Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cdb CL_TYPE_GZ isn't working on attached file #1401

Open
Sanesecurity opened this issue Nov 5, 2024 · 1 comment
Open

cdb CL_TYPE_GZ isn't working on attached file #1401

Sanesecurity opened this issue Nov 5, 2024 · 1 comment
Labels
🐛bug ✨enhancement

Comments

@Sanesecurity
Copy link

  1. --debug doesn't output a CDB_NAME for the attached file
  2. can't create a cdb signature to block the vbs in the gz file
    test.gz

daily.ftm:

0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ

xxd -p -l 90 test.gz
1f8b0808741b2967000041717561202620436c65616e202d204f72646572
20496e71756972792c50726963696e6720616e64205368697070696e6720
436f737473202d2031313532342e76627300ad7be973dbb8b2eff7a99aff

"Aqua & Clean - Order Inquiry,Pricing and Shipping Costs - 11524.vbs"

7z outputs: Listing archive: test.gz

--
Path = test.gz
Type = gzip
Headers Size = 78

Date Time Attr Size Compressed Name

2024-11-04 19:07:32 ..... 20787 7508 Aqua & Clean - Order Inquir
y,Pricing and Shipping Costs - 11524.vbs

2024-11-04 19:07:32 20787 7508 1 files
@micahsnyder
Copy link
Contributor

ClamAV's GZ parser indeed lacks support for reading the file name. I've marked this as both an enhancement and a bug report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
🐛bug ✨enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Sanesecurity @micahsnyder