'file' Command Giving False Positives
freebsd-questions-local at be-well.ilk.org
Fri Jul 2 15:25:24 UTC 2010
Tim Daneliuk <tundra at tundraware.com> writes:
> I have a data file with the content:
> 'file' (incorrectly) reports this as an MS-DOS executable.
Why is it incorrect? "LZ" as the first two bytes in a file is (unless
my memory is badly mistaken) exactly what the old command.com looked for
as the flag of an executable.
> Does anyone happen to know the proper changes to 'magic' that would
> fix this?
That would be tricky, given that MS-DOS *would*, in fact, think this
file was a valid executable. I don't think the syntax of "magic" is
powerful enough to distinguish this from a "real" executable. You might
be able to do it by adding file(1) support for looking for invalid
opcodes, but that would get hairy very quickly...
More information about the freebsd-questions