From e62d903d6afc50a97a4b4351a68d3c2dfefe8bbc Mon Sep 17 00:00:00 2001
From: krcroft <krcroft@users.noreply.github.com>
Date: Mon, 20 Apr 2020 16:55:11 -0700
Subject: [PATCH] AV scan the macOS package prior to upload

---
 .github/workflows/macos.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 1956a06b..9fc9c82d 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -144,6 +144,15 @@ jobs:
               -srcfolder dist \
               -ov -format UDZO "dosbox-staging-macOS-${{ env.VERSION }}.dmg"
 
+      - name: AV scan
+        run: |
+          set -x
+          brew install clamav > /dev/null
+          clamconf=/usr/local/etc/clamav/freshclam.conf
+          mv -f "$clamconf".sample "$clamconf"
+          sed -ie 's/^Example/#Example/g' "$clamconf"
+          freshclam --quiet && freshclam
+          clamscan --heuristic-scan-precedence=yes --recursive --infected .
       - name: Upload disk image
         uses: actions/upload-artifact@master
         # GitHub automatically zips the artifacts, and there's no option