[Clamav-devel] [clamav-users] Question about Heuristic Scanning and Signature Based Scanning

crazy thinker crazythinker91 at gmail.com
Tue May 9 03:29:18 EDT 2017


Thanks for Reply.  How many Heuristic  Scan Engines ClamAV using Now? what
are extensions of db files used by ClamAV  Heurisitci Engine? Can I
Increase Heuristic Scan Engine  Count ?

On 9 May 2017 at 12:21, Al Varnell <alvarnell at mac.com> wrote:

> I already answered most of these questions before and after reading "My
> Understanding" which is totally wrong, it's obvious you have not read the
> signature.pdf documentation closely enough to understand an of this.
>
> The way you have chosen to classify signatures is completely wrong, which
> means the questions you've asked don't make any sense. All signatures in
> the database are static in that they only change when replaced by a more
> accurate signature. There is nothing dynamic about any of them.
>
> The signature based scanner uses both fixed and variable length signatures.
>
> As I told you before, the heuristics based scanner only checks a limited
> list of financial institutions for phishing attempts. That only represents
> a tiny fraction of what could be considered behavior based malware
> detection. And the database is used to define what financial institutions
> are included as well as the ability to whitelist certain behaviors that are
> known to not be a threat.
>
> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote:
> >
> > Hi ClamAV Developers,Users
> >
> > As per My Understnading , Virus Signatures are Classified into two types
> >
> > 1.Static Virus Signatures(short/fixed  length virus signatures)
> > 2.Dynamic Virus Signatures(long length Signatures with Regular
> Expression)
> >
> > So  I guess, ClamAV performing both Signature Based Scanning and
> Heuristic
> > Based Scanning for Malware Detection Process
> >
> > Please find below questions that in my mind
> >
> > 1.Does Signature Based Scanner uses  only  Static Signatures (not Dynamic
> > Signatures)  ?
> > 2.Does  Heuristic Scanner uses only Dynamic Signatures for Malware
> > Detection?
> > 3. If Herusitc Scanner uses Behaviour Based Approach, why  Heuristic
> > Scanner needs Virus Database?
> > 4.To implement   Efficient AV Scanner, Can I go with Heuristic Scanning
> > Approach and Excluding Signature Based Scanning Approach?
> >
> > I would like to get help/suggestions from you guys...
> >
> >
> > Kindly waiting for your reply!!!!
> >
> >
> > Thanks,
> > Crazy Thinker, Inc
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-devel mailing list