[clamav-users] how to verify if a malware signature is in DB & adding hash
Al Varnell
alvarnell at mac.com
Mon May 6 04:25:46 UTC 2019
If you have the hash value then it shouldn't be that difficult to find the actual file and check it as Joel mentioned.
In addition to the hash value you will need the file size to build a proper signature.
To check if it is already in daily or main you will need to unpack them by running, for example, sigtool -u <PathTo-daily.cld>. Then open daily.hdb in a text editor and search for the hash.
Sent from my iPad
-Al-
On May 5, 2019, at 20:43, Sunhux G <sunhux at gmail.com> wrote:
>> https://www.clamav.net/documents/file-hash-signatures
>
> Need to clarify further based on the example in above link:
> so if I have the MD5 hash but not the malicious file itself, I'd add the MD5
> value into a line in test.hdb & then run
> clamscan -d test.hdb / (ie scan for the MD5 in the entire server??)
>
> But what I need is to find out if the MD5 hash is already incorporated
> in our ClamDB (or is there a way for to trace back past virus-db releases)
> assuming I have not subscribed to one??
>
> Sun
More information about the clamav-users
mailing list