On Tue, July 21, 2015 3:55 pm, Jörg Stephan wrote: > Hi there, > > > I guess you know that a team has released a tool to check for HackingTeam > files. The provided a test tool including the file hashes of the files. > > As I am seem to be "under"-skilled to create a database for this, I will > hand this over to you... maybe you can do better than I am. >
Hi Joerg, Ok, based on that Rook Security's (https://www.rooksecurity.com) hashes, here's a quick ClamAV database... perhaps you can test if you've got known samples... Database is called hackingteam.hsb Available for a little while from here... https://drive.google.com/file/d/0B1SVySdiVS8BbnBpdlkyZkFIV2M/view?usp=sharing clamscan --database=hackingteam.hsb If someone finds it's useful I'll add to the main Sanesecurity mirrors. Cheers, Steve Web : sanesecurity.com Blog: sanesecurity.blogspot.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
