On Fri, 17 Aug 2001, Rob Hudson wrote:
> Does anyone know the dd trick to strip the virus part of SirCam files
> off so you can read the documents? :) I remember seeing somewhere
> that someone used 'dd' to copy all but the first 123765 or so bytes,
> which was the virus. I can't seem to find that anywhere. I've got
> prizes in my inbox!
I don't have the file offset, but the rest of the dd command goes like
this:
dd if=(evil_input_file) of=(stripped_output_file) bs=(offset) skip=1
where, of course, you replace "(evil_input_file)",
"(stripped_output_file)", and "(offset)" with the appropriate names and
number.
The same trick is useful for extracting RPM files, if you want to use
RPM-only software on a distribution that doesn't use RPMs (e.g. installing
Corel PhotoPaint 9 on Slackware, or Mandrake 8.0 (an RPM-based
distribution, but it doesn't like one of the PhotoPaint RPMs)). After
stripping off the header, an RPM is just a .cpio.gz archive.
- Neil Parker, [EMAIL PROTECTED]
