hachoir VS clamav

https://github.com/vstinner/hachoir/blob/main/hachoir/subfil...

File signature:

I contributed a number of file formats a few years ago (and attempted numerous others) but ran into a number of problems with certain file formats:

1. It's not possible to read from the file until a multiple byte termination sequence is detected. [1]

2. You can't read sections of a file where the termination condition is the presence of a sequence of bytes denoting the next unrelated section of the file (and you don't want to consume/read these bytes) [2]

3. The WebIDE at the time couldn't handle very large file format specifications such as Photoshop (PSD) [3]

4. Files containing compressed or encrypted sections require a compression/encryption algorithm to be hardcoded into Kaitai struct libraries for each programming language it can output to.

The WebIDE I particularly liked as it makes it easy to get started and share results. I also liked how Kaitai Struct allows easy definition of constraints (simple ones at least) into the file format specification so that you can say "this section of the file shall have a size not exceeding header.length * 2 bytes".

Some alternative binary file format specification attempts for those interested in seeing alternatives, each with their own set of problems/pros/cons:

1. 010 Editor [4]

2. Synalysis [5]

3. hachoir [6]

4. DFDL [7]

[1] https://github.com/kaitai-io/kaitai_struct/issues/158

[2] https://github.com/kaitai-io/kaitai_struct/issues/156

[3] https://raw.githubusercontent.com/davidhicks/kaitai_struct_f...

[4] https://www.sweetscape.com/010editor/repository/templates/

[5] https://github.com/synalysis/Grammars

[6] https://github.com/vstinner/hachoir/tree/main/hachoir/parser

[7] https://github.com/DFDLSchemas/

Another one sort of related is hachoir, and specifically the hachoir-metadata script: https://github.com/vstinner/hachoir

My recommendation would be to use ClamAV an open source antivirus engine. It is a versatile tool designed to detect multiple types of threats from numerous file formats and other use cases (cross-platform, integration such as mail server). Finally, it is updated on a daily basis, ensuring protection against the latest known threats. This rapid update cycle is crucial for an antivirus tool to be effective.

Linux has (free) tools to improve security and detect/remove malware: Lynis,Chkrootkit,Rkhunter,ClamAV,Vuls,LMD,radare2,Yara,ntopng,maltrail,Snort,Suricata...

There's clamAV which is open source: https://www.clamav.net/

For personal use, the most commonly used is ClamAV.

Absolutely but if the OP feels they must then they should look into the free ClamAV.

I'd go with what Bman said but second to that ClamAV is a good free option.

Ehhh, there is antivirus software for Linux, like ClamAV. Also a lot of exploits these days target browsers since its an easier attack vector. Also, malware is malware, and most servers use Linux by default. So any malware that's targeting a Linux server could target a desktop user. I don't like the whole "Haha, malware doesn't affect me because everyone targets windows". Sure, those "download now!" buttons that are targeted to gullible windows users might not work on your operating system however your OS is still vulnerable and can still be exploited by malware.