Ability to ignore file size
Hi,
It would be nice if the file size could be ignored from the -k file format.
This would enable a use case like the following: find any files matching hashes in the -k file in a directory.
hashdeep -k hashes -c md5 -a -r samples/*
Where hashes is:
%%%% HASHDEEP-1.0
%%%% size,md5,filename
0,a6b2ce1cc02c902ba6374210faf786a3,a
0,83b383884405190683d748f4a95f48d4,b
0,62fc46151cfe1e57a8fa00065bde57b0,c
Useful to look for specific malware samples in a directory full of them. This community exchanges hashes not file sizes.
Thanks!
How about just ignoring file size if it is 0?
On Tue, Apr 7, 2015 at 9:52 AM, Olivier Bilodeau [email protected] wrote:
Hi,
It would be nice if the file size could be ignored from the -k file format.
This would enable a use case like the following: find any files matching hashes in the -k file in a directory.
hashdeep -k hashes -c md5 -a -r samples/*
Where hashes is:
%%%% HASHDEEP-1.0 %%%% size,md5,filename 0,a6b2ce1cc02c902ba6374210faf786a3,a 0,83b383884405190683d748f4a95f48d4,b 0,62fc46151cfe1e57a8fa00065bde57b0,c
Useful to look for specific malware samples in a directory full of them. This community exchanges hashes not file sizes.
Thanks!
— Reply to this email directly or view it on GitHub https://github.com/jessek/hashdeep/issues/330.
That sounds fair.
Right now I get "hash collision with
Sounds great. Go ahead and submit a pull request when you have it working.
On Tue, Apr 7, 2015 at 10:09 AM, Olivier Bilodeau [email protected] wrote:
That sounds fair.
Right now I get "hash collision with " whenever a file's hash matches. If with size 0 this would turn into a match it would be great yes.
— Reply to this email directly or view it on GitHub https://github.com/jessek/hashdeep/issues/330#issuecomment-90574406.