Yes, you can use either the Body.HashSHA1 property to calculate SHA1 for current file, or the Body.Hash property and specify which hash you want to obtain. First method is better from performance point of view if this property will be used several times on the same file, as result will be better cached
On Antimalware.IsInfected, I like to calculate these and log them:
Set User-Defined.Antimalware.MD5 = Body.Hash ("md5")
Set User-Defined.Antimalware.SHA1 = Body.HashSHA1
And just for fun, put them on a block page with a link to VirusTotal:
I can not get calculated value from function Body.Hash ("md5"). It returns empty value.
The function Body.HashSHA1 works ok and returns correct value for eicar.com.txt file.
My MWG is version 18.104.22.168.
Can anyone confirm the Body.Hash ("md5") return any value on current main release ?
I also tried several Body.Hash ("sha1"), Body.Hash ("sha256") variants. No value to return...
Hope you are doing well.
Did a quick test here and created a rule with Body.Hash(md5) and downloaded an eicar file.
The property shows a value and does not return an empty value.