mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2025-10-29 23:20:54 +00:00
35 lines
1.1 KiB
Markdown
35 lines
1.1 KiB
Markdown
|
# Trusted and Revoked Certificates
|
|||
|
|
|
|||
|
|
Clamav 0.98 checks signed PE files for certificates and verifies each certificate in the chain against a database of trusted and revoked certificates. The signature format is
|
|||
|
|
|
|||
|
|
```
|
|||
|
|
Name;Trusted;Subject;Serial;Pubkey;Exponent;CodeSign;TimeSign;CertSign;
|
|||
|
|
NotBefore;Comment[;minFL[;maxFL]]
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
where the corresponding fields are:
|
|||
|
|
|
|||
|
|
- `Name:` name of the entry
|
|||
|
|
|
|||
|
|
- `Trusted:` bit field, specifying whether the cert is trusted. 1 for trusted. 0 for revoked
|
|||
|
|
|
|||
|
|
- `Subject:` sha1 of the Subject field in hex
|
|||
|
|
|
|||
|
|
- `Serial:` the serial number as clamscan –debug –verbose reports
|
|||
|
|
|
|||
|
|
- `Pubkey:` the public key in hex
|
|||
|
|
|
|||
|
|
- `Exponent:` the exponent in hex. Currently ignored and hardcoded to 010001 (in hex)
|
|||
|
|
|
|||
|
|
- `CodeSign:` bit field, specifying whether this cert can sign code. 1 for true, 0 for false
|
|||
|
|
|
|||
|
|
- `TimeSign:` bit field. 1 for true, 0 for false
|
|||
|
|
|
|||
|
|
- `CertSign:` bit field, specifying whether this cert can sign other certs. 1 for true, 0 for false
|
|||
|
|
|
|||
|
|
- `NotBefore:` integer, cert should not be added before this variable. Defaults to 0 if left empty
|
|||
|
|
|
|||
|
|
- `Comment:` comments for this entry
|
|||
|
|
|
|||
|
|
The signatures for certs are stored inside `.crb` files.
|