> Need to write an anti virus that uses the NIST NSRL database and operate > it > as a white list based AV. The db contains some 100 million hashes of known > good binary files. I tried to crowd fund to do this but no one was > interested.
Disclaimer: use at own risk, sold (for free) as seen/0 day warranty, do not use on production systems etc... Download this: https://www.dropbox.com/s/dixgff1oteisy0d/unique.7z It contains two files. sanewhitelist.fp: 577,808 whitelist NIST hashes (exe/gz/msi/com/cab only) sanestopexe.ndb : block exe only (need to add others) clamscan --database=sanestopexe.ndb --database=sanewhitelist.fp *.exe In order words: Sanesecurity.POC.EXEBLOCK will detect ALL EXE's unless it's in the sanewhitelist.fp database. Just a POC ;) Cheers, Steve Sanesecurity _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
