Mailing List Archive

Re: [clamav-users] Question about Heuristic Scanning and Signature Based Scanning
Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now? what
are extensions of db files used by ClamAV Heurisitci Engine? Can I
Increase Heuristic Scan Engine Count ?

On 9 May 2017 at 12:21, Al Varnell <alvarnell@mac.com> wrote:

> I already answered most of these questions before and after reading "My
> Understanding" which is totally wrong, it's obvious you have not read the
> signature.pdf documentation closely enough to understand an of this.
>
> The way you have chosen to classify signatures is completely wrong, which
> means the questions you've asked don't make any sense. All signatures in
> the database are static in that they only change when replaced by a more
> accurate signature. There is nothing dynamic about any of them.
>
> The signature based scanner uses both fixed and variable length signatures.
>
> As I told you before, the heuristics based scanner only checks a limited
> list of financial institutions for phishing attempts. That only represents
> a tiny fraction of what could be considered behavior based malware
> detection. And the database is used to define what financial institutions
> are included as well as the ability to whitelist certain behaviors that are
> known to not be a threat.
>
> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote:
> >
> > Hi ClamAV Developers,Users
> >
> > As per My Understnading , Virus Signatures are Classified into two types
> >
> > 1.Static Virus Signatures(short/fixed length virus signatures)
> > 2.Dynamic Virus Signatures(long length Signatures with Regular
> Expression)
> >
> > So I guess, ClamAV performing both Signature Based Scanning and
> Heuristic
> > Based Scanning for Malware Detection Process
> >
> > Please find below questions that in my mind
> >
> > 1.Does Signature Based Scanner uses only Static Signatures (not Dynamic
> > Signatures) ?
> > 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware
> > Detection?
> > 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic
> > Scanner needs Virus Database?
> > 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning
> > Approach and Excluding Signature Based Scanning Approach?
> >
> > I would like to get help/suggestions from you guys...
> >
> >
> > Kindly waiting for your reply!!!!
> >
> >
> > Thanks,
> > Crazy Thinker, Inc
> > _______________________________________________
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> -Al-
> --
> Al Varnell
> Mountain View, CA
>
>
>
>
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Question about Heuristic Scanning and Signature Based Scanning [ In reply to ]
@AI Varnell
Yes, I have plans to rewrite it from scratch.. you willing to join me ?:)

On 9 May 2017 at 13:08, Al Varnell <alvarnell@mac.com> wrote:

> On Tue, May 09, 2017 at 12:29 AM, crazy thinker wrote:
> >
> > Thanks for Reply. How many Heuristic Scan Engines ClamAV using Now?
>
> I only know of one.
>
> All the other heuristic approaches use the primary scanner along with
> signatures designed to detect suspicious patterns in file names or coding.
>
> > what
> > are extensions of db files used by ClamAV Heurisitci Engine?
>
> As I told you on Friday...
> > There's a heuristics engine that uses data from the .pdb and .sfp
> sections of the database to detect messages from selected financial
> institutions that appear to be phishing attempts.
>
> > Can I
> > Increase Heuristic Scan Engine Count ?
>
> I suspect you would have to write your own.
>
> -Al-
>
> > On 9 May 2017 at 12:21, Al Varnell wrote:
> >
> >> I already answered most of these questions before and after reading "My
> >> Understanding" which is totally wrong, it's obvious you have not read
> the
> >> signature.pdf documentation closely enough to understand an of this.
> >>
> >> The way you have chosen to classify signatures is completely wrong,
> which
> >> means the questions you've asked don't make any sense. All signatures in
> >> the database are static in that they only change when replaced by a more
> >> accurate signature. There is nothing dynamic about any of them.
> >>
> >> The signature based scanner uses both fixed and variable length
> signatures.
> >>
> >> As I told you before, the heuristics based scanner only checks a limited
> >> list of financial institutions for phishing attempts. That only
> represents
> >> a tiny fraction of what could be considered behavior based malware
> >> detection. And the database is used to define what financial
> institutions
> >> are included as well as the ability to whitelist certain behaviors that
> are
> >> known to not be a threat.
> >>
> >> On Mon, May 08, 2017 at 10:49 PM, crazy thinker wrote:
> >>>
> >>> Hi ClamAV Developers,Users
> >>>
> >>> As per My Understnading , Virus Signatures are Classified into two
> types
> >>>
> >>> 1.Static Virus Signatures(short/fixed length virus signatures)
> >>> 2.Dynamic Virus Signatures(long length Signatures with Regular
> >> Expression)
> >>>
> >>> So I guess, ClamAV performing both Signature Based Scanning and
> >> Heuristic
> >>> Based Scanning for Malware Detection Process
> >>>
> >>> Please find below questions that in my mind
> >>>
> >>> 1.Does Signature Based Scanner uses only Static Signatures (not
> Dynamic
> >>> Signatures) ?
> >>> 2.Does Heuristic Scanner uses only Dynamic Signatures for Malware
> >>> Detection?
> >>> 3. If Herusitc Scanner uses Behaviour Based Approach, why Heuristic
> >>> Scanner needs Virus Database?
> >>> 4.To implement Efficient AV Scanner, Can I go with Heuristic Scanning
> >>> Approach and Excluding Signature Based Scanning Approach?
> >>>
> >>> I would like to get help/suggestions from you guys...
> >>>
> >>>
> >>> Kindly waiting for your reply!!!!
> >>>
> >>>
> >>> Thanks,
> >>> Crazy Thinker, Inc
>
> _______________________________________________
> clamav-users mailing list
> clamav-users@lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml