ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
What is the correct MD5 Hash of current?
Jef_uk


Joined: 01 Oct 2015
Posts: 6
Location: UK
Reply with quote
I cannot find it any ware and the UTM tripped when I downloaded this

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile - 09/29/15-08:43:06


Thanks[/img]
View user's profileSend private message
ROCKNROLLKID


Joined: 23 Sep 2013
Posts: 555
Location: **UNKNOWN**
Reply with quote
ClamAV/ClamWin should be able to support any MD5 and SHA hashes, as far as I know.

I am not sure what you are trying to ask, though, there is only 1 type of MD5 hash.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4134
Location: USA
Reply with quote
If you want the md5 hash of clamwin, scan the file (exe or whatever) on Virus Total and look at the detail.

As far as I know--based on information from 3 years ago, Clam AV (and therefore ClamWin) used the MD5 official hash although there was some support for SHA. I could get ClamWijn to detect a SHA signature hash but Clam's submission interface could not process the SHA signature. SHA is standard for most AVs, so Clam should support it by now. For me, MD5 is still okay the way Clam AV uses it--they pair the MD5 with file size, which is pretty secure.

Regards,
View user's profileSend private message
Jef_uk


Joined: 01 Oct 2015
Posts: 6
Location: UK
Reply with quote
Sorry I meant what is the check-sum so I can verify the download has not been tampered with?

As in its normally on the website somewhere please can some one tell me where as I could not locate it.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4134
Location: USA
Reply with quote
I don't recall ClamWin ever ousing a checksum. I suggest that you upload the install file to Virus Total and verify it that way.

Regards,
View user's profileSend private message
Jef_uk


Joined: 01 Oct 2015
Posts: 6
Location: UK
Reply with quote
Time to upload = (Size_of_file_in_MB*8_bits) / average_upload_Sync-Speed_in_Mega-bits-per-Second

It will only take an hour & 10 minutes if nothing goes wrong....

I don't understand why check-sums are not posted for every new build.

Debian do it for whole DVDs.
http://cdimage.debian.org/debian-cd/8.2.0/amd64/bt-dvd/SHA512SUMS
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4134
Location: USA
Reply with quote
You can't do it then. As for why no MD5 for ClamWin, I don't know. It is basically a massaged version of the Clam AV code. It only goes through the hands of the 2 developers, and is then beta tested for a couple of weeks--any significant problem would probably be found.

I guess you could send each executable as installed to Virus Total.

Regards,
View user's profileSend private message
Jef_uk


Joined: 01 Oct 2015
Posts: 6
Location: UK
Reply with quote
OK I'm going to assume that snort has detected a virus has been in been added in the setup file; and it is not a false positive; for the current version.

I strongly recommend no one uses it!
snort is tripping on 5.10.152.194
5.10.152.194 ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile - 10/03/15-22:06:07

It's sig 1:2009080 which is a candidate for false positive so I guess I now have to put it on a honey pot and find out what is packaged with it.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4134
Location: USA
Reply with quote
Source Forge has gone a bit more commercial the last couple of years. Perhaps they've allied with adware or another PUP.

Regards,
View user's profileSend private message
What is the correct MD5 Hash of current?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic