Arnaud, you made my day. Thank you. that's it. :)

Am Fr., 14. Aug. 2020 um 11:27 Uhr schrieb Arnaud Jacques <webmaster@securiteinfo.com>:
Hello

Maybe use "echo -n" to avoid final carriage return in string.


Le 14/08/2020 à 10:16, Stefan Bauer via clamav-users a écrit :
> Hi,
>
> given is a very simple example test-file:
>
> # more BAD.file
> %PDF-1.7
> 5 0 obj
>       /F << /Type /FileSpec /F (http://bad.url/crap.xlsx) /V true /FS
> /URL >>
>    >>
> another bad string
> 5 0 obj
>
>
> Now i add a string to a new test.db file:
> # SIG=`echo "another bad string" | sigtool --hex-dump` && echo
> "sig1=$SIG" > test.db
>
> and let it scan:
>
> # clamscan -d /root/test.db /root/BAD.file
> /root/BAD.file: sig1.UNOFFICIAL FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 1
> Engine version: 0.102.4
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 0.004 sec (0 m 0 s)
>
> Works. However using a more complex string, does not:
>
> SIG=`echo "/F << /Type /FileSpec /F (http" | sigtool --hex-dump` && echo
> "sig1=$SIG" > test.db
>
> # clamscan -d /root/test.db /root/BAD.file
> /root/BAD.file: OK
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 1
> Engine version: 0.102.4
> Scanned directories: 0
> Scanned files: 1
> Infected files: 0
> Data scanned: 0.00 MB
> Data read: 0.00 MB (ratio 0.00:1)
> Time: 0.004 sec (0 m 0 s)
>
> What am I doing wrong?
>
> Thank you.
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

--
Cordialement / Best regards,

Arnaud Jacques
Gérant de SecuriteInfo.com

Téléphone : +33-(0)3.60.47.09.81
E-mail : aj@securiteinfo.com
Site web : https://www.securiteinfo.com
Facebook : https://www.facebook.com/pages/SecuriteInfocom/132872523492286
Twitter : @SecuriteInfoCom
Signatures for ClamAV antivirus : http://ow.ly/LqfdL

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml