[clamav-users] how to verify if a malware signature is in DB & adding hash
Sunhux G
sunhux at gmail.com
Mon May 6 06:24:18 UTC 2019
Thanks.
Where can I download a copy of sigtool (that's pre-compiled) for
Solaris 10 and RHEL7? Was combing clamav site but can't locate it.
Appreciate a full URL to download it.
As for actual file, it's too dangerous as they're ransomware/malware,
so wouldn't want to get a copy of it.
Sun
On 5/6/19, Al Varnell via clamav-users <clamav-users at lists.clamav.net> wrote:
> If you have the hash value then it shouldn't be that difficult to find the
> actual file and check it as Joel mentioned.
>
> In addition to the hash value you will need the file size to build a proper
> signature.
>
> To check if it is already in daily or main you will need to unpack them by
> running, for example, sigtool -u <PathTo-daily.cld>. Then open daily.hdb in
> a text editor and search for the hash.
>
> Sent from my iPad
>
> -Al-
>
> On May 5, 2019, at 20:43, Sunhux G <sunhux at gmail.com> wrote:
>
>>> https://www.clamav.net/documents/file-hash-signatures
>>
>> Need to clarify further based on the example in above link:
>> so if I have the MD5 hash but not the malicious file itself, I'd add the
>> MD5
>> value into a line in test.hdb & then run
>> clamscan -d test.hdb / (ie scan for the MD5 in the entire server??)
>>
>> But what I need is to find out if the MD5 hash is already incorporated
>> in our ClamDB (or is there a way for to trace back past virus-db
>> releases)
>> assuming I have not subscribed to one??
>>
>> Sun
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list