ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Who updates the db?
todd


Joined: 03 Aug 2006
Posts: 4
Reply with quote
I have long been curious about "anti-virus" programs and hope I can
ask some simple questions here. Is this the place?

Who updates the db?

Where does the data originate?

That sounds boring, so what is their long term incentive?

Thanks!
View user's profileSend private message
Re: Who updates the db?
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
todd wrote:
I have long been curious about "anti-virus" programs and hope I can
ask some simple questions here. Is this the place?


Who updates the db?
Where does the data originate?


It is a community project so users like you submit the virus samples to clamav database team (http://www.clamav.net), they review the submission and add it to the database.

Quote:

That sounds boring, so what is their long term incentive?


Actually it doesn't sound boring.
View user's profileSend private message
Boring?
GuitarBob


Joined: 09 Jul 2006
Posts: 4362
Location: USA
Reply with quote
Computers can help mankind to move forward in a logical manner. Anything that impedes that progress is worth changing/removing. Computer viruses certainly are an impediment to better use of computers, and anyone who works to prevent them certainly has my respect. In addition, the Clam/ClamWin projects are conducted on a voluntary basis, which I think deserves even more respect.

Regards,
View user's profileSend private message
Re: Who updates the db?
todd


Joined: 03 Aug 2006
Posts: 4
Reply with quote
alch wrote:
todd wrote:
I have long been curious about "anti-virus" programs and hope I can
ask some simple questions here. Is this the place?

Who updates the db?
Where does the data originate?


It is a community project so users like you submit the virus samples to clamav database team (http://www.clamav.net), they review the submission and add it to the database.

What specifically does one submit? A virus file, or just a file name? I am trying to understand what/how an "anti-virus" program works.

Thanks!

Quote:

Quote:

That sounds boring, so what is their long term incentive?


Actually it doesn't sound boring.

I don't see that yet.
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
The community submits a virus file (a file that is not recognised as a virus by clam, but definitely is). Then the Clam definition writes find a way to recognise that file by creating a "signature": a part of the code that is specific to that virus.
The signature is then added to the definition database (with some extra data like virus-name etcetera), so clam will recognise the virus in the future.

It's a challenging job to create a signature that only recognises that particular virus, without generating false positives. I guess that's what makes it interesting (though i haven't reached that level of expertise at this moment, so i couldn't tell).
View user's profileSend private message
Virus Signatures
GuitarBob


Joined: 09 Jul 2006
Posts: 4362
Location: USA
Reply with quote
A virus signatures is unique to an individual virus, and I realize that is a sure-fire way to identify a computer virus, but just like you can say the same thing many ways, many viruses can perform the same actions, but their code can be different. Why can't we learn to idendify the actions and not have to rely so much on signatures?

It appears to me that computer viruses all act in fairly similar manners. They may:

Change system files
Gather passwords, email addresses, and other information from the host computer
Send information to other computers
Receive instructions from other computers
Change other progrmas/files on the host computer
Perform malicious actions to the host computer
Insert themselves in the system
Attempt to hide/protect themselves
Attempt to destroy antivirus software on the host computer

I may have left out something, but the point is that most (if not all) computer viruses perform a limited number of actions. Why can't we target the actions and not devote as much effort to their signatures?

Regards,
View user's profileSend private message
lwc


Joined: 17 Apr 2006
Posts: 69
Reply with quote
Which is why you should also use a good firewall.

I use the scanner just to scan files I download online. For the rest of the time I use:

Quote:
Receive instructions from other computers
Insert themselves in the system

=> XP SP2's inbound firewall.

Quote:
Gather passwords, email addresses, and other information from the host computer
Send information to other computers

=> An outgoing firewall (I use the freeware Winpooch).

Quote:
Perform malicious actions to the host computer

=> Registry's "run" keys' protector (I use the freeware Winpooch).
Nothing can register itself to run in the startup without me knowing.
To also check other startup method but the registry, I frequently run one of those program that sums up the items in my startup and lets me delete unwanted ones (I use the freeware http://www.mlin.net/StartupCPL.shtml Startup Control Panel . They also offer http://www.mlin.net/StartupMonitor.shtml StartupMonitor that sits in the background and asks your approval whenever a program tries to add itself to the startup - any of the startup methods).

Quote:
Change system files

=> If it's XP's own files, it protects them, you know.

Quote:
Change other progrmas/files on the host computer
Attempt to hide/protect themselves

=> I don't see how you could protect against that unless you'd use one of those file checkers that check the most basic internals of your system, which I think is too much. I don't like programs - even the good ones - to bury themselves so deep in the heart of my computer.

Quote:
Attempt to destroy antivirus software on the host computer

=> I have no direct solution to that...
View user's profileSend private message
Who updates the db?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic