Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Al Varnell via clamav-users
On May 5, 2019, at 23:24, Sunhux G via clamav-users wrote: > Where can I download a copy of sigtool (that's pre-compiled) for > Solaris 10 and RHEL7? Was combing clamav site but can't locate it. > Appreciate a full URL to download it. It's built into your ClamAV installation in clamav/bin. >

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Sunhux G via clamav-users
Thanks. Where can I download a copy of sigtool (that's pre-compiled) for Solaris 10 and RHEL7? Was combing clamav site but can't locate it. Appreciate a full URL to download it. As for actual file, it's too dangerous as they're ransomware/malware, so wouldn't want to get a copy of it. Sun On

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Al Varnell via clamav-users
If you have the hash value then it shouldn't be that difficult to find the actual file and check it as Joel mentioned. In addition to the hash value you will need the file size to build a proper signature. To check if it is already in daily or main you will need to unpack them by running, for

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Sunhux G via clamav-users
> https://www.clamav.net/documents/file-hash-signatures Need to clarify further based on the example in above link: so if I have the MD5 hash but not the malicious file itself, I'd add the MD5 value into a line in test.hdb & then run clamscan -d test.hdb /(ie scan for the MD5 in the entire

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Al Varnell via clamav-users
> On Sun, May 05, 2019 at 04:39 PM, Sunhux G via clamav-users wrote: > how can I add their hashes into my Clam DB (running > on Solaris 10)?? -Al- -- Al Varnell Mountain View, CA

Re: [clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Joel Esler (jesler) via clamav-users
Run clamscan against the file? Or if you want to see what is published each release, you should subscribe to the clamav-virusdb list. Sent from my  iPad > On May 5, 2019, at 19:40, Sunhux G via clamav-users > wrote: > > Hi > > How can I check if a a specific malware (by providing a name/h

[clamav-users] how to verify if a malware signature is in DB & adding hash

2019-05-05 Thread Sunhux G via clamav-users
Hi How can I check if a a specific malware (by providing a name/hash) has been included in the current version of Clam DB & when it's added? In particular, I'm looking at: the ransomware, dubbed “Sodinokibi” & the botnet dubbed “Muhstik”. If they are not in, how can I add their hashes into my C