Sorry for the double reply... You can also use sigtool --find-sigs to find the signature that it's reporting and isolate it.
On Wed, Jul 12, 2017 at 8:59 AM, Maarten Broekman < maarten.broek...@gmail.com> wrote: > If the tarball doesn't match the MD5 hash then it's likely that a file > within the tarball matches the malicious MD5. ClamAV looks at all the files > within tarballs and zip files individually as well as the tarball as a > whole. > > --Maarten > > On Wed, Jul 12, 2017 at 8:44 AM, Srinivasreddy R < > srinivasreddy4...@gmail.com> wrote: > >> Hi All, >> >> I have converted main.cvd to md5 hash database. >> >> I have downloaded a file : wget >> http://old.honeynet.org/scans/scan19/scan19.tar.gz >> and when i scan with clamscan it is detecting threat in the tar file . >> >> I am not able to find md5 hash of the tar file downloaded in md5 hash >> database created from main.cvd . >> >> I am assuming clamAV hash DB should contain md5 hash of the threat file . >> Please give me some inputs . >> >> Below are the steps to create hash DB: >> ----------------------------------------------------- >> >> # download clamav database files >> wget http://database.clamav.net/main.cvd >> >> # extract the databases >> sigtool --unpack main.cvd >> >> # extract md5 hash only to blacklist_md5 >> cat main.hdb >> clamav_md5 >> cut -d':' -f1 clamav_md5 > blacklist_md5 >> >> thanks >> srinivas >> _______________________________________________ >> clamav-users mailing list >> clamav-users@lists.clamav.net >> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > > _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
