Stowage/clamav
2
0
Fork 0
mirror of https://github.com/Cisco-Talos/clamav.git synced 2025-10-31 08:00:54 +00:00
Code Issues Projects Releases Packages Wiki Activity
clamav/docs/UserManual/Signatures/AuthenticodeRules.md

34 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Trusted and Revoked Certificates
Clamav 0.98 checks signed PE files for certificates and verifies each certificate in the chain against a database of trusted and revoked certificates. The signature format is
```
Name;Trusted;Subject;Serial;Pubkey;Exponent;CodeSign;TimeSign;CertSign;
NotBefore;Comment[;minFL[;maxFL]]
```
where the corresponding fields are:
- `Name:` name of the entry
- `Trusted:` bit field, specifying whether the cert is trusted. 1 for trusted. 0 for revoked
- `Subject:` sha1 of the Subject field in hex
- `Serial:` the serial number as clamscan debug verbose reports
- `Pubkey:` the public key in hex
- `Exponent:` the exponent in hex. Currently ignored and hardcoded to 010001 (in hex)
- `CodeSign:` bit field, specifying whether this cert can sign code. 1 for true, 0 for false
- `TimeSign:` bit field. 1 for true, 0 for false
- `CertSign:` bit field, specifying whether this cert can sign other certs. 1 for true, 0 for false
- `NotBefore:` integer, cert should not be added before this variable. Defaults to 0 if left empty
- `Comment:` comments for this entry
The signatures for certs are stored inside `.crb` files.
Reference in a new issue View git blame Copy permalink