Issue with pysigscan

[kiddinn]

When running the tool against the SANS 508 nfury test image:

2015-01-21 14:45:47,374 [WARNING] (Worker_7  ) PID:4257 <worker> Unable to parse file: type: OS, location: /PATH/test_images/win7-64-nfury-10.3.58.6/win7-64-nfury-c-drive/win7-64-nfury-c-drive.E01
type: EWF
type: TSK, inode: 45841, location: /Program Files/Common Files/Microsoft Shared/GRPHFLT/MS.GIF
 with error: pysigscan_scanner_scan_file_object: unable to scan file. pysigscan_file_object_read_buffer: unable to read from file object with error: "'pyewf_handle_read_buffer: unable to read data. libewf_chunk_data_unpack: unable to decompress chunk data. libewf_read_io_handle_read_chunk_data: unable to unpack chunk data: 86402. libewf_handle_read_buffer: unable to read chunk data: 86402.'". pysigscan_file_object_io_handle_read: unable to read from file object. libbfio_handle_read_buffer: unable to read from handle. libsigscan_scanner_scan_file_io_handle: unable to read buffer.

There seem to be some unhandled errors here in the pysigscan parser.

[joachimmetz]

Looks more like an issue with reading from the EWF file to me:

libewf_handle_read_buffer: unable to read chunk data: 86402.

[kiddinn]

this has been fixed as well