Dear Clamav-List

I'm trying to build an md5-sigs from HTML-files. My procedure is as follows:

mkdir /tmp/clamsig
cd /tmp/clamsig
sigtool --html-normalise=/data/foo.html
mv nocomment.html foo.html
sigtool --md5 foo.html >> /tmp/htmlfiles.hdb

Then I verified the file using
clamscan --database=/tmp/htmlfiles.hdb --leave-temps --debug /data/foo.html
But the signature did not match.

I investigated the leftover tempfiles from clamscan and it seems that sigtool and clamscan normalize differently. sigtool apparently converts & (ampersand) even in URLs to & where clamscan leaves ampersands intact. This can produce different files and therefore different md5 hashes.

I am not absolutely sure, but I think this is new since clamav 0.97. My procedure worked in previous versions of clamav. Can anybody confirm this? Is this indended behaviour? If so, what's the recommended way of creating md5 signatures from HTML-files?

My current version of clamav is 0.97 from Debian repositories:
clamscan --version
ClamAV 0.97/13022/Fri Apr 29 08:03:10 2011

thanks and have a good weekend!
lukn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Reply via email to