[clamav-users] Way to access .cvd file

[iulian stan]

Dear Ged/all,

Your information did the trick. I couldn't have solved this mystery 
without your genius link. To be fair I've presented all the information 
and data without looking to manual and i know the commands posted from 
the thin air that i was breathing.

Long story short, maybe this info is needed to other novice like me who 
don't RTFM.

safebrowsing.cvd is created by google and contains inside a .gbd file. 
As manual says ( btw, the correct link is: 
https://www.clamav.net/documents/phishsigs) it contains hashed URLs and 
not encrypted like i thought in the beginning. Just because is SHA256 
you cannot "decode" the original data since there no original data 
inside. (it is just a fixed string produced and where the URL/data is 
used as seed)
Having all of this said there is no way to use sigtool --decode-sigs to 
retrieve the original data(like you do for example in *.ndb)
In the link provided by me it is also written, i quote:
"To see which hash/URL matched, look at the clamscan --debug output, and 
look for the following strings: Looking up hash, prefix matched, and 
Hash matched. Local whitelisting of .gdb entries can be done by creating 
a local.gdb file, and adding a line S:W:<HASH>."

But to be fair, who is actually using clamscan or clamdscan with --debug 
activated on production ?



---
humbled and grateful for your great link,
Iulian



On 2020-08-31 12:35, G.W. Haywood via clamav-users wrote:
> Hi there,
> 
> On Mon, 31 Aug 2020, iulian stan via clamav-users wrote:
> 
>> I am missing something ?
> 
> http://www.clamav.net/documents/clam-antivirus-user-manual
> 
> --
> 
> 73,
> Ged.
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml