You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Xls.Downloader.Powload-6923120-0 is 8228 characters long and does not contain a semi-colon after the 8k mark. This is important because Doc.Dropper.Generic-6922945-0 is almost 16k in size and does contain a semi-colon after the 8k mark, butsigtool -l produces incorrect output for it also.
This occurs with both 0.103.3 and 0.103.4 (see clamav-users mailing list as well)
test.ldb with the 4 signatures over 8k in size: test.ldb.txt
The text was updated successfully, but these errors were encountered:
mjbroekman
changed the title
sigtool --list-sigs functionality breaks on signatures over 8191 characters in length
sigtool --list-sigs functionality breaks on signatures over 8k characters in length
Nov 24, 2021
I just cherry-picked this fix to the dev/0.103.5 branch, verified that --list-sigs works now, and pushed it. The upcoming 0.103.5 release will include this fix.
Describe the bug
When a signature is over 8k characters in length (excluding the name), sigtool's listdb functionality will give incorrect output or report a pattern error (code highlight where the error is occurring: https://github.com/Cisco-Talos/clamav/blob/main/sigtool/sigtool.c#:~:text=cli_strbcasestr(filename%2C%20%22.cdb%22))%20%7B-,while%20(fgets(buffer%2C%20CLI_DEFAULT_LSIG_BUFSIZE%2C%20fh))%20%7B,%7D,-%7D%20else%20if%20(cli_strbcasestr )
How to reproduce the problem
$ sigtool -l
Xls.Downloader.Powload-6923120-0
is 8228 characters long and does not contain a semi-colon after the 8k mark. This is important becauseDoc.Dropper.Generic-6922945-0
is almost 16k in size and does contain a semi-colon after the 8k mark, butsigtool -l
produces incorrect output for it also.This occurs with both 0.103.3 and 0.103.4 (see clamav-users mailing list as well)
Attachments
test.ldb with the 4 signatures over 8k in size: test.ldb.txt
The text was updated successfully, but these errors were encountered: