"June 2001" "CyberSoft, Inc." "VFind Security Toolkit"
uad \- Universal Atomic Disintegrator
uad
"[ " "-c" ", " "--copyright" " ]
"[ " "-h" ", " "-?" ", "
"--help" " ]"
"[ " "-v" ", " "--version" " ]"
uad
"[ " "-k" ", " "--keep-tmpfiles"
" ] [ " "-l" ", " "--follow-links" " ]"
"[ " "-L" ", " "--transparent-links"
" ] [ " "-n" ", " "--no-expansion" " ]"
"[ " "-p" ", " "--provide-all" " ]"
"[ " "-p0" ", " "--provide-top" " ]"
"[ " "-ssw" ", " "--smartscan-write" " ] [ " "-t" .IR "dir" "," .B "--tmpdir" .I dir
" ] [" "-s" ", " "--stdin-file-list"
" ] [ "-S" ", " "--stdin" " ]"
"[ " "-T" ", " "--Text" "]"
"[ " "-w" ", " "--write-files" " ] [ "
"-z" ", " "--zeroing-off" " ] [ "
"-e" .IR "prog" "," .B "--external" .I prog
" ] [ " .IR "files" "... ]"
For each file argument, uad (Universal Atomic Disintegrator) attempts to identify the file type. If the file is a composite file of a type it knows how to expand, uad attempts to expand the file and recursively process the subfiles. Currently, uad expands BinHex, TNEF, tar, zip, zip2exe, compress and gzip files as well as extracting MIME and uuencoded enclosures in text files. Support for other archive and compression formats is available using external programs and the .B "--external" option.
"-c" ", " "--copyright" Display copyright information and then exit. All other options will be ignored.
"-h" ", " "-?" ", " "--help" Display usage message and then exit. All other options will be ignored.
"-v" ", " "--version" Display version information and then exit. All other options will be ignored.
"-k" ", " "--keep-tmpfiles" The temporary files containing constituent files created during expansion are retained (normally they are deleted). These files are announced as each input file is scanned when this option is specified.
"-l" ", " "--follow-links" Symbolic links are followed. First, the link file is described, then the file it points to is scanned.
"-L" ", " "--transparent-links" Symbolic links are followed transparently. The data in the file linked to is used to describe the link file.
"-n" ", " "--no-expansion" Do not expand composite files.
"-p" ", " "--provide-all" Provide All Files: Normally uad does not provide output files for archives which have been expanded into component files. This option will cause uad to also provide the archive files.
"-p0" ", " "--provide-top" Provide Top Files: Normally uad does not provide output files which are simply copies of input file archives which have been expanded into component files. This option will cause uad to also provide the top-level input archive files.
"-s" ", " "--stdin-file-list" Read the names of files to scan from standard input, one per line.
"-S" ", " "--stdin" Use the data on standard input as the file to scan.
"-T" ", " "--Text" Set Text mode. This option forces uad to treat input files as text.
"-ssw" ", " "--smartscan-write" Write a SmartScan Stream to the standard output. This option is useful when interfacing with other SmartScan Compliant tools such as vfind(1).
\-t \fIdir\, \--tmpdir \fIdir\ Set the directory uad uses for its temporary files to \fIdir\. Without this option, uad will use the default temp directory appropriate to the operating system.
"-w" ", " "--write-files" Constituent files for which meaningful names are available (from, e.g., an archive or MIME message) are saved with those names in the current directory. Subdirectories are created as needed.
"-z" ", " "--zeroing-off" Don't zero out the temporary files before unlinking them. This speeds things up a little, but introduces a potential security hole.
\-e \fIprog\, \--external \fIprog\ Use external expander for unknown archive types. You must provide the external expander program. An example uad-helper Unix sh script is provided to handle cpio, RAR, bzip2, and StuffIt formats.
USAGE
LICENSES UAD requires a \fILICENSE\ file to run. This \fILICENSE\ file is host specific, therefore uad will only run on the licensed machine. Additional licenses may be purchased by contacting:
CyberSoft, Inc.
1508 Butler Pike
Conshohocken, PA 19428.
Phone: +1.610.825.4748
Fax: +1.610.825.6785
At start-up, uad searches for the \fILICENSE\ file in these locations:
* /LICENSE
* /etc/LICENSE
* The current working directory.
* The VSTK library directory set at installation.
UAD can take input in three ways.
1. UAD with a filename or list of filenames as arguments. Example: uad jdk1.1.tar.gz strerror.c
2. UAD reading a data stream from the standard input. Example: dd -bs=20 -if=/dev/rmt/0mn | uad -S
3. UAD reading a list of filenames from the standard input. Example: find /usr/local/bin -type f -print | uad -s
Each input file is described with at least two lines written to standard output. Each line begins with a zero- based number indicating how many levels of expansion were needed to access the file. The first line reports the name, and the second reports the type. For example: uad /bin/ls might produce the following output: 0: Name: /bin/ls 0: Type: sticky 80386 COFF executable If the file has sub-components, there will be a third line announcing the fact, followed by the components with a level number one greater than that of the file. For example: uad archive.tar might produce: 0: Name: archive.tar 0: Type: tar archive 0: Components... 1: Name: foo 1: Type: unknown 1: Name: bar 1: Type: unknown Such expansion can proceed to any number of levels. For example: uad mbox.tgz might produce: 0: Name: mbox.tgz 0: Type: gzip compressed data 0: Components... 1: Name: unknown 1: Type: tar archive 1: Components... 2: Name: mbox 2: Type: text 2: Components... 3: Type: text fragment 3: Unnamed 3: Type: text (no enclosures found) 3: Unnamed 3: Type: text fragment 3: Unnamed 3: Type: text (8-bit) 3: Unnamed 3: Type: text fragment 3: Name: medal.gif 3: Type: GIF picture - version 87a 80 x 80, interlaced, 256 colors In this case, uad has extracted attachments from email messages. The components of type 'text fragment' are typically mail messages and/or MIME headers that delimit the other components. These are put in mini-files of their own. Attachments that are themselves text files are, of course, recursively scanned. If nothing is found in them, this is announced as type 'text (no enclosures found)'. If, in the above example, uad had been invoked with the -w option (see above), it would have also announced: uad: Wrote file `medal.gif'
UAD is a SmartScan compliant tool. Specifying the -ssw option to uad will cause uad to produce a SmartScan stream as output. This stream can then be redirected to another SmartScan compliant tool, such as vfind(1), and processed further. For example: find /export/home -type f -print | uad -s -ssw | \\ vfind -ssr > REPORT
SEE ALSO
"vfind" "(1), " "cit" "(1), "
"thd" "(1), " "bhead" "(1), "
"jdis" "(1), " "find" "(1)"
BUGS
Please report all bugs to support@cyber.com Make sure to include the version of uad, the platform and OS, the script or command used, the complete output showing the bug, a short description of the problem, and contact information.
COPYRIGHT
Copyright 1996-2001 by CyberSoft, Inc. All rights reserved. Portions of this software are covered by the following copyrights:
Copyright 1991 Bell Communications Research, Inc. (Bellcore)
Copyright Ian F. Darwin, 1987.
The Universal Atomic Disintegrator incorporates (de)compression code by the Info-ZIP groups. There are no extra charges or costs due to the use of this code, and the original (de)compression sources are freely available from CyberSoft, Inc.