${TAG:-ls-kaspersky:u24-test}"
PLATFORM="${PLATFORM:-linux/amd64}"
TMP="$(mktemp -d)"
trap 'rm -rf "$TMP"' EXIT
pass=0; fail=0
ok() { echo "PASS $1"; pass=$((pass+1)); }
bad() { echo "FAIL $1"; fail=$((fail+1)); }
# 1. Image exists?
if docker image inspect "$TAG" >/dev/null 2>&1; then
ok "image $TAG present"
else
bad "image $TAG not present (build it first)"; exit 1
fi
# 2. Detect Mac/Rosetta — daemon won't start there. Skip runtime tests.
HOST_OS="$(uname -s)"
HOST_ARCH="$(uname -m)"
if [ "$HOST_OS" = "Darwin" ]; then
echo "SKIP runtime tests on macOS (KESL blocks on /run/rosetta) — re-run on a Linux worker"
echo
echo "Summary: $pass pass, $fail fail (build-only)"
exit 0
fi
# 3. version mode — service must start, kesl-control must respond.
out="$(docker run --rm --platform "$PLATFORM" "$TAG" version 2>&1 || true)"
if echo "$out" | grep -qE "Kaspersky Endpoint Security.*for Linux"; then
ok "version reports KESL build"
else
bad "version did not report KESL build"
echo "----- output -----"; echo "$out" | tail -20; echo "------------------"
fi
# 4. EICAR scan — write the standard test string and confirm detection.
mkdir -p "$TMP/data"
# Split EICAR signature so this test file itself isn't flagged.
printf '%s%s' \
'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-' \
'STANDARD-ANTIVIRUS-TEST-FILE!$H+H*' > "$TMP/data/eicar.com"
out="$(docker run --rm --platform "$PLATFORM" -v "$TMP/data:/data:ro" "$TAG" scan 2>&1 || true)"
if echo "$out" | grep -qiE "EICAR|ThreatDetected|Detected"; then
ok "scan detects EICAR"
else
bad "scan did not detect EICAR"
echo "----- output -----"; echo "$out" | tail -30; echo "------------------"
fi
echo
echo "Summary: $pass pass, $fail fail"
[ "$fail" -eq 0 ]
Reference in New Issue View Git Blame Copy Permalink