Reputation: 3364
how to check if a file is compressed with gzexe in Python?
I'm working on a simple virus scanner with Python and the scanner needs to check if a file has a virus signature(a particular string) in it. If a file is compressed, the scanner needs to decompress the file first and then check for the signature. Files that are compressed with gzip has a magic number at the very beginning of the file and that's easy to check and use gzip library to decompress.
But how to check if a file is compressed with gzexe? I looked here but gzexe compressed file is not listed. I checked the content of a file that's compressed with gzexe and find that it starts with "#!bin/sh". I think I can check this, but is there a better way to do this? Also, is there any library that can deal decompress gzexe compressed file?
EDIT
The previous problem I had with zlib is because I didn't realize that you have to pass a second parameter to zlib.decompress or it will give you an error. Python zlib documentation didn't point that out very clearly. In python it seems you need to pass 15+32 to this decompress method.
zlib.decompress(data, 15 + 32)
Also gzexe can be decompressed by zlib, As Mark said, you just need to find where the magic number starts and decompress the file from there.
Upvotes: 0
Views: 980
Answers (1)
Reputation: 112284
Just search the file for a gzip signature. It is in there after the shell script.
You can use the zlib library to decompress it.
Upvotes: 3
Related Questions
- Python checking integrity of gzip archive
- How to tell if a file is gzip compressed?
- Identify if a file is a gzip file
- Get uncompressed size of a .gz file in python
- How to check if a file is gzip compressed?
- How to check empty gzip file in Python
- Checking for gzip or plain text and reading the file without checking extensions - python
- Check if GZIP file exists in Python
- Python: Read data from files with sometimes are compressed and sometimes not
- how to detect quickly if a string is zlib compressed?