search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.46k stars 707 forks source link

cdb CL_TYPE_GZ isn't working on attached file #1401

Open Sanesecurity opened 2 weeks ago

Sanesecurity commented 2 weeks ago
  1. --debug doesn't output a CDB_NAME for the attached file
  2. can't create a cdb signature to block the vbs in the gz file test.gz

daily.ftm:

0:0:1f8b:GZip:CL_TYPE_ANY:CL_TYPE_GZ

xxd -p -l 90 test.gz 1f8b0808741b2967000041717561202620436c65616e202d204f72646572 20496e71756972792c50726963696e6720616e64205368697070696e6720 436f737473202d2031313532342e76627300ad7be973dbb8b2eff7a99aff

"Aqua & Clean - Order Inquiry,Pricing and Shipping Costs - 11524.vbs"

7z outputs: Listing archive: test.gz

-- Path = test.gz Type = gzip Headers Size = 78

Date Time Attr Size Compressed Name

2024-11-04 19:07:32 ..... 20787 7508 Aqua & Clean - Order Inquir y,Pricing and Shipping Costs - 11524.vbs

2024-11-04 19:07:32 20787 7508 1 files

micahsnyder commented 2 weeks ago

ClamAV's GZ parser indeed lacks support for reading the file name. I've marked this as both an enhancement and a bug report.