Bug 18081 - magic for 'fsav (linux) virus' triggers far too easily
magic for 'fsav (linux) virus' triggers far too easily
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: file (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Crutcher Dunnavant
:
: 20159 21625 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-02 09:13 EDT by Tim Waugh
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-01-19 13:30:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tim Waugh 2000-10-02 09:13:36 EDT
Try this:

$ file /usr/share/doc/bind-8.2.2_P5/bog/file.lst
/usr/share/doc/bind-8.2.2_P5/bog/file.lst: fsav (linux) virus (8224-11-10)

Or this:

$ yes "$(echo)" | file -
standard input:              fsav (linux) virus (2570-11-10)
Comment 1 Jakub Jelinek 2000-10-03 06:06:38 EDT
Yes, the fsav file entry author probably have not read magic(5) man page at all.
I don't know how the fsav files actually look like, anyway I think hacking
it so that you put s/>11/>>11/;s/>10/>>>10/;s/>9/>>>9/ in the fsav entry
should avoid triggering in most of the cases and stop doing bogus printouts
like e.g. stdout: -25-12)
Comment 2 Tim Waugh 2000-10-03 07:34:00 EDT
I have this:

8       byte            0x0a
>12     byte            0x07
>>11    leshort         >0              fsav (linux) virus (%d-
>>>10   byte            0               \b01-
>>>10   byte            1               \b02-
>>>10   byte            2               \b03-
>>>10   byte            3               \b04-
>>>10   byte            4               \b05-
>>>10   byte            5               \b06-
>>>10   byte            6               \b07-
>>>10   byte            7               \b08-
>>>10   byte            8               \b08-
>>>10   byte            9               \b10-
>>>10   byte            10              \b11-
>>>10   byte            11              \b12-
>>>9    byte            >0              \b%02d)

But now I get:

$ yes '' | file -
standard input:              

There doesn't seem to be a way of saying 'if this offset is this _and_ that
offset is that, it's a <...>'.
Comment 3 Tim Waugh 2000-10-09 10:02:14 EDT
Perhaps the best thing is to remove that file definition altogether..
Comment 4 Georg Nikodym 2000-10-12 18:55:06 EDT
Triggers on legitimate xfig files as well.
Comment 5 Tim Waugh 2000-11-02 04:40:27 EST
*** Bug 20159 has been marked as a duplicate of this bug. ***
Comment 6 Tim Waugh 2001-01-19 13:30:48 EST
*** Bug 21625 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.