[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6156-g094ec9b
Tomasz Kojm
tkojm at clamav.net
Sun Apr 4 01:09:41 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit b1cdc75a8728834ac576ceed191a821719d474e6
Author: Tomasz Kojm <tkojm at clamav.net>
Date: Wed Nov 25 19:08:49 2009 +0100
sigtool: --decode-sigs: handle .ndb sigs
diff --git a/ChangeLog b/ChangeLog
index b823848..28c5331 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Wed Nov 25 19:07:51 CET 2009 (tk)
+---------------------------------
+ * sigtool: --decode-sigs: handle .ndb sigs
+
Tue Nov 24 10:24:27 EET 2009 (edwin)
------------------------------------
* clamd/server-th.c: enable more than 256 FD support on Solaris (bb #1764).
diff --git a/sigtool/sigtool.c b/sigtool/sigtool.c
index 2fd3532..39328d5 100644
--- a/sigtool/sigtool.c
+++ b/sigtool/sigtool.c
@@ -1835,13 +1835,68 @@ static int decodehex(const char *hexsig)
static int decodesig(char *sig)
{
char *pt;
+ const char *tokens[7];
+ int tokens_count;
if(strchr(sig, ';')) { /* lsig */
mprintf("decodesig: Not supported signature format (yet)\n");
return -1;
} else if(strchr(sig, ':')) { /* ndb */
- mprintf("decodesig: Not supported signature format (yet)\n");
- return -1;
+ tokens_count = cli_strtokenize(sig, ':', 6 + 1, tokens);
+ if(tokens_count < 4 || tokens_count > 6) {
+ mprintf("!decodesig: Invalid or not supported signature format\n");
+ mprintf("TOKENS COUNT: %u\n", tokens_count);
+ return -1;
+ }
+ mprintf("VIRUS NAME: %s\n", tokens[0]);
+ if(tokens_count == 5)
+ mprintf("FUNCTIONALITY LEVEL: >=%s\n", tokens[4]);
+ else if(tokens_count == 6)
+ mprintf("FUNCTIONALITY LEVEL: %s..%s\n", tokens[4], tokens[5]);
+
+ if(!cli_isnumber(tokens[1])) {
+ mprintf("!decodesig: Invalid target type\n");
+ return -1;
+ }
+ mprintf("TARGET TYPE: ");
+ switch(atoi(tokens[1])) {
+ case 0:
+ mprintf("ANY FILE\n");
+ break;
+ case 1:
+ mprintf("PE\n");
+ break;
+ case 2:
+ mprintf("OLE2\n");
+ break;
+ case 3:
+ mprintf("HTML\n");
+ break;
+ case 4:
+ mprintf("MAIL\n");
+ break;
+ case 5:
+ mprintf("GRAPHICS\n");
+ break;
+ case 6:
+ mprintf("ELF\n");
+ break;
+ case 7:
+ mprintf("NORMALIZED ASCII TEXT\n");
+ break;
+ case 8:
+ mprintf("DISASM DATA\n");
+ break;
+ case 9:
+ mprintf("MACHO\n");
+ break;
+ default:
+ mprintf("!decodesig: Invalid target type\n");
+ return -1;
+ }
+ mprintf("OFFSET: %s\n", tokens[2]);
+ mprintf("DECODED SIGNATURE:\n");
+ decodehex(tokens[3]);
} else if((pt = strchr(sig, '='))) {
*pt++ = 0;
mprintf("VIRUS NAME: %s\n", sig);
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list