Mailing List Archive

CVD Parsing Questions
I'm working on a web server which caches and serves up a private mirror for
definition files, and I wanted to be able to validate if the definition
file signature. I'm writing a parser which reads and validates the
MD5/Digital Signature hashes before adding it into the cache.

The header seems to be 512 bytes before the binary blob begins. The CVD
header is inserted at the beginning of the file, after the build and hashes
have been calculated, correct?

To validate the hashes, I would calculate the hash with the data from from
byte 513 -> EOF?

I was looking `libclamav/dsig.c/cli_decodesig()` to understand how the CVD
header signature is read and validated on a definition blob, and but I'm
not really understanding how it's validating the signature. I'm not
familiar enough with C to follow the typedefs. How does it validate the
signature?

Thanks!
--
Respectfully,

Mike Lloyd
*Sr. Solutions Architect*

*Cell: +1-719-766-1923*
*Email: mlloyd@pivotal.io <mlloyd@pivotal.io> | **Github: mxplusb | **Twitter:
mxplusc | **Keybase: mlloyd*
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml