New service - the Team Cymru Malware Hash Registry!

Steve Basford steveb_clamav at sanesecurity.com
Tue Oct 28 12:45:51 GMT 2008


> - The ClamAV signatures include a size field to avoid possible MD5
> collisions.

That's true...

I've got a small rogue.hdb database with I'm filling with rogue anti-virus
software hashes and current high-hitting rogues ( it's downloaded with the
new downloads scipts here: http://www.sanesecurity.co.uk/clamav/usage.htm
)

You can, of course create your own database:

Run ClamAV's sigtool in a directory of bad exe's or zips etc:

sigtool --md5 * > bad.hdb

Pop the bad.hdb into the ClamAV database directory, restart clamd and away
you go.

md5's will change... but may help with short term fixes ;)

Cheers and sorry for highjacking the list :)

Steve
Sanesecurity




More information about the MailScanner mailing list