[clamav-users] ClamAV md5 hash DB
Reindl Harald
h.reindl at thelounge.net
Wed Jul 12 14:15:14 UTC 2017
and what about "You can also use sigtool --find-sigs to find the
signature that it's reporting and isolate it"? why does it need 5 emails
for everything piece by piece?
Am 12.07.2017 um 15:50 schrieb Srinivasreddy R:
> Hi Maarte,
> Thank you for the reply .
>
> I have extracted the tar file ,checked for md5 hash of the infected file in
> the hash DB but its not present .
>
>
> clamscan -i ./
> ./newdat3.log: Win.Exploit.Shellcode-2 FOUND
> ./malware.zip: Eicar-Test-Signature FOUND
> ./scan19.tar.gz: Win.Exploit.Shellcode-2 FOUND
>
> ----------- SCAN SUMMARY -----------
> Known viruses: 6300275
> Engine version: 0.99.2
> Scanned directories: 1
> Scanned files: 6
> Infected files: 3
> Data scanned: 10.04 MB
> Data read: 8.23 MB (ratio 1.22:1)
> Time: 8.070 sec (0 m 8 s)
>
>
> #md5sum ./newdat3.log
> 38e85119953076c904fd2105dfcb6cdb ./newdat3.log
>
> #grep -irn "38e85119953076c904fd2105dfcb6cdb" ./blacklist_md5
> no output .
>
> Am i missing something .
> thanks
> srinivas
>
>
>
> On Wed, Jul 12, 2017 at 6:30 PM, Maarten Broekman <
> maarten.broekman at gmail.com> wrote:
>
>> Sorry for the double reply...
>>
>> You can also use sigtool --find-sigs to find the signature that it's
>> reporting and isolate it.
>>
>> On Wed, Jul 12, 2017 at 8:59 AM, Maarten Broekman <
>> maarten.broekman at gmail.com> wrote:
>>
>>> If the tarball doesn't match the MD5 hash then it's likely that a file
>>> within the tarball matches the malicious MD5. ClamAV looks at all the
>> files
>>> within tarballs and zip files individually as well as the tarball as a
>>> whole.
More information about the clamav-users
mailing list