|
garl4
| Joined: 13 Apr 2017 |
| Posts: 0 |
|
|
|
 Posted: Thu Apr 13, 2017 2:23 am |
|
 |
 |
|
|
I would like to know if in the futur heuristic analysis would be used in ClamAV (or ClamWin) what would be the format of the database to find suspicious binaries ? or no one know and you will need to discuss about it ?
what is the format for other AV for their DB?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Thu Apr 13, 2017 4:17 am |
|
|
|
|
|
Clam AV has not/does not discuss database formats, but you can look at samples of the various signature formats yourself. Do some searching on the web for "clam AV signatures" or something like that.
In my opinion, over the years, Clam AV has not shown any desire to use heuristic signatures. It would rather use file hashes and unique file strings. Even their bytecode signatures are not based on true heuristics, and there are not very many of them--it has been a long time since I saw a bytecode signature detect some malware.
Each AV has a different format (unless it uses another AV's engine-many AVs use Bitdefender's engine now). They all use file hashes for some of their signatures--maybe the majority.
Regards,
|
|
|
|
lupacexi
| Joined: 12 Sep 2017 |
| Posts: 0 |
|
|
|
| Posted: Tue Sep 12, 2017 3:50 pm |
|
|
|
|
|
Thank you
|
|
|
