clamav的病毒库文件的文件头的信息说明(clamav版本号等)
- Author : Samson
- Date : 01/04/2022
在開源病毒檢測工具clamav中,是通過對病毒庫中的病毒特征值來進行對比的,病毒庫文件存放于/var/lib/clamav目錄下,主要是三個cvd文件,如下:
bytecode.cvd daily.cvd freshclam.dat main.cvd打開cvd文件都能夠看到第一行中有一段以冒號相隔的信息,如下:
~$ sed -n '1p' /var/lib/clamav/main.cvd ClamAV-VDB:16 Sep 2021 08-32 -0400:62:6647427:90:137eccce31aacb21b5a98bb8c21cefd6:twaJBls8V5q64R7QY10AatEtPNuPWoVoxTaNO1jpBg7s5jIMMXpitgG1000YLp6rb0TWkEKjRqxneGTxuxWaWm7XBjsgwX2BRWh/y4fhs7uyImdKRLzQ5y8e2EkSChegF/i8clqfn+1qetq9j4gbktJ3JZpOXPoHlyr2Dv9S/Bg:sigmgr:1631795562那么這些信息是什么意義呢?可以在clamav的源碼中的./libclamav/cvd.c文件中看到對此文件頭信息的解析,如下:
struct cl_cvd *cl_cvdparse(const char *head) {struct cl_cvd *cvd;char *pt;if (strncmp(head, "ClamAV-VDB:", 11)) {cli_errmsg("cli_cvdparse: Not a CVD file\n");return NULL;}if (!(cvd = (struct cl_cvd *)cli_malloc(sizeof(struct cl_cvd)))) {cli_errmsg("cl_cvdparse: Can't allocate memory for cvd\n");return NULL;}if (!(cvd->time = cli_strtok(head, 1, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the creation time\n");free(cvd);return NULL;}if (!(pt = cli_strtok(head, 2, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the version number\n");free(cvd->time);free(cvd);return NULL;}cvd->version = atoi(pt);free(pt);if (!(pt = cli_strtok(head, 3, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the number of signatures\n");free(cvd->time);free(cvd);return NULL;}cvd->sigs = atoi(pt);free(pt);if (!(pt = cli_strtok(head, 4, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the functionality level\n");free(cvd->time);free(cvd);return NULL;}cvd->fl = atoi(pt);free(pt);if (!(cvd->md5 = cli_strtok(head, 5, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the MD5 checksum\n");free(cvd->time);free(cvd);return NULL;}if (!(cvd->dsig = cli_strtok(head, 6, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the digital signature\n");free(cvd->time);free(cvd->md5);free(cvd);return NULL;}if (!(cvd->builder = cli_strtok(head, 7, ":"))) {cli_errmsg("cli_cvdparse: Can't parse the builder name\n");free(cvd->time);free(cvd->md5);free(cvd->dsig);free(cvd);return NULL;}if ((pt = cli_strtok(head, 8, ":"))) {cvd->stime = atoi(pt);free(pt);} else {cli_dbgmsg("cli_cvdparse: No creation time in seconds (old file format)\n");cvd->stime = 0;}return cvd; }由以上函數可知,文件頭’ClamAV-VDB:16 Sep 2021 08-32 -0400:62:6647427:90:137eccce31aacb21b5a98bb8c21cefd6:twaJBls8V5q64R7QY10AatEtPNuPWoVoxTaNO1jpBg7s5jIMMXpitgG1000YLp6rb0TWkEKjRqxneGTxuxWaWm7XBjsgwX2BRWh/y4fhs7uyImdKRLzQ5y8e2EkSChegF/i8clqfn+1qetq9j4gbktJ3JZpOXPoHlyr2Dv9S/Bg:sigmgr:1631795562’中的信息的意義如下:
第一個是表示是clamav病毒庫的標識;
第二個表示此病毒庫創建的時間;
第三個表示此病毒庫的版本號;
第四個表示此病毒庫中的特殊庫的條數;
第五個表示功能性級別;
第六個表示此病毒庫的md5校驗值;
第七個表示此病毒庫的數字簽名;
第八個表示此病毒庫的創建者的名字;
第九個表示此病毒庫的創建時的相對于1970.01.01 00:00:00的秒數;
病毒庫更新可通過病毒庫的版本號的對比來決定是否進行更新的動作;
總結
以上是生活随笔為你收集整理的clamav的病毒库文件的文件头的信息说明(clamav版本号等)的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: “音乐床”网页引用本地歌曲最佳途径
- 下一篇: 华为信息流推广怎么收费的 华为推广需要多