Hi,
given is a very simple example test-file:
# more BAD.file
%PDF-1.7
5 0 obj
/F << /Type /FileSpec /F (http://bad.url/crap.xlsx) /V true /FS /URL >>
>>
another bad string
5 0 obj
Now i add a string to a new test.db file:
# SIG=`echo "another bad string" | sigtool --hex-dump` && echo "sig1=$SIG"
> test.db
and let it scan:
# clamscan -d /root/test.db /root/BAD.file
/root/BAD.file: sig1.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
Works. However using a more complex string, does not:
SIG=`echo "/F << /Type /FileSpec /F (http" | sigtool --hex-dump` && echo
"sig1=$SIG" > test.db
# clamscan -d /root/test.db /root/BAD.file
/root/BAD.file: OK
----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
What am I doing wrong?
Thank you.
given is a very simple example test-file:
# more BAD.file
%PDF-1.7
5 0 obj
/F << /Type /FileSpec /F (http://bad.url/crap.xlsx) /V true /FS /URL >>
>>
another bad string
5 0 obj
Now i add a string to a new test.db file:
# SIG=`echo "another bad string" | sigtool --hex-dump` && echo "sig1=$SIG"
> test.db
and let it scan:
# clamscan -d /root/test.db /root/BAD.file
/root/BAD.file: sig1.UNOFFICIAL FOUND
----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
Works. However using a more complex string, does not:
SIG=`echo "/F << /Type /FileSpec /F (http" | sigtool --hex-dump` && echo
"sig1=$SIG" > test.db
# clamscan -d /root/test.db /root/BAD.file
/root/BAD.file: OK
----------- SCAN SUMMARY -----------
Known viruses: 1
Engine version: 0.102.4
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 0.004 sec (0 m 0 s)
What am I doing wrong?
Thank you.