I agree with Al - I can't really see why anyone would need to do this, but I've
been dealing a lot with cdiff and script files lately, so I know exactly how to
do what you're asking!
At the start of each cdiff file is a header which reads something like this:
ClamAV-Diff:24263:17164:
It's delimited with colons and can be interpreted like this:
Type of file : DB version number (or scripted update version number) :
file size of scripted update : <gzip representation of script data>
The final colon is important. Count the number of characters up-to and
including the final colon (unlike daily/main/bytecode cvd/cld files, the header
doesn't appear to be a predefined length, so you'll need to count characters).
In this case it's 24.
Now, use dd to strip the header from the file, leaving a gzip archive. In the
example above, you can do:
dd bs=24 skip=1 if=daily-24262.cdiff of=daily-24262.gzip
Unpack the gzip file and you've got a plain text script file listing all the
changes.
Doing all that programmatically is left as an exercise for the reader ;-)
Mark
> On 29 Jan 2018, at 9:55 am, Al Varnell <[email protected]> wrote:
>
> Just trying to figure out why anybody would ever need to. As soon as they are
> downloaded they are immediately integrated into the appropriate .cld file
> where they can be read.
>
> Subscribe to the clamav-virusdb e-mail list if you want to see a list of what
> signatures are contained in a particular .cdiff file:
> <lists.clamav.net/cgi-bin/mailman/listinfo/clamav-virusdb>.
>
> -Al-
>
> On Mon, Jan 29, 2018 at 01:26 AM, Arul Raj wrote:
>> Hi Team,
>>
>> Can you please share, how to read the cdiff signature file in
>> human-readable format.
>>
>> -
>> Arulraj I
>> _______________________________________________
_______________________________________________
clamav-users mailing list
[email protected]
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
