If you have the hash value then it shouldn't be that difficult to find the actual file and check it as Joel mentioned.
In addition to the hash value you will need the file size to build a proper signature. To check if it is already in daily or main you will need to unpack them by running, for example, sigtool -u <PathTo-daily.cld>. Then open daily.hdb in a text editor and search for the hash. Sent from my iPad -Al- On May 5, 2019, at 20:43, Sunhux G <sun...@gmail.com> wrote: >> https://www.clamav.net/documents/file-hash-signatures > > Need to clarify further based on the example in above link: > so if I have the MD5 hash but not the malicious file itself, I'd add the MD5 > value into a line in test.hdb & then run > clamscan -d test.hdb / (ie scan for the MD5 in the entire server??) > > But what I need is to find out if the MD5 hash is already incorporated > in our ClamDB (or is there a way for to trace back past virus-db releases) > assuming I have not subscribed to one?? > > Sun _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
