[clamav-users] Way to access .cvd file
Al Varnell
alvarnell at mac.com
Tue Sep 1 00:11:19 UTC 2020
I'm sure you are correct that few, if any, would used --debut routinely, but I would definitely do so if I had a need to whitelist a safebrowsing entry. OTOH, that database is quite dynamic with Google adding and deleting entries multiple times a day, so I would more likely want to take up any sort of FP results with Google directly.
You didn't mention the answer to your other question about the safebrowsing.info file which can be found at <https://www.clamav.net/documents/database-info>.
The format is simply:
name:size:sha256
-Al-
> On Aug 31, 2020, at 04:44, iulian stan via clamav-users <clamav-users at lists.clamav.net> wrote:
>
> Dear Ged/all,
>
> Your information did the trick. I couldn't have solved this mystery without your genius link. To be fair I've presented all the information and data without looking to manual and i know the commands posted from the thin air that i was breathing.
>
> Long story short, maybe this info is needed to other novice like me who don't RTFM.
>
> safebrowsing.cvd is created by google and contains inside a .gbd file. As manual says ( btw, the correct link is: https://www.clamav.net/documents/phishsigs) it contains hashed URLs and not encrypted like i thought in the beginning. Just because is SHA256 you cannot "decode" the original data since there no original data inside. (it is just a fixed string produced and where the URL/data is used as seed)
> Having all of this said there is no way to use sigtool --decode-sigs to retrieve the original data(like you do for example in *.ndb)
> In the link provided by me it is also written, i quote:
> "To see which hash/URL matched, look at the clamscan --debug output, and look for the following strings: Looking up hash, prefix matched, and Hash matched. Local whitelisting of .gdb entries can be done by creating a local.gdb file, and adding a line S:W:<HASH>."
>
> But to be fair, who is actually using clamscan or clamdscan with --debug activated on production ?
>
>
>
> ---
> humbled and grateful for your great link,
> Iulian
>
>
>
> On 2020-08-31 12:35, G.W. Haywood via clamav-users wrote:
>> Hi there,
>> On Mon, 31 Aug 2020, iulian stan via clamav-users wrote:
>>> I am missing something ?
>> http://www.clamav.net/documents/clam-antivirus-user-manual
>> --
>> 73,
>> Ged.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3934 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200831/22540d82/attachment.bin>
More information about the clamav-users
mailing list