Bug 18081
Summary: | magic for 'fsav (linux) virus' triggers far too easily | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Tim Waugh <twaugh> |
Component: | file | Assignee: | Crutcher Dunnavant <crutcher> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.0 | ||
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2001-01-19 18:30:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tim Waugh
2000-10-02 13:13:36 UTC
Yes, the fsav file entry author probably have not read magic(5) man page at all. I don't know how the fsav files actually look like, anyway I think hacking it so that you put s/>11/>>11/;s/>10/>>>10/;s/>9/>>>9/ in the fsav entry should avoid triggering in most of the cases and stop doing bogus printouts like e.g. stdout: -25-12) I have this:
8 byte 0x0a
>12 byte 0x07
>>11 leshort >0 fsav (linux) virus (%d-
>>>10 byte 0 \b01-
>>>10 byte 1 \b02-
>>>10 byte 2 \b03-
>>>10 byte 3 \b04-
>>>10 byte 4 \b05-
>>>10 byte 5 \b06-
>>>10 byte 6 \b07-
>>>10 byte 7 \b08-
>>>10 byte 8 \b08-
>>>10 byte 9 \b10-
>>>10 byte 10 \b11-
>>>10 byte 11 \b12-
>>>9 byte >0 \b%02d)
But now I get:
$ yes '' | file -
standard input:
There doesn't seem to be a way of saying 'if this offset is this _and_ that
offset is that, it's a <...>'.
Perhaps the best thing is to remove that file definition altogether.. Triggers on legitimate xfig files as well. *** Bug 20159 has been marked as a duplicate of this bug. *** |