[clamav-users] How can we consume .ldb files in ClamAV Ubuntu?

[G.W. Haywood]

Hi there,

On Wed, 6 Jan 2021, Luca Sironi via clamav-users wrote:

> How can i crosscheck a .ldb file like the one published from Red Eye
> with the content of the cvd files i download from clamav?

Please define "crosscheck".  If you mean that you want to check that
two different types of signature store produced by two (or likely
more) different signature writers contain the same signatures for some
malware or other, then be aware that both the names of the signatures
and the signatures themselves are chosen by the writers.  There is no
reason to suppose that two different people will choose the same text
for the things that they put in their signature stores, so no reason
why the signatures themselves should be the same, and no reason why
the names of the signatures should even vaguely resemble each other.
The signatures may not even use the same methods of comparison with
the malware.  Some signatures will look for things in mail, some for
things in files.  There's more, see the documentation about writing
signatures on the ClamAV Website.

If you want to check whether the same malware is detected by two or
more different sets of signatures, then scan a sample of the malware
with one or other of the signature sets loaded.

> I tried to unpack those with sigtool but the syntax of the cvd is
> much more clear a signature, a name.

Your problem is not clear.  What did you do?  Please show the exact
commands, the resulting output if it is reasonably concise, and why
you didn't like the result.  Did you try simply looking at the files
with a pager?

-- 

73,
Ged.