The clever folks at SANS have made public the beta version of a whitelist hash database that enables you to look up the MD5 or SHA1 hash of a file to see it has been checked as NOT malcode by a reliable authority. The tool is based on the “National Software Reference Library” from the National Institute of Standards and Technology (NIST). The NSRL database normally comes as a download or CD and isn’t as convenient as a web site lookup.
Among other uses, this could be pressed into service to check a file that might be part of a standard package or a system file that has been tagged as malicious by a malcode scanner if you suspect a false positive. Or, if you’re simply suspicious of a file that isn’t detected by your anti-malware scanner this could be a check.
You can also put in a file name to find its whitelisted MD5 hash.
Windows 7 files are not in the database as of this writing, according to Dr. Johannes Ullrich at SANS.
Tool here: http://isc.sans.org/tools/hashsearch.html
SANS description here.
Tom Kelchner