Mailing List Archive

VirusDB hashes and CVE
It would be very nice to see hashes and possible CVEs in
submissions in virusdb-mailinglist. Every submission should have at
least MD5-, SHA1-checksums and possible CVE listed. What do you think?

---
Henri Salo
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: VirusDB hashes and CVE [ In reply to ]
On 04/16/2010 07:15 PM, Henri Salo wrote:
> It would be very nice to see hashes and possible CVEs in
> submissions in virusdb-mailinglist. Every submission should have at
> least MD5-, SHA1-checksums

Of the databases?

The database itself contains the hash, and it is digitally signed.
The public key for that is embedded in clamav, and freshclam checks
those digital signatures.

You can run sigtool --info on a CVD and find out the MD5 hash, the
digital signature.
Also the newer databases contain sha256 hashes (in daily/main.info), and
their corresponding digital signatures.

> and possible CVE listed.

I'm not sure what you mean by this. Do you mean CVE references for
exploits we detect?

Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: VirusDB hashes and CVE [ In reply to ]
On Fri, 16 Apr 2010 19:18:23 +0300
Török Edwin <edwintorok@gmail.com> wrote:

> On 04/16/2010 07:15 PM, Henri Salo wrote:
> > It would be very nice to see hashes and possible CVEs in
> > submissions in virusdb-mailinglist. Every submission should have at
> > least MD5-, SHA1-checksums
>
> Of the databases?

Nope. Of the files submitted to virusdb and the hashes could be in for
example:
http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html

> I'm not sure what you mean by this. Do you mean CVE references for
> exploits we detect?

CVE-ID's of the submitted files IF CVE-ID is available.

> Best regards,
> --Edwin

---
Henri Salo
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: VirusDB hashes and CVE [ In reply to ]
On 04/16/2010 07:31 PM, Henri Salo wrote:
> On Fri, 16 Apr 2010 19:18:23 +0300
> Török Edwin<edwintorok@gmail.com> wrote:
>
>> On 04/16/2010 07:15 PM, Henri Salo wrote:
>>> It would be very nice to see hashes and possible CVEs in
>>> submissions in virusdb-mailinglist. Every submission should have at
>>> least MD5-, SHA1-checksums
>>
>> Of the databases?
>
> Nope. Of the files submitted to virusdb and the hashes could be in for
> example:
> http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html

Ah for the samples. That might be doable.
Please open an enhancement request on our bugzilla (component website
and other services).

>
>> I'm not sure what you mean by this. Do you mean CVE references for
>> exploits we detect?
>
> CVE-ID's of the submitted files IF CVE-ID is available.

I'm not sure if people mention CVE IDs, and it would be extra work for
sigmakers to lookup if there is a CVE associated.


Best regards,
--Edwin
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
Re: VirusDB hashes and CVE [ In reply to ]
On Fri, 16 Apr 2010 19:59:03 +0300
Török Edwin <edwin@clamav.net> wrote:

> On 04/16/2010 07:31 PM, Henri Salo wrote:
> > On Fri, 16 Apr 2010 19:18:23 +0300
> > Török Edwin<edwintorok@gmail.com> wrote:
> >
> >> On 04/16/2010 07:15 PM, Henri Salo wrote:
> >>> It would be very nice to see hashes and possible CVEs in
> >>> submissions in virusdb-mailinglist. Every submission should have
> >>> at least MD5-, SHA1-checksums
> >>
> >> Of the databases?
> >
> > Nope. Of the files submitted to virusdb and the hashes could be in
> > for example:
> > http://lurker.clamav.net/message/20090116.041716.f1c8d70e.en.html
>
> Ah for the samples. That might be doable.
> Please open an enhancement request on our bugzilla (component website
> and other services).

Done.

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1969


> >
> >> I'm not sure what you mean by this. Do you mean CVE references for
> >> exploits we detect?
> >
> > CVE-ID's of the submitted files IF CVE-ID is available.
>
> I'm not sure if people mention CVE IDs, and it would be extra work
> for sigmakers to lookup if there is a CVE associated.
>
>
> Best regards,
> --Edwin

---
Henri Salo
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net