Anyone has a MD5 Virus DataBase?

[therehere3]

Hello, If anyone has a MD5 database of md5 virus signatures can you please give me it? It would be veerryy appreciated

[Joacim Andersson]

Moved to the General PC forum

[therehere3]

ok ty, i couldt find this section:/

[Nightwalker83]

Not sure if the Clam database is what you're after?

Edit:

I just found this on you tube.

[therehere3]

on the youtube video his link to donwload it is broken:/ Soo i cant get all his MD5 virus signatures

But where is Clam's MD5 virus signatures database? I see main,daily,bytecode,and safebrowsing .cvd files buutt idk how to open .cvd files and idk if even those are the right things:/

[Nightwalker83]

If you download the VB10 project link to on the above video and unzip it there is a text file called "viruslist.txt" located in the "Debug" directory of the "Bin" folder. I don't know if that is what you are looking for?

[therehere3]

You my friend are absoluetly amazing Do you think you can help me with a "Scan whole Computer" button? Becuase atm, i only have it 'open a file' and then 'scan file'? You dont have to help me if u dnt wana or dont hav time.

[Nightwalker83]

If you are able to download the VB10 project that should have everything you are looking for.

Edit:

If you need help with the coding I suggest starting a new thread in the VB6 section and just link back to this thread since "General PC" is not the place to ask coding questions.

[Justa Lol]

may sound like a stupid question, but why use md5 of the file to find viruses? there are only 32^16 (approximately 1208925819614629174706176) possible md5 checksums, and there are close to infinite (well a lot of) possible codes.. so some programs might collide with the checksums of the virus? or am i totally wrong on the subject?

[DTeCH]

may sound like a stupid question, but why use md5 of the file to find viruses? there are only 32^16 (approximately 1208925819614629174706176) possible md5 checksums, and there are close to infinite (well a lot of) possible codes.. so some programs might collide with the checksums of the virus? or am i totally wrong on the subject?

MD5 is fine... CRC, or some other hashing thingy can be used as well, but the hashing limit (unique hashes) of MD5 is very very high, & not achievable by any human means for centuries to come. lol

1.2+ Septillion (1,200,000,000,000,000,000,000,000) there isn't even that many strands of hair on the planet - be it from man, or beast, or even combined, & quadrupled.
Would be nice if my cheque book had this feature...

However, it has since been shown that MD5 is not collision resistant, & 2 or more different files CAN share the SAME MD5 hash value.

I think the best way to get signatures via hashes is to run a free public virus scanning site, & have multiple scanning engines return their results (to the page) of the file submitted for scanning,
& save it's first "detected as" name, file size, MD5, Sha-1, & SHA-2 Hashes. I'd advise you to use SHA-2. I think you'll have to manually choose a name for each new file detection
hash signature in your list... something like Worm.crappy-File.6, or BAT.crappy-File.19, because this is the only way to generate an official database of MILLIONS of hash sigs, & will
cause accusations to start flying around about stealing (hacking/decoding) definition data files from some of the well known AV companies out there when you use your new signatures in a
new product you create - that returns some other company's virus names.

You can name them after the first result name returned by the scanners, or just make them up. Who cares, but they should be similar to what the threat actually is...
like worm, bat, info-stealer, hacktool, pdf.exploit or whatever.

If you want to go legit, this is the way to get there FAST.





ps: This is an old post, but Google doesn't care about that

[Justa Lol]

MD5 is fine... CRC, or some other hashing thingy can be used as well, but the hashing limit (unique hashes) of MD5 is very very high, & not achievable by any human means for centuries to come. lol

1.2+ Septillion (1,200,000,000,000,000,000,000,000) there isn't even that many strands of hair on the planet - be it from man, or beast, or even combined, & quadrupled.
Would be nice if my cheque book had this feature...

However, it has since been shown that MD5 is not collision resistant, & 2 or more different files CAN share the SAME MD5 hash value.

I think the best way to get signatures via hashes is to run a free public virus scanning site, & have multiple scanning engines return their results (to the page) of the file submitted for scanning,
& save it's first "detected as" name, file size, MD5, Sha-1, & SHA-2 Hashes. I'd advise you to use SHA-2. I think you'll have to manually choose a name for each new file detection
hash signature in your list... something like Worm.crappy-File.6, or BAT.crappy-File.19, because this is the only way to generate an official database of MILLIONS of hash sigs, & will
cause accusations to start flying around about stealing (hacking/decoding) definition data files from some of the well known AV companies out there when you use your new signatures in a
new product you create - that returns some other company's virus names.

You can name them after the first result name returned by the scanners, or just make them up. Who cares, but they should be similar to what the threat actually is...
like worm, bat, info-stealer, hacktool, pdf.exploit or whatever.

If you want to go legit, this is the way to get there FAST.





ps: This is an old post, but Google doesn't care about that

Welcome to the forums! I'm glad you took your time to register and answer my post this answers my question, in very good detail. thank you.

[tr333]

Maybe there's a way to get the list used by VirusTotal?

[Nightwalker83]

@tr333,

Emailed them about it waiting for a response.

Edit:

Here is the response I received!

Hello,

This is not something that we make available.

Regards.