Thanks. Where can I download a copy of sigtool (that's pre-compiled) for Solaris 10 and RHEL7? Was combing clamav site but can't locate it. Appreciate a full URL to download it.
As for actual file, it's too dangerous as they're ransomware/malware, so wouldn't want to get a copy of it. Sun On 5/6/19, Al Varnell via clamav-users <clamav-users@lists.clamav.net> wrote: > If you have the hash value then it shouldn't be that difficult to find the > actual file and check it as Joel mentioned. > > In addition to the hash value you will need the file size to build a proper > signature. > > To check if it is already in daily or main you will need to unpack them by > running, for example, sigtool -u <PathTo-daily.cld>. Then open daily.hdb in > a text editor and search for the hash. > > Sent from my iPad > > -Al- > > On May 5, 2019, at 20:43, Sunhux G <sun...@gmail.com> wrote: > >>> https://www.clamav.net/documents/file-hash-signatures >> >> Need to clarify further based on the example in above link: >> so if I have the MD5 hash but not the malicious file itself, I'd add the >> MD5 >> value into a line in test.hdb & then run >> clamscan -d test.hdb / (ie scan for the MD5 in the entire server??) >> >> But what I need is to find out if the MD5 hash is already incorporated >> in our ClamDB (or is there a way for to trace back past virus-db >> releases) >> assuming I have not subscribed to one?? >> >> Sun > > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
