create clamav MD5 hash for autopsy

Being in the Need of doing offline hash matching, the below way will Show how to create an MD5 file with the MD5s from the clamav database.

Getting the source cvd's:

wget http://database.clamav.net/main.cvd
wget http://database.clamav.net/daily.cvd

sigtool --unpack main.cvd
sigtool --unpack daily.cvd

From the now available files copy extract the actual MD5 from the *.hdb (contaiing the Hashes of known malicious programs) into you new clamav-hash file for use in autopsy.

awk -F: '{print $1}' main.hdb >>clamav_md5.txt
awk -F: '{print $1}' daily.hdb >>clamav_md5.txt

Now Import the new hashset to autopsy and index it.

source: InfoSEC