<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta name="generator" content="pandoc" /> <title></title> <style type="text/css">code{white-space: pre;}</style> <link rel="stylesheet" href="/en/github.css" type="text/css" /> </head> <body> <h1 id="trusted-and-revoked-certificates">Trusted and Revoked Certificates</h1> <p>Clamav 0.98 checks signed PE files for certificates and verifies each certificate in the chain against a database of trusted and revoked certificates. The signature format is</p> <pre> Name;Trusted;Subject;Serial;Pubkey;Exponent;CodeSign;TimeSign;CertSign; NotBefore;Comment[;minFL[;maxFL]] </pre> <p>where the corresponding fields are:</p> <ul> <li><p><code>Name:</code> name of the entry</p></li> <li><p><code>Trusted:</code> bit field, specifying whether the cert is trusted. 1 for trusted. 0 for revoked</p></li> <li><p><code>Subject:</code> sha1 of the Subject field in hex</p></li> <li><p><code>Serial:</code> the serial number as clamscan –debug –verbose reports</p></li> <li><p><code>Pubkey:</code> the public key in hex</p></li> <li><p><code>Exponent:</code> the exponent in hex. Currently ignored and hardcoded to 010001 (in hex)</p></li> <li><p><code>CodeSign:</code> bit field, specifying whether this cert can sign code. 1 for true, 0 for false</p></li> <li><p><code>TimeSign:</code> bit field. 1 for true, 0 for false</p></li> <li><p><code>CertSign:</code> bit field, specifying whether this cert can sign other certs. 1 for true, 0 for false</p></li> <li><p><code>NotBefore:</code> integer, cert should not be added before this variable. Defaults to 0 if left empty</p></li> <li><p><code>Comment:</code> comments for this entry</p></li> </ul> <p>The signatures for certs are stored inside <code>.crb</code> files.</p> </body> </html>