Mailing List Archive

Re: [clamav-users] Question about .cvd files
1. bytecode.cvd contains AV signatures written in our bytecode language. This allows us to have very advanced processing of files for detection.
2. Malware may not be specific to one OS. Or malware may be copied from OS to OS.
3. I don’t think you’d wan to do this, based upon what I just said in #2.


--
Joel Esler | Talos: Manager | jesler@cisco.com<mailto:jesler@cisco.com>






On Apr 12, 2017, at 12:13 PM, crazy thinker <crazythinker91@gmail.com<mailto:crazythinker91@gmail.com>> wrote:

Hi ClamAV Developer, users

I have below Questions on ClamAV Virus Database

1.what information bytecode.cvd contatins? and how it is useful in malware
detection?

2.Why not ClamAV release virus databse in terms of platform specific like
Windows,Linux,Mac OS X,Androind,BSD etc? is there any logic behind this?

3.How to separate malware signatures based on target operating system
to optimize database size?

Could Anyone of you please help me in this.....
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net<mailto:clamav-users@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Question about .cvd files [ In reply to ]
Hi All,

I would like to install ClamAV for Windows Desktop Operating System. I know
that ClamAV Official Database (.cvd files) contains all kinds of malware in
terms of platform specific (Linux,UNIX,Unix Like) in single
file(s)(daily.cvd ,main.cvd) and i heard that unix malware can't effect
windows machine or vice versa. so i would like to separate the windows
malware signatures from ClamAV Official database and add them in custom
virus database to optimize the virus database size and to improve windows
malware detetcion faster.

if my thouhgts and understanding is wrong, please correct me

Any help and suggestions would be appreciated on this





On 13 April 2017 at 05:52, Dennis Peterson <dennispe@inetnw.com> wrote:

> The ClamAV product is designed to be used for real time detection with
> mail transport agents and to respond on detection. These mail transport
> agents are capable of delivering malware that will run on any architecture.
> In a perfect world everyone that runs an MTA would test outbound mail for
> malware and block before sending. But that doesn't happen and so we use
> ClamAV for inbound mail for self-protection. Since email service providers
> cannot predict what architecture their users are using they use tools that
> try to protect every architecture and the signatures provide that support.
>
> dp
>
>
> On 4/12/17 9:13 AM, crazy thinker wrote:
>
>> Hi ClamAV Developer, users
>>
>> I have below Questions on ClamAV Virus Database
>>
>> 1.what information bytecode.cvd contatins? and how it is useful in
>> malware
>> detection?
>>
>> 2.Why not ClamAV release virus databse in terms of platform specific like
>> Windows,Linux,Mac OS X,Androind,BSD etc? is there any logic behind this?
>>
>> 3.How to separate malware signatures based on target operating system
>> to optimize database size?
>>
>> Could Anyone of you please help me in this.....
>> _______________________________________________
>> clamav-users mailing list
>> clamav-users@lists.clamav.net
>> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>>
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Question about .cvd files [ In reply to ]
On 13/04/2017 15:56, crazy thinker wrote:
> Hi All,
>
> I would like to install ClamAV for Windows Desktop Operating System. I know
> that ClamAV Official Database (.cvd files) contains all kinds of malware in
> terms of platform specific (Linux,UNIX,Unix Like) in single
> file(s)(daily.cvd ,main.cvd) and i heard that unix malware can't effect
> windows machine or vice versa. so i would like to separate the windows
> malware signatures from ClamAV Official database and add them in custom
> virus database to optimize the virus database size and to improve windows
> malware detetcion faster.
>
> if my thouhgts and understanding is wrong, please correct me
>
> Any help and suggestions would be appreciated on this
>
You are wrong to want to do this.

Consider the following scenario:
=========================================================================
A file, which is infected with a Y-system-specific virus, arrives on
your machine, and passes all the checks because you have removed its
fingerprints from the scanner.

You then copy that file onto a USB stick and give it to a friend who
runs a Y-system, and they put it in their machine...

Shortly after this, their bank-account is drained, their identity is
stolen, and it is your fault.
=========================================================================

We scan files for any and all sorts of virii, because we don't know
where the files may end up.

Cheers.
Gary B-)
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Question about .cvd files [ In reply to ]
if Y System have AV, Virus Could have been caught :P

@Gary

Anyhow All anti-virus vendors following same statergry just like keeping
all kinds of malware(Linux,unix,unix like os) in single virus database
filr.. any idea on this?

On 13 April 2017 at 11:43, Gary R. Schmidt <grschmidt@acm.org> wrote:

> On 13/04/2017 15:56, crazy thinker wrote:
>
>> Hi All,
>>
>> I would like to install ClamAV for Windows Desktop Operating System. I
>> know
>> that ClamAV Official Database (.cvd files) contains all kinds of malware
>> in
>> terms of platform specific (Linux,UNIX,Unix Like) in single
>> file(s)(daily.cvd ,main.cvd) and i heard that unix malware can't effect
>> windows machine or vice versa. so i would like to separate the windows
>> malware signatures from ClamAV Official database and add them in custom
>> virus database to optimize the virus database size and to improve windows
>> malware detetcion faster.
>>
>> if my thouhgts and understanding is wrong, please correct me
>>
>> Any help and suggestions would be appreciated on this
>>
>> You are wrong to want to do this.
>
> Consider the following scenario:
> =========================================================================
> A file, which is infected with a Y-system-specific virus, arrives on your
> machine, and passes all the checks because you have removed its
> fingerprints from the scanner.
>
> You then copy that file onto a USB stick and give it to a friend who runs
> a Y-system, and they put it in their machine...
>
> Shortly after this, their bank-account is drained, their identity is
> stolen, and it is your fault.
> =========================================================================
>
> We scan files for any and all sorts of virii, because we don't know where
> the files may end up.
>
> Cheers.
> Gary B-)
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml