diff options
| author | Lorry Tar Creator <lorry-tar-importer@baserock.org> | 2013-02-22 14:03:40 +0000 |
|---|---|---|
| committer | <> | 2013-02-28 22:06:04 +0000 |
| commit | 3b49db406667ee7189b9ea69b9d9e0bdcc43c5b7 (patch) | |
| tree | 13be3ebf87cab39e68c3e4dbb1367151ac0e8a6f /magic/Magdir/fsav | |
| download | file-3b49db406667ee7189b9ea69b9d9e0bdcc43c5b7.tar.gz | |
Imported from /home/lorry/working-area/delta_file/file-5.13.tar.gz.file-5.13baserock/morph
Diffstat (limited to 'magic/Magdir/fsav')
| -rw-r--r-- | magic/Magdir/fsav | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/magic/Magdir/fsav b/magic/Magdir/fsav new file mode 100644 index 0000000..0a7a7f8 --- /dev/null +++ b/magic/Magdir/fsav @@ -0,0 +1,63 @@ + +#------------------------------------------------------------------------------ +# $File: fsav,v 1.11 2009/09/19 16:28:09 christos Exp $ +# fsav: file(1) magic for datafellows fsav virus definition files +# Anthon van der Neut (anthon@mnt.org) + +# ftp://ftp.f-prot.com/pub/{macrdef2.zip,nomacro.def} +0 beshort 0x1575 fsav macro virus signatures +>8 leshort >0 (%d- +>11 byte >0 \b%02d- +>10 byte >0 \b%02d) +# ftp://ftp.f-prot.com/pub/sign.zip +#10 ubyte <12 +#>9 ubyte <32 +#>>8 ubyte 0x0a +#>>>12 ubyte 0x07 +#>>>>11 uleshort >0 fsav DOS/Windows virus signatures (%d- +#>>>>10 byte 0 \b01- +#>>>>10 byte 1 \b02- +#>>>>10 byte 2 \b03- +#>>>>10 byte 3 \b04- +#>>>>10 byte 4 \b05- +#>>>>10 byte 5 \b06- +#>>>>10 byte 6 \b07- +#>>>>10 byte 7 \b08- +#>>>>10 byte 8 \b09- +#>>>>10 byte 9 \b10- +#>>>>10 byte 10 \b11- +#>>>>10 byte 11 \b12- +#>>>>9 ubyte >0 \b%02d) +# ftp://ftp.f-prot.com/pub/sign2.zip +#0 ubyte 0x62 +#>1 ubyte 0xF5 +#>>2 ubyte 0x1 +#>>>3 ubyte 0x1 +#>>>>4 ubyte 0x0e +#>>>>>13 ubyte >0 fsav virus signatures +#>>>>>>11 ubyte x size 0x%02x +#>>>>>>12 ubyte x \b%02x +#>>>>>>13 ubyte x \b%02x bytes + +# Joerg Jenderek: joerg dot jenderek at web dot de +# http://www.clamav.net/doc/latest/html/node45.html +# .cvd files start with a 512 bytes colon separated header +# ClamAV-VDB:buildDate:version:signaturesNumbers:functionalityLevelRequired:MD5:Signature:builder:buildTime +# + gzipped tarball files +0 string ClamAV-VDB: +>11 string >\0 Clam AntiVirus database %-.23s +>>34 string : +>>>35 string !: \b, version +>>>>35 string x \b%-.1s +>>>>>36 string !: +>>>>>>36 string x \b%-.1s +>>>>>>>37 string !: +>>>>>>>>37 string x \b%-.1s +>>>>>>>>>38 string !: +>>>>>>>>>>38 string x \b%-.1s +>512 string \037\213 \b, gzipped +>769 string ustar\0 \b, tarred + +# Type: Grisoft AVG AntiVirus +# From: David Newgas <david@newgas.net> +0 string AVG7_ANTIVIRUS_VAULT_FILE AVG 7 Antivirus vault file data |