[sanesecurity] Re: decode .ldb?
- From: "Bill Landry" <bill@xxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Tue, 16 Jun 2009 12:12:24 -0700
> The clamav-unofficial-sigs.sh script has a nifty decoding tool for .ndb
> signatures. Can someone give me a procedure for decoding .ldb
> signatures?
Dan, I'll look into adding this to the next script update. For now you
can grep the .ldb file for the hex signature and paste it into -d flag
like so:
clamav-unofficial-sigs -d
Input a third-party signature name to decode (e.g:
Sanesecurity.Junk.15248) or
a hexadecimal encoded data string and press enter (do not include
'.UNOFFICIAL'
in the signature name nor add quote marks to any input string):
436f6e74656e742d547970653a206d756c7469706172742f6d697865643b*436f6e74656e742d547970653a20746578742f706c61696e3b20636861727365743d5554462d38{-3}436f6e74656e742d5472616e736665722d456e636f64696e673a2037626974{-150}436f6e74656e742d547970653a20696d6167652f6a70673b206e616d653d{-150}2f396a2f34414151536b5a4a52674142416741415a41426b4141442f374141525248566a61336b414151414541414141414141412f2b3441446b466b62324a6c414754414141414141662f62;582d4d61696c65723a
Here is the decoded hexadecimal input string:
Content-Type: multipart/mixed;*Content-Type: text/plain;
charset=UTF-8{-3}Content-Transfer-Encoding: 7bit{-150}Content-Type:
image/jpg;
name={-150}/9j/4AAQSkZJRgABAgAAZABkAAD/7AARRHVja3kAAQAEAAAAAAAA/+4ADkFkb2JlAGTAAAAAAf/b;X-Mailer:
Bill
Other related posts:
