[clamav-users] how to verify if a malware signature is in DB & adding hash

[Al Varnell]

On May 5, 2019, at 23:24, Sunhux G via clamav-users <clamav-users at lists.clamav.net> wrote:
> Where can I download a copy of sigtool (that's pre-compiled) for
> Solaris 10 and RHEL7?   Was combing clamav site but can't locate it.
> Appreciate a full URL to download it.

It's built into your ClamAV installation in clamav/bin.

> As for actual file, it's too dangerous as they're ransomware/malware,
> so wouldn't want to get a copy of it.

It's only dangerous if launched. The file itself just sitting on a drive is harmless and you only need it log enough to perform one scan to get the answer to your original question.  I thought the whole purpose of your questions were based on being able to identify that this malware was on your drive so you wouldn’t become infected.

Honestly, I have to say, based on all the questions you are asking, you don't have sufficient knowledge yet of basic anti-malware operations to be undertaking this level of investigation. 

If this is a well known malware in the wild, there is an extremely high probability that there is a signature in the ClamAV database already, and it may well not be in the form of a hash. IMHO, you need to trust that the professionals at Talos/ClamAV are on top of these things and better use your time and energies.

-Al-