More signature updates.

2025-10-09 10:08:20 +00:00 · 2015-04-06 17:21:53 -04:00 · 2015-04-06 17:21:53 -04:00 · 6861ecc046
commit 6861ecc046
parent 19f498b4a4
7 changed files with 510 additions and 738 deletions
--- a/scripts/base/frameworks/files/magic/archive.sig
+++ b/scripts/base/frameworks/files/magic/archive.sig
@ -16,16 +16,19 @@ signature file-multi-zip {
 	file-magic /^PK\x07\x08PK\x03\x04/
 }

+# RAR
 signature file-rar {
 	file-mime "application/x-rar", 70
 	file-magic /^Rar!/
 }

+# GZIP
 signature file-gzip {
 	file-mime "application/x-gzip", 100
 	file-magic /\x1f\x8b/
 }

+# Microsoft Cabinet
 signature file-ms-cab {
 	file-mime "application/vnd.ms-cab-compressed", 110
 	file-magic /^MSCF\x00\x00\x00\x00/
@ -50,11 +53,13 @@ signature file-magic-auto352 {
 	file-magic /^(drpm|\xed\xab\xee\xdb)/
 }

+# StuffIt
 signature file-stuffit {
 	file-mime "application/x-stuffit", 70
 	file-magic /^(SIT\x21|StuffIt)/
 }

+# Archived data
 signature file-x-archive {
 	file-mime "application/x-archive", 70
 	file-magic /^!?<ar(ch)?>/
@ -63,7 +68,7 @@ signature file-x-archive {
 # ARC archive data
 signature file-arc {
 	file-mime "application/x-arc", 70
-	file-magic /([\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20\x21\x22\x23\x24\x25\x26\x27\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30\x31\x32\x33\x34\x35\x36\x37\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50\x51\x52\x53\x54\x55\x56\x57\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60\x61\x62\x63\x64\x65\x66\x67\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70\x71\x72\x73\x74\x75\x76\x77\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f]{2})([\x02-\x0a\x14\x48]\x1a)/
+	file-magic /^[\x00-\x7f]{2}[\x02-\x0a\x14\x48]\x1a/
 }

 # EET archive
@ -78,43 +83,34 @@ signature file-zoo {
 	file-magic /^.{20}\xdc\xa7\xc4\xfd/
 }

-# >0  lelong&,=407642370 (0x184c2102), ["LZ4 compressed data, legacy format"], swap_endian=0
-signature file-magic-auto382 {
+# LZ4 compressed data (legacy format)
+signature file-lz4-legacy {
 	file-mime "application/x-lz4", 70
 	file-magic /(\x02\x21\x4c\x18)/
 }

-# >0  lelong&,=407708164 (0x184d2204), ["LZ4 compressed data"], swap_endian=0
-signature file-magic-auto383 {
+# LZ4 compressed data
+signature file-lz4 {
 	file-mime "application/x-lz4", 70
-	file-magic /(\x04\x22\x4d\x18)/
+	file-magic /^\x04\x22\x4d\x18/
 }

-# >0  string,=LRZI (len=4), ["LRZIP compressed data"], swap_endian=0
-# >>5  byte&,x, [".%d"], swap_endian=0
-signature file-magic-auto384 {
+# LRZIP compressed data
+signature file-lrzip {
 	file-mime "application/x-lrzip", 1
-	file-magic /(LRZI)(.{1})(.{1})/
+	file-magic /^LRZI/
 }

-# >0  string,=LZIP (len=4), ["lzip compressed data"], swap_endian=0
-signature file-magic-auto386 {
+# LZIP compressed data
+signature file-lzip {
 	file-mime "application/x-lzip", 70
-	file-magic /(LZIP)/
+	file-magic /^LZIP/
 }

-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>30  string,=Copyright 1989-1990 PKWARE Inc. (len=31), ["Self-extracting PKZIP archive"], swap_endian=0
+# Self-extracting PKZIP archive
 signature file-magic-auto434 {
 	file-mime "application/zip", 340
-	file-magic /(MZ)(.{28})(Copyright 1989\x2d1990 PKWARE Inc\x2e)/
-}
-
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>30  string,=PKLITE Copr. (len=12), ["Self-extracting PKZIP archive"], swap_endian=0
-signature file-magic-auto435 {
-	file-mime "application/zip", 150
-	file-magic /(MZ)(.{28})(PKLITE Copr\x2e)/
+	file-magic /^MZ.{28}(Copyright 1989\x2d1990 PKWARE Inc|PKLITE Copr)\x2e/
 }

 # LHA archive (LZH)
@ -123,66 +119,57 @@ signature file-lzh {
 	file-magic /^.{2}-(lh[ abcdex0-9]|lz[s2-8]|lz[s2-8]|pm[s012]|pc1)-/
 }

-# >0  string,=WARC/ (len=5), ["WARC Archive"], swap_endian=0
-# >>5  string,x, ["version %.4s"], swap_endian=0
-signature file-magic-auto177 {
-	file-mime "application/warc", 1
-	file-magic /(WARC\x2f)(.{0})/
+# WARC Archive
+signature file-warc {
+	file-mime "application/warc", 50
+	file-magic /^WARC\x2f/
 }

-# >0  string,=7z\274\257'\034 (len=6), ["7-zip archive data,"], swap_endian=0
-# >>7  byte&,x, [".%d"], swap_endian=0
-signature file-magic-auto150 {
-	file-mime "application/x-7z-compressed", 1
-	file-magic /(7z\xbc\xaf\x27\x1c)(.{1})(.{1})/
+# 7-zip archive data
+signature file-7zip {
+	file-mime "application/x-7z-compressed", 50
+	file-magic /^7z\xbc\xaf\x27\x1c/
 }

-# >0  ustring,=\3757zXZ\000 (len=6), ["XZ compressed data"], swap_endian=0
-signature file-magic-auto151 {
+# XZ compressed data
+signature file-xz {
 	file-mime "application/x-xz", 90
-	file-magic /(\xfd7zXZ\x00)/
+	file-magic /^\xfd7zXZ\x00/
 }
-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>36  string,=LHa's SFX (len=9), [", LHa self-extracting archive"], swap_endian=0
+
+# LHa self-extracting archive
 signature file-magic-auto436 {
 	file-mime "application/x-lha", 120
-	file-magic /(MZ)(.{34})(LHa\x27s SFX)/
+	file-magic /^MZ.{34}LH[aA]\x27s SFX/
 }

-# >0  string/b,=MZ (len=2), [""], swap_endian=0
-# >>36  string,=LHA's SFX (len=9), [", LHa self-extracting archive"], swap_endian=0
-signature file-magic-auto437 {
-	file-mime "application/x-lha", 120
-	file-magic /(MZ)(.{34})(LHA\x27s SFX)/
-}
-
-# >0  leshort&,=-5536 (0xea60), ["ARJ archive data"], swap_endian=0
-signature file-magic-auto467 {
+# ARJ archive data
+signature file-arj {
 	file-mime "application/x-arj", 50
-	file-magic /(\x60\xea)/
+	file-magic /^\x60\xea/
 }

-# >0  short&,=-14479 (0xc771), ["byte-swapped cpio archive"], swap_endian=0
-signature file-magic-auto479 {
+# Byte-swapped cpio archive
+signature file-bs-cpio {
 	file-mime "application/x-cpio", 50
-	file-magic /((\x71\xc7)|(\xc7\x71))/
+	file-magic /(\x71\xc7|\xc7\x71)/
 }

-# >0  short&,=29127 (0x71c7), ["cpio archive"], swap_endian=0
-signature file-magic-auto480 {
+# CPIO archive
+signature file-cpio {
 	file-mime "application/x-cpio", 50
-	file-magic /((\xc7\x71)|(\x71\xc7))/
+	file-magic /^(\xc7\x71|\x71\xc7)/
 }

-# >0  string,=\037\235 (len=2), ["compress'd data"], swap_endian=0
-signature file-magic-auto500 {
+# Compress'd data
+signature file-compress {
 	file-mime "application/x-compress", 50
-	file-magic /(\x1f\x9d)/
+	file-magic /^\x1f\x9d/
 }

-# >0  lelong&00ffffff,=93 (0x0000005d), [""], swap_endian=0
-signature file-magic-auto218 {
+# LZMA compressed data
+signature file-lzma {
 	file-mime "application/x-lzma", 71
-	file-magic /(\x5d\x00\x00.)/
+	file-magic /^\x5d\x00\x00/
 }