Hi guys,

I dug a little bit in the mailing list and official documentation but didn't get to understand quite well how ClamAV heuristics work

So my questions are:

1. From what I understood, the .ldb are not the rules for heuristics right?
   
2. Is the heuristic scan only working for email protection? Is it running when I do a normal clamscan?
3. If heuristic rules are not the ones in .ldb files where are they? Can we see them like with the signature db's? With sigtool as well?