Try this: $ file /usr/share/doc/bind-8.2.2_P5/bog/file.lst /usr/share/doc/bind-8.2.2_P5/bog/file.lst: fsav (linux) virus (8224-11-10) Or this: $ yes "$(echo)" | file - standard input: fsav (linux) virus (2570-11-10)
Yes, the fsav file entry author probably have not read magic(5) man page at all. I don't know how the fsav files actually look like, anyway I think hacking it so that you put s/>11/>>11/;s/>10/>>>10/;s/>9/>>>9/ in the fsav entry should avoid triggering in most of the cases and stop doing bogus printouts like e.g. stdout: -25-12)
I have this: 8 byte 0x0a >12 byte 0x07 >>11 leshort >0 fsav (linux) virus (%d- >>>10 byte 0 \b01- >>>10 byte 1 \b02- >>>10 byte 2 \b03- >>>10 byte 3 \b04- >>>10 byte 4 \b05- >>>10 byte 5 \b06- >>>10 byte 6 \b07- >>>10 byte 7 \b08- >>>10 byte 8 \b08- >>>10 byte 9 \b10- >>>10 byte 10 \b11- >>>10 byte 11 \b12- >>>9 byte >0 \b%02d) But now I get: $ yes '' | file - standard input: There doesn't seem to be a way of saying 'if this offset is this _and_ that offset is that, it's a <...>'.
Perhaps the best thing is to remove that file definition altogether..
Triggers on legitimate xfig files as well.
*** Bug 20159 has been marked as a duplicate of this bug. ***
*** Bug 21625 has been marked as a duplicate of this bug. ***