[Clamav-devel] [clamav-users] Question about Heuristic Scanning and Signature Based Scanning
crazythinker91 at gmail.com
Wed May 10 06:41:10 EDT 2017
Yes, I have plans to rewrite it from scratch.. you willing to join me ?:)
On 9 May 2017 at 13:08, Al Varnell <alvarnell at mac.com> wrote:
> On Tue, May 09, 2017 at 12:29 AM, crazy thinker wrote:
> > Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now?
> I only know of one.
> All the other heuristic approaches use the primary scanner along with
> signatures designed to detect suspicious patterns in file names or coding.
> > what
> > are extensions of db files used by ClamAV Heurisitci Engine?
> As I told you on Friday...
> > There's a heuristics engine that uses data from the .pdb and .sfp
> sections of the database to detect messages from selected financial
> institutions that appear to be phishing attempts.
> > Can I
> > Increase Heuristic Scan Engine Count ?
> I suspect you would have to write your own.
> > On 9 May 2017 at 12:21, Al Varnell wrote:
> >> I already answered most of these questions before and after reading "My
> >> Understanding" which is totally wrong, it's obvious you have not read
> >> signature.pdf documentation closely enough to understand an of this.
> >> The way you have chosen to classify signatures is completely wrong,
> >> means the questions you've asked don't make any sense. All signatures in
> >> the database are static in that they only change when replaced by a more
> >> accurate signature. There is nothing dynamic about any of them.
> >> The signature based scanner uses both fixed and variable length
> >> As I told you before, the heuristics based scanner only checks a limited
> >> list of financial institutions for phishing attempts. That only
> >> a tiny fraction of what could be considered behavior based malware
> >> detection. And the database is used to define what financial
> >> are included as well as the ability to whitelist certain behaviors that
> >> known to not be a threat.
> >> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote:
> >>> Hi ClamAV Developers,Users
> >>> As per My Understnading , Virus Signatures are Classified into two
> >>> 1.Static Virus Signatures(short/fixed length virus signatures)
> >>> 2.Dynamic Virus Signatures(long length Signatures with Regular
> >> Expression)
> >>> So I guess, ClamAV performing both Signature Based Scanning and
> >> Heuristic
> >>> Based Scanning for Malware Detection Process
> >>> Please find below questions that in my mind
> >>> 1.Does Signature Based Scanner uses only Static Signatures (not
> >>> Signatures) ?
> >>> 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware
> >>> Detection?
> >>> 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic
> >>> Scanner needs Virus Database?
> >>> 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning
> >>> Approach and Excluding Signature Based Scanning Approach?
> >>> I would like to get help/suggestions from you guys...
> >>> Kindly waiting for your reply!!!!
> >>> Thanks,
> >>> Crazy Thinker, Inc
> clamav-users mailing list
> clamav-users at lists.clamav.net
> Help us build a comprehensive ClamAV guide:
More information about the clamav-devel