Select Page

SANS tool

The clever folks at SANS have made public the beta version of a whitelist hash database that enables you to look up the MD5 or SHA1 hash of a file to see it has been checked as NOT malcode by a reliable authority. The tool is based on the “National Software Reference Library” from the National Institute of Standards and Technology (NIST). The NSRL database normally comes as a download or CD and isn’t as convenient as a web site lookup.

Among other uses, this could be pressed into service to check a file that might be part of a standard package or a system file that has been tagged as malicious by a malcode scanner if you suspect a false positive. Or, if you’re simply suspicious of a file that isn’t detected by your anti-malware scanner this could be a check.

You can also put in a file name to find its whitelisted MD5 hash.

Windows 7 files are not in the database as of this writing, according to Dr. Johannes Ullrich at SANS.

Tool here: http://isc.sans.org/tools/hashsearch.html

SANS description here.

Tom Kelchner


Fatal error: Uncaught wfWAFStorageFileException: Unable to save temporary file for atomic writing. in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php:34 Stack trace: #0 /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php(658): wfWAFStorageFile::atomicFilePutContents('/home/eckelberr...', '<?php exit('Acc...') #1 [internal function]: wfWAFStorageFile->saveConfig('livewaf') #2 {main} thrown in /home/eckelberry1966/public_html/sunbeltblog/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/file.php on line 34