"March 2002"
"CyberSoft, Inc."
"VFind Security Toolkit"
uad \- Universal Atomic Disintegrator
uad
"[ " "-c" ", " "--copyright" " ]"
"[ " "-h" ", " "-?" ", " "--help" " ]"
"[ " "-v" ", " "--version" " ]"
uad
"[ " "-e" "prog" ", " .B "--external" prog" ]"
"[ " "-k" ", " "--keep-tmpfiles" " ]"
"[ " "-l" ", " "--follow-links" " ]"
"[ " "-L" ", " "--transparent-links" " ]"
"[ " "-m" ", " "--malformed" " ]"
"[ " "-M" ", " "--Mail" " ]"
"[ " "-n" ", " "--no-expansion" " ]"
"[ " "--no-recursion" " ]"
"[ " "-p" ", " "--provide-all" " ]"
"[ " "-p0" ", " "--provide-top" " ]"
"[ " "-pid" ", " "--pid" " ]"
"[ " "-q" R "string" ", " "--quote" string" ]"
"[ " "-s" ", " "--stdin-file-list" " ]"
"[ " "-S" ", " "--stdin" " ]"
"[ " "-ssr" ", " "--smartscan-read" " ]"
"[ " "-ssw" ", " "--smartscan-write" " ]"
"[ " "-t" "dir" "," .B "--tmpdir" dir" ]"
"[ " "-T" ", " "--Text" "]"
"[ " "-w" ", " "--write-files" " ]"
"[ " "-z" ", " "--zeroing-off" " ]"
"[ " "--" " ]"
"[ " R "files" "... ]"
DESCRIPTION For each file argument, uad (Universal Atomic Disintegrator) attempts to identify the file type. If the file is a composite file of a type it knows how to expand, uad attempts to expand the file and recursively process the subfiles. Currently, uad expands BinHex, TNEF, tar, zip, zip2exe, compress and gzip files as well as extracting MIME and uuencoded enclosures in text files. Support for other archive and compression formats is available using external programs and the "--external" option.
OPTIONS
"-c" ", " "--copyright" Display copyright information and then exit. All other options will be ignored.
"-h" ", " "-?" ", " "--help" Display usage message and then exit. All other options will be ignored.
"-v" ", " "--version" Display version information.
\-e \prog\, \--external \prog\ Use external expander for unknown archive types. You must provide the external expander program. An example uad-helper Unix sh script is provided to handle cpio, RAR, bzip2, and Stuft formats.
"-k" ", " "--keep-tmpfiles" The temporary files containing constituent files created during expansion are retained (normally they are deleted). These files are announced as each input file is scanned when this option is specified.
"-l" ", " "--follow-links" Symbolic links are followed. First, the link file is described, then the file it points to is scanned.
"-L" ", " "--transparent-links" Symbolic links are followed transparently. The data in the file linked to is used to describe the link file.
"-m" ", " "--malformed" Keep malformed files. Normally uad does not keep any partial output or extracted components if an archive or encoding is malformed. This option will cause uad to keep such files, e.g. they will appear on SmartScan output. For use in conjunction with SmartScan output piped into vfind, you should also specify the uad -p option when using -m, otherwise trailing content in a malformed archive may not be processed.
"-M" ", " "--Mail" Set Mail mode: This option makes uad report type "top-level mail header" for the first component of input files. Input files are treated as text and are assumed to be mail files including headers.
"-n" ", " "--no-expansion" Do not expand composite files.
"--no-recursion" Do not expand files recursively.
"-p" ", " "--provide-all" Provide All Files: Normally uad does not provide output files for archives which have been expanded into component files. This option will cause uad to also provide the archive files.
"-p0" ", " "--provide-top" Provide Top Files: Normally uad does not provide output files which are simply copies of input file archives which have been expanded into component files. This option will cause uad to also provide the top-level input archive files.
"-pid" ", " "--pid" Print process id to stderr.
\-q \string\, \--quote \string\ Write a literal string on SmartScan output.
"-s" ", " "--stdin-file-list" Read the names of files to scan from standard input, one per line.
"-S" ", " "--stdin" Use the data on standard input as the file to scan.
"-ssr" ", " "--smartscan-read" This option causes uad to read files from a SmartScan stream on standard input.
"-ssw" ", " "--smartscan-write" Write a SmartScan Stream to the standard output. This option is useful when interfacing with other SmartScan Compliant tools such as vfind(1).
\-t \dir\, \--tmpdir \dir\ Set the directory uad uses for its temporary files to \dir\. Without this option, uad will use the default temp directory appropriate to the operating system.
"-T" ", " "--Text" Set Text mode. This option forces uad to treat input files as text.
"-w" ", " "--write-files" Constituent files for which meaningful names are available (from, e.g., an archive or MIME message) are saved with those names in the current directory. Subdirectories are created as needed.
"-z" ", " "--zeroing-off" Don't zero out the temporary files before unlinking them. This speeds things up a little, but introduces a potential security hole.
"--" End of Options: Signals to uad that all remaining arguments are to be treated as filenames, even if they start with '-'.
UAD requires a \LICENSE\ file to run. This \LICENSE\ file is host specific, therefore uad will only run on the licensed machine. Additional licenses may be purchased by contacting:
CyberSoft, Inc.
1508 Butler Pike
Conshohocken, PA 19428.
Phone: +1.610.825.4748
Fax: +1.610.825.6785 .RE At start-up, uad searches for the \LICENSE\ file in these locations:
* /LICENSE
* /etc/LICENSE
* The current working directory.
* The VSTK library directory set at installation. .RE
INPUT UAD can take input in three ways.
1. UAD with a filename or list of filenames as arguments. Example: uad jdk1.1.tar.gz strerror.c
2. UAD reading a data stream from the standard input. Example: dd -bs=20 -if=/dev/rmt/0mn | uad -S
3. UAD reading a list of filenames from the standard input. Example: find /usr/local/bin -type f -print | uad -s
OUTPUT Each input file is described with at least two lines written to standard output. Each line begins with a zero- based number indicating how many levels of expansion were needed to access the file. The first line reports the name, and the second reports the type. For example: uad /bin/ls might produce the following output: 0: Name: /bin/ls 0: Type: sticky 80386 COFF executable If the file has sub-components, there will be a third line announcing the fact, followed by the components with a level number one greater than that of the file. For example: uad archive.tar might produce: 0: Name: archive.tar 0: Type: tar archive 0: Components... 1: Name: foo 1: Type: unknown 1: Name: bar 1: Type: unknown Such expansion can proceed to any number of levels. For example: uad mbox.tgz might produce: 0: Name: mbox.tgz 0: Type: gzip compressed data 0: Components... 1: Name: unknown 1: Type: tar archive 1: Components... 2: Name: mbox 2: Type: text 2: Components... 3: Type: text fragment 3: Unnamed 3: Type: text (no enclosures found) 3: Unnamed 3: Type: text fragment 3: Unnamed 3: Type: text (8-bit) 3: Unnamed 3: Type: text fragment 3: Name: medal.gif 3: Type: GIF picture - version 87a 80 x 80, interlaced, 256 colors In this case, uad has extracted attachments from email messages. The components of type 'text fragment' are typically mail messages and/or MIME headers that delimit the other components. These are put in mini-files of their own. Attachments that are themselves text files are, of course, recursively scanned. If nothing is found in them, this is announced as type 'text (no enclosures found)'. If, in the above example, uad had been invoked with the -w option (see above), it would have also announced: uad: Wrote file `medal.gif'
SMARTSCAN UAD is a SmartScan compliant tool. Specifying the -ssw option to uad will cause uad to produce a SmartScan stream as output. This stream can then be redirected to another SmartScan compliant tool, such as vfind(1), and processed further. For example: find /export/home -type f -print | uad -s -ssw | \\ vfind -ssr > REPORT
FILES LICENSE
SEE ALSO
"vfind" "(1), " "cit" "(1), "
"thd" "(1), " "bhead" "(1), "
"jdis" "(1), " "find" "(1)"
BUGS
Please report all bugs to support@cyber.com Make sure to include the version of uad, the platform and OS, the script or command used, the complete output showing the bug, a short description of the problem, and contact information.
COPYRIGHT
Copyright 1996-2001 by CyberSoft, Inc. All rights reserved. Portions of this software are covered by the following copyrights:
Copyright 1991 Bell Communications Research, Inc. (Bellcore)
Copyright Ian F. Darwin, 1987. .RE The Universal Atomic Disintegrator incorporates (de)compression code by the Info-ZIP groups. There are no extra charges or costs due to the use of this code, and the original (de)compression sources are freely available from CyberSoft, Inc.