Dear Ged/all,
Your information did the trick. I couldn't have solved this mystery
without your genius link. To be fair I've presented all the information
and data without looking to manual and i know the commands posted from
the thin air that i was breathing.
Long story short, maybe this info is needed to other novice like me who
don't RTFM.
safebrowsing.cvd is created by google and contains inside a .gbd file.
As manual says ( btw, the correct link is:
https://www.clamav.net/documents/phishsigs) it contains hashed URLs and
not encrypted like i thought in the beginning. Just because is SHA256
you cannot "decode" the original data since there no original data
inside. (it is just a fixed string produced and where the URL/data is
used as seed)
Having all of this said there is no way to use sigtool --decode-sigs to
retrieve the original data(like you do for example in *.ndb)
In the link provided by me it is also written, i quote:
"To see which hash/URL matched, look at the clamscan --debug output, and
look for the following strings: Looking up hash, prefix matched, and
Hash matched. Local whitelisting of .gdb entries can be done by creating
a local.gdb file, and adding a line S:W:<HASH>."
But to be fair, who is actually using clamscan or clamdscan with --debug
activated on production ?
---
humbled and grateful for your great link,
Iulian
On 2020-08-31 12:35, G.W. Haywood via clamav-users wrote:
Hi there,
On Mon, 31 Aug 2020, iulian stan via clamav-users wrote:
I am missing something ?
http://www.clamav.net/documents/clam-antivirus-user-manual
--
73,
Ged.
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
[email protected]
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
