Browse code
add documentation for .pwdb signature format
Kevin Lin authored on 2015/10/28 00:39:34Showing 1 changed files
| ... | ... |
@@ -938,6 +938,33 @@ Eicar-Test-Signature:bc356bae4c42f19a3de16e333ba3569c |
| 938 | 938 |
regular expression string. |
| 939 | 939 |
\end{itemize}
|
| 940 | 940 |
|
| 941 |
+ \subsection{Passwords for archive files}
|
|
| 942 |
+ ClamAV 0.99 allows for users to specify password attempts for certain password-compatible archives. |
|
| 943 |
+ Passwords will be attempted in order of appearance in the password signature file which use the extension |
|
| 944 |
+ of \verb+.pwdb+. If no passwords apply or none are provided, ClamAV will default to the original |
|
| 945 |
+ behavior of parsing the file. |
|
| 946 |
+ Currently, as of ClamAV 0.99 [flevel 81], only \verb+.zip+ archives are supported. |
|
| 947 |
+ The signature format is |
|
| 948 |
+\begin{verbatim}
|
|
| 949 |
+SignatureName;TargetDescriptionBlock;PWStorageType;Password |
|
| 950 |
+\end{verbatim}
|
|
| 951 |
+ where: |
|
| 952 |
+ \begin{itemize}
|
|
| 953 |
+ \item \verb+SignatureName+: name to be displayed during debug when a password is successful |
|
| 954 |
+ \item \verb+TargetDescriptionBlock+: provides information about the engine and target file with comma separated Arg:Val pairs |
|
| 955 |
+ \begin{itemize}
|
|
| 956 |
+ \item \verb+Engine:X-Y+: Required engine functionality |
|
| 957 |
+ \item \verb+Container:CL_TYPE_*+: File type of applicable containers |
|
| 958 |
+ \end{itemize}
|
|
| 959 |
+ \item \verb+PWStorageType+: determines how the password field is parsed |
|
| 960 |
+ \begin{itemize}
|
|
| 961 |
+ \item 0 = cleartext |
|
| 962 |
+ \item 1 = hex |
|
| 963 |
+ \end{itemize}
|
|
| 964 |
+ \item \verb+Password+: value used in password attempt |
|
| 965 |
+ \end{itemize}
|
|
| 966 |
+ The signatures for password attempts are stored inside \verb+.pwdb+ files. |
|
| 967 |
+ |
|
| 941 | 968 |
\section{Special files}
|
| 942 | 969 |
|
| 943 | 970 |
\subsection{HTML}
|