[Clamav-devel] [clamav-users] Question about Heuristic Scanning and Signature Based Scanning
crazythinker91 at gmail.com
Tue May 9 03:29:18 EDT 2017
Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now? what
are extensions of db files used by ClamAV Heurisitci Engine? Can I
Increase Heuristic Scan Engine Count ?
On 9 May 2017 at 12:21, Al Varnell <alvarnell at mac.com> wrote:
> I already answered most of these questions before and after reading "My
> Understanding" which is totally wrong, it's obvious you have not read the
> signature.pdf documentation closely enough to understand an of this.
> The way you have chosen to classify signatures is completely wrong, which
> means the questions you've asked don't make any sense. All signatures in
> the database are static in that they only change when replaced by a more
> accurate signature. There is nothing dynamic about any of them.
> The signature based scanner uses both fixed and variable length signatures.
> As I told you before, the heuristics based scanner only checks a limited
> list of financial institutions for phishing attempts. That only represents
> a tiny fraction of what could be considered behavior based malware
> detection. And the database is used to define what financial institutions
> are included as well as the ability to whitelist certain behaviors that are
> known to not be a threat.
> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote:
> > Hi ClamAV Developers,Users
> > As per My Understnading , Virus Signatures are Classified into two types
> > 1.Static Virus Signatures(short/fixed length virus signatures)
> > 2.Dynamic Virus Signatures(long length Signatures with Regular
> > So I guess, ClamAV performing both Signature Based Scanning and
> > Based Scanning for Malware Detection Process
> > Please find below questions that in my mind
> > 1.Does Signature Based Scanner uses only Static Signatures (not Dynamic
> > Signatures) ?
> > 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware
> > Detection?
> > 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic
> > Scanner needs Virus Database?
> > 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning
> > Approach and Excluding Signature Based Scanning Approach?
> > I would like to get help/suggestions from you guys...
> > Kindly waiting for your reply!!!!
> > Thanks,
> > Crazy Thinker, Inc
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> > http://www.clamav.net/contact.html#ml
> Al Varnell
> Mountain View, CA
> clamav-users mailing list
> clamav-users at lists.clamav.net
> Help us build a comprehensive ClamAV guide:
More information about the clamav-devel