If the tarball doesn't match the MD5 hash then it's likely that a file within the tarball matches the malicious MD5. ClamAV looks at all the files within tarballs and zip files individually as well as the tarball as a whole.
--Maarten On Wed, Jul 12, 2017 at 8:44 AM, Srinivasreddy R < srinivasreddy4...@gmail.com> wrote: > Hi All, > > I have converted main.cvd to md5 hash database. > > I have downloaded a file : wget > http://old.honeynet.org/scans/scan19/scan19.tar.gz > and when i scan with clamscan it is detecting threat in the tar file . > > I am not able to find md5 hash of the tar file downloaded in md5 hash > database created from main.cvd . > > I am assuming clamAV hash DB should contain md5 hash of the threat file . > Please give me some inputs . > > Below are the steps to create hash DB: > ----------------------------------------------------- > > # download clamav database files > wget http://database.clamav.net/main.cvd > > # extract the databases > sigtool --unpack main.cvd > > # extract md5 hash only to blacklist_md5 > cat main.hdb >> clamav_md5 > cut -d':' -f1 clamav_md5 > blacklist_md5 > > thanks > srinivas > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
