...
|
...
|
@@ -938,6 +938,33 @@ Eicar-Test-Signature:bc356bae4c42f19a3de16e333ba3569c
|
938
|
938
|
regular expression string.
|
939
|
939
|
\end{itemize}
|
940
|
940
|
|
|
941
|
+ \subsection{Passwords for archive files}
|
|
942
|
+ ClamAV 0.99 allows for users to specify password attempts for certain password-compatible archives.
|
|
943
|
+ Passwords will be attempted in order of appearance in the password signature file which use the extension
|
|
944
|
+ of \verb+.pwdb+. If no passwords apply or none are provided, ClamAV will default to the original
|
|
945
|
+ behavior of parsing the file.
|
|
946
|
+ Currently, as of ClamAV 0.99 [flevel 81], only \verb+.zip+ archives are supported.
|
|
947
|
+ The signature format is
|
|
948
|
+\begin{verbatim}
|
|
949
|
+SignatureName;TargetDescriptionBlock;PWStorageType;Password
|
|
950
|
+\end{verbatim}
|
|
951
|
+ where:
|
|
952
|
+ \begin{itemize}
|
|
953
|
+ \item \verb+SignatureName+: name to be displayed during debug when a password is successful
|
|
954
|
+ \item \verb+TargetDescriptionBlock+: provides information about the engine and target file with comma separated Arg:Val pairs
|
|
955
|
+ \begin{itemize}
|
|
956
|
+ \item \verb+Engine:X-Y+: Required engine functionality
|
|
957
|
+ \item \verb+Container:CL_TYPE_*+: File type of applicable containers
|
|
958
|
+ \end{itemize}
|
|
959
|
+ \item \verb+PWStorageType+: determines how the password field is parsed
|
|
960
|
+ \begin{itemize}
|
|
961
|
+ \item 0 = cleartext
|
|
962
|
+ \item 1 = hex
|
|
963
|
+ \end{itemize}
|
|
964
|
+ \item \verb+Password+: value used in password attempt
|
|
965
|
+ \end{itemize}
|
|
966
|
+ The signatures for password attempts are stored inside \verb+.pwdb+ files.
|
|
967
|
+
|
941
|
968
|
\section{Special files}
|
942
|
969
|
|
943
|
970
|
\subsection{HTML}
|