uad(1) CyberSoft VFind Security Toolkit uad(1)

NAME

UAD - Universal Atomic Disintegrator

SYNOPSIS

uad [-c, --copyright] [-h, -?, --help]
[-v, --version]
uad [-k, --keep-tmpfiles] [-l, --follow-links]
[-L, --transparent-links] [-n, --no-expansion]
[-p, --provide-all] [-p0, --provide-top]
[-ssw, --smartscan-write] [-t dir, --tmpdir dir]
[-s, --stdin-file-list] [-S, --stdin]
[-T, --Text] [-w, --write-files]
[-z, --zeroing-off] [-e prog, --external prog] [files...]

DESCRIPTION

For each file argument, uad (Universal Atomic Disintegrator) attempts to identify the file type. If the file is a composite file of a type UAD knows how to expand, UAD attempts to expand the file and recursively process the subfiles.

Currently, UAD expands BinHex, TNEF, tar'd, ziped, zip2exe, compressed and gziped files as well as extracting MIME and uuencoded enclosures in text files. Support for other archive and compression formats is available using external programs and the --external option.

OPTIONS

-c, --copyright
Display copyright information and then exit. All other options will be ignored.

-h, -?, --help
Display usage message and then exit. All other options will be ignored.

-v, --version
Display version information and then exit. All other options will be ignored.

-k, --keep-tmpfiles
The temporary files containing constituent files created during expansion are retained (normally they are deleted). These files are announced as each input file is scanned when this option is specified.

-l, --follow-links
Symbolic links are followed. First, the link file is described, then the file it points to is scanned.

-L, --transparent-links
Symbolic links are followed transparently. The data in the file linked to is used to describe the link file.

-n, --no-expansion
Do not expand composite files.

-p, --provide-all
Provide All Files: Normally UAD does not provide output files for archives which have been expanded into component files. This option will cause UAD to also provide the archive files.

-p0, --provide-top
Provide Top Files: Normally UAD does not provide output files which are simply copies of input file archives which have been expanded into component files. This option will cause UAD to also provide the top-level input archive files.

-s, --stdin-file-list
Read the names of files to scan from standard input, one per line.

-S, --stdin
Use the data on standard input as the file to scan.

-T, --Text
Set Text mode. This option forces UAD to treat input files as text.

-ssw, --smartscan-write
Write a SmartScan Stream to the standard output. This option is useful when interfacing with other SmartScan Compliant tools such as vfind(1).

-t dir, --tmpdir dir
Set the directory UAD uses for its temporary files to dir. Without this option, UAD will use the default temp directory appropriate to the operating system.

-w, --write-files
Constituent files for which meaningful names are available (from, e.g., an archive or MIME message) are saved with those names in the current directory. Subdirectories are created as needed.

-z, --zeroing-off
Don't zero out the temporary files before unlinking them. This speeds things up a little, but introduces a potential security hole.

-e prog, --external prog
Use external expander for unknown archive types. You must provide the external expander program. An example uad-helper Unix sh script is provided to handle cpio, RAR, bzip2, and StuffIt formats.

USAGE

LICENSES

UAD requires a LICENSE file to run. This LICENSE file is host specific, therefore UAD will only run on the licensed machine. Additional licenses may be purchased by contacting:
CyberSoft, Inc.
1508 Butler Pike
Conshohocken, PA 19428.
Phone: +1.610.825.4748
Fax: +1.610.825.6785

At start-up, UAD searches for the LICENSE file in these locations:

  • /LICENSE
  • /etc/LICENSE
  • The current working directory.
  • The VSTK library directory configured during installation.

INPUT

UAD can take input in three ways.
  1. UAD with a filename or list of filenames as arguments.
    Example: 
      uad --write-files jdk1.1.tar.gz strerror.c
  2. UAD reading a data stream from the standard input.
    Example: 
      dd -bs=20 -if=/dev/rmt/0mn | uad -S
  3. UAD reading a list of filenames from the standard input.
    Example: 
      find /usr/local/bin -type f -print | uad -s

OUTPUT

Each input file is described with at least two lines written to standard output. Each line begins with a zero- based number indicating how many levels of expansion were needed to access the file. The first line reports the name, and the second reports the type. For example: 
  uad /bin/ls
might produce the following output: 
  0: Name: /bin/ls
  0: Type: sticky 80386 COFF executable
If the file has sub-components, there will be a third line announcing the fact, followed by the components with a level number one greater than that of the file. For example: 
  uad archive.tar
might produce: 
  0: Name: archive.tar
  0: Type: tar archive
  0: Components...
  1: Name: foo
  1: Type: unknown
  1: Name: bar
  1: Type: unknown
Such expansion can proceed to any number of levels. For example: 
  uad mbox.tgz
might produce: 
  0: Name: mbox.tgz
  0: Type: gzip compressed data
  0: Components...
  1: Name: unknown
  1: Type: tar archive
  1: Components...
  2: Name: mbox
  2: Type: text
  2: Components...
  3: Type: text fragment
  3: Unnamed
  3: Type: text (no enclosures found)
  3: Unnamed
  3: Type: text fragment
  3: Unnamed
  3: Type: text (8-bit)
  3: Unnamed
  3: Type: text fragment
  3: Name: medal.gif
  3: Type: GIF picture - version 87a 125 x 125,
       interlaced, 256 colors
In this case, UAD has extracted attachments from email messages. The components of type 'text fragment' are typically mail messages and/or MIME headers that delimit the other components. These are put in mini-files of their own. Attachments that are themselves text files are, of course, recursively scanned. If nothing is found in them, this is announced as type 'text (no enclosures found)'. If, in the above example, UAD had been invoked with the -w option (see above), it would have also announced: 
  uad: Wrote file `medal.gif'

SMARTSCAN

UAD is a SmartScan compliant tool. Specifying the -ssw option to uad will cause UAD to produce a SmartScan stream as output. This stream can then be redirected to another SmartScan compliant tool, such as vfind(1), and processed further. For example: 
  find /export/home -type f -print | \
    uad -s -ssw | vfind -ssr > REPORT

FILES

LICENSE

SEE ALSO

vfind(1), cit(1), thd(1), bhead(1), jdis(1), find(1),

BUGS

Please report all bugs to support@cyber.com Make sure to include the version of UAD, the platform and OS, the script or command used, the complete output showing the bug, a short description of the problem, and contact information.

COPYRIGHT

© 1996-2001 by CyberSoft, Inc. All rights reserved. Portions of this software are covered by the following copyrights:

© 1991 Bell Communications Research, Inc. (Bellcore)
© Ian F. Darwin, 1987.

The Universal Atomic Disintegrator incorporates (de)compression code by the Info-ZIP groups. There are no extra charges or costs due to the use of this code, and the original (de)compression sources are freely available from CyberSoft, Inc.



uad(1) CyberSoft VFind Security Toolkit uad(1)