Dear Ged/all,
Your information did the trick. I couldn't have solved this mystery
without your genius link. To be fair I've presented all the information
and data without looking to manual and i know the commands posted from
the thin air that i was breathing.
Long story short, maybe this info is needed to other novice like me who
don't RTFM.
safebrowsing.cvd is created by google and contains inside a .gbd file.
As manual says ( btw, the correct link is:
https://www.clamav.net/documents/phishsigs) it contains hashed URLs and
not encrypted like i thought in the beginning. Just because is SHA256
you cannot "decode" the original data since there no original data
inside. (it is just a fixed string produced and where the URL/data is
used as seed)
Having all of this said there is no way to use sigtool --decode-sigs to
retrieve the original data(like you do for example in *.ndb)
In the link provided by me it is also written, i quote:
"To see which hash/URL matched, look at the clamscan --debug output, and
look for the following strings: Looking up hash, prefix matched, and
Hash matched. Local whitelisting of .gdb entries can be done by creating
a local.gdb file, and adding a line S:W:<HASH>."
But to be fair, who is actually using clamscan or clamdscan with --debug
activated on production ?
---
humbled and grateful for your great link,
Iulian
On 2020-08-31 12:35, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Mon, 31 Aug 2020, iulian stan via clamav-users wrote:
>
>> I am missing something ?
>
> http://www.clamav.net/documents/clam-antivirus-user-manual
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml