Dear Clamav-List
I'm trying to build an md5-sigs from HTML-files. My procedure is as follows:
mkdir /tmp/clamsig
cd /tmp/clamsig
sigtool --html-normalise=/data/foo.html
mv nocomment.html foo.html
sigtool --md5 foo.html >> /tmp/htmlfiles.hdb
Then I verified the file using
clamscan --database=/tmp/htmlfiles.hdb --leave-temps --debug /data/foo.html
But the signature did not match.
I investigated the leftover tempfiles from clamscan and it seems that
sigtool and clamscan normalize differently. sigtool apparently converts
& (ampersand) even in URLs to & where clamscan leaves ampersands
intact. This can produce different files and therefore different md5 hashes.
I am not absolutely sure, but I think this is new since clamav 0.97. My
procedure worked in previous versions of clamav.
Can anybody confirm this? Is this indended behaviour? If so, what's the
recommended way of creating md5 signatures from HTML-files?
My current version of clamav is 0.97 from Debian repositories:
clamscan --version
ClamAV 0.97/13022/Fri Apr 29 08:03:10 2011
thanks and have a good weekend!
lukn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml