We help IT Professionals succeed at work.

How to read/extract whats in Clam's  safebrowsing.cld  or  .gdb

I would like to read what's in Clam AV's safebrowsing .cld
(that lists the blacklisted sites).

After following some suggestions online, extracted from
the cld file  the following (using dd & 7zip):
08/11/2018  02:13 PM            18,325 Copying.txt
08/11/2018  02:14 PM       113,037,608 safebrowsing.gdb
08/11/2018  02:14 PM               514 safebrowsing.info

How can we read/extract the gdb file?
Watch Question

nociSoftware Engineer
Distinguished Expert 2019

It looks like they are encrypted Berkeley DB files  or Gnu db files
(db_dump / gdbm_dump) should be able to process those).
Question is what is the password .., you may need to check the clamav sources for that.

DB 5.3 shows the error: BDB0178 Encrypted database: no encryption flag specified/var/lib/clamav/safebrowsing.cvd:
if i try gnu db (gdbm)  gdmb_dump shows: gdbm_open failed bad magic number.


I recall long ago that in databases, the message 'bad magic number'
doesn't mean it requires a password but it's something else.

Wonder how Clam AV reads it
nociSoftware Engineer
Distinguished Expert 2019

Note Berkeley DB is not GDBM... Berkeley claims to recognize the files as being encrypted. GDBM actually claims to not know the files.
Those are different toolsets...

Berkeley DB (appearantly now Oracle:) http://www.oracle.com/technetwork/database/database-technologies/berkeleydb/overview/index.html
GDBM: https://www.gnu.org/software/gdbm/



or it could be Borland's database:  I'll look for a PC that I could install File Viewer Plus
Software Engineer
Distinguished Expert 2019
I have my doubts about Borlands database because clamav is an open source project.

I checked the sources:

there is a readdb.c c source in clamav-0.100.1/libclamav  that has the code to read all files.
It looks like those are specific db files for clamav not linked to any other library.

if you need to read/dump them that source should be your starting point i think.