Bug#469063: md5deep cannot be replaced with shell script

To: 469063@bugs.debian.org
Subject: Bug#469063: md5deep cannot be replaced with shell script
From: Jesse Kornblum <jessek@speakeasy.net>
Date: Mon, 17 Mar 2008 18:01:27 -0400
Message-id: <[🔎] D012D229-9900-47FB-9E84-8130CD231EC0@speakeasy.net>
Reply-to: Jesse Kornblum <jessek@speakeasy.net>, 469063@bugs.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello,

You are mistaken that md5deep can be replaced by just a line of shellscript. The program not only able to compute hashes, but do bothpositive and negative matching on previously generated hash sets. Forexample:


1. Recursively hash the /usr directory:

$ md5deep -r /usr > known.txt


2. Search for any matches to a set of known files:

$ md5deep -r research/malware-samples/* > known.txt
$ md5deep -wm known.txt -r /usr
/usr/bin/.../ls matched /home/user/research/malware-samples/rootkit2

3. Search for any files that *don't* match a known file in the set ofhashes:


$ md5deep -r /usr > known.txt

[time passes]

$ md5deep -rx known.txt /usr
/usr/bin/.../ls


and so on.

- --
Jesse


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkfe6jgACgkQhEY+SDzUBL1GBwCgvWsYkCDgKCJhgbAAzsMnTUVk
+l4AoIj9z+XlM32ZLtfpQo/9O5a32obh
=8+PY
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#471414: ITP: aptfs -- FUSE filesystem for APT source repositories
Next by Date: Bug#470795: RFH: apache2 - Co-maintainer wanted
Previous by thread: Bug#471414: ITP: aptfs -- FUSE filesystem for APT source repositories
Next by thread: Bug#434392: O: nikto: web server security scanner
Index(es):
- Date
- Thread