Hi Maarte, Thank you for the reply . I have extracted the tar file ,checked for md5 hash of the infected file in the hash DB but its not present .
clamscan -i ./ ./newdat3.log: Win.Exploit.Shellcode-2 FOUND ./malware.zip: Eicar-Test-Signature FOUND ./scan19.tar.gz: Win.Exploit.Shellcode-2 FOUND ----------- SCAN SUMMARY ----------- Known viruses: 6300275 Engine version: 0.99.2 Scanned directories: 1 Scanned files: 6 Infected files: 3 Data scanned: 10.04 MB Data read: 8.23 MB (ratio 1.22:1) Time: 8.070 sec (0 m 8 s) #md5sum ./newdat3.log 38e85119953076c904fd2105dfcb6cdb ./newdat3.log #grep -irn "38e85119953076c904fd2105dfcb6cdb" ./blacklist_md5 no output . Am i missing something . thanks srinivas On Wed, Jul 12, 2017 at 6:30 PM, Maarten Broekman < maarten.broek...@gmail.com> wrote: > Sorry for the double reply... > > You can also use sigtool --find-sigs to find the signature that it's > reporting and isolate it. > > On Wed, Jul 12, 2017 at 8:59 AM, Maarten Broekman < > maarten.broek...@gmail.com> wrote: > > > If the tarball doesn't match the MD5 hash then it's likely that a file > > within the tarball matches the malicious MD5. ClamAV looks at all the > files > > within tarballs and zip files individually as well as the tarball as a > > whole. > > > > --Maarten > > > > On Wed, Jul 12, 2017 at 8:44 AM, Srinivasreddy R < > > srinivasreddy4...@gmail.com> wrote: > > > >> Hi All, > >> > >> I have converted main.cvd to md5 hash database. > >> > >> I have downloaded a file : wget > >> http://old.honeynet.org/scans/scan19/scan19.tar.gz > >> and when i scan with clamscan it is detecting threat in the tar file . > >> > >> I am not able to find md5 hash of the tar file downloaded in md5 hash > >> database created from main.cvd . > >> > >> I am assuming clamAV hash DB should contain md5 hash of the threat file > . > >> Please give me some inputs . > >> > >> Below are the steps to create hash DB: > >> ----------------------------------------------------- > >> > >> # download clamav database files > >> wget http://database.clamav.net/main.cvd > >> > >> # extract the databases > >> sigtool --unpack main.cvd > >> > >> # extract md5 hash only to blacklist_md5 > >> cat main.hdb >> clamav_md5 > >> cut -d':' -f1 clamav_md5 > blacklist_md5 > >> > >> thanks > >> srinivas > >> _______________________________________________ > >> clamav-users mailing list > >> clamav-users@lists.clamav.net > >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > >> > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > > > > > _______________________________________________ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
